VeilOS — Preview of Privacy Preserving Application Engine

Following the discussion on how Zero-knowledge Proof (ZKP) can be used in the field of civic technologies (CivicTech) and specifically how it can be used by different NGOs to coordinate food distribution to the food insecured, I’ve embarked on creating a demo application to showcase how it can be done as part of my fellowship with RadicalXChange Foundation.

VeilOS is the result of a few weeks of work to achieve the following through a proof-of-concept implementation:

  1. Showcase the application of ZKP in the different use cases
  2. Uncover any technical & non-technical limitations to ZKP or privacy preserving applications
  3. Put a dent in the universe (academics & politicians I’m looking at you)

The application is currently incomplete and is a work-in-progress. Expect massive changes as research are being conducted.


The voucher will satisfy 3 constraints:

  1. Only users in the group will be able to generate valid voucher.
  2. Each user may only generate and publish at most one voucher per topic.
  3. The identity of the user is hidden.

User Journey

Organisations distributing these packed meals can launch the application by targeting the food insecured group, setting the topic as the program name appended with the date and adding the organisation name as the message.

Once the application has been launched, a QR code will be generated to be scanned by the beneficiary.

The beneficiary simply launches their application (initialized with the identity registered with the group) and scans the QR code to be taken to the voucher generation page.

Upon clicking on confirm, the voucher will be generated and submitted to VeilOS for verification. Once verification has been completed, the beneficiary will receive a confirmation that the voucher has been successfully claimed, along with an unique code to the voucher.

At the same time, the organisation distributing the packed food will also be able to see that there is a new voucher generated with the same unique code and can now proceed to distribute the packed food to the beneficiary.

In this example, the VeilOS application ensures:

  1. Citizens not in the group may not abuse the system to collect packed meals meant for those who really needs it
  2. Beneficiaries may only collect at most one packed meal a day
  3. Beneficiaries’ identity (and histories of collections) are hidden from everyone (including the government agency)

Show Me the Proofs

While each beneficiary will register with the government agency with their identity card showing their public identity (in this case 5250887317885314878170299310585808682203354203924329162758682586025860956143) during registration, these identifiers are never published on the generated voucher.

Instead, ZKP is used to ensure that the constraints were enforced and the voucher is valid. Since the entire voucher is also publicly available, anyone may validate the validity of the voucher.

Since valid vouchers may only be generated by those in the group, the vouchers also serve as solid audit records for the distributing organisation who are accountable to donors and regulatory organisations.

One voucher per topic

Suppose that the beneficiary attempts to generate more than one voucher for a given topic (even with different message), the submission will easily be voided and an error message will be returned.

This is achieved by comparing the nullifier value of the vouchers as the nullifier value is deterministically derived from the beneficiary's identity and the topic.

Only available to beneficiaries in the group

I should probably work on the error message, but you get the point…

Finally, should anyone else other than the beneficiaries attempt to generate a voucher, they will fail to generate a valid proof for the voucher.

Other Use Cases

Identity Group: Foreign Workers Employed in Singapore 
Topic: Whistleblowing_2020Q1
Message: Unserviced equipments at site #1234

Since the application does not reveal the identity of the voucher generator other than the fact that he is a member of a group, it can be used for different whistleblowing schemes.

Discussed in a previous memo, this can be used for cases like:

  • Companies creating a whistleblowing scheme to allow anyone to surface important information to mangement confidentially.
  • Foreign workers in Singapore whistleblowing on their employer to agencies like Ministry of Manpower on workplace safety or workplace grievances.


Identity Group: Citizens of US
Message: Joe Biden

Similarly, the message on the voucher can also be used to signal support for a candidate in an election or a proposal on a referendum.

Use cases that are similar:

  • Peer promotion nomination within a company
  • Award nomination within a company or community

Credit Card Privileges

Identity Group: Citibank PremierMiles Card Holders
Message: SATS Premier Lounge

The vouchers can also be used to coordinate privileges of credit card (or any privilege card or membership card) holder. In the example above, credit card holders can generate vouchers in exchange for lounge access without sharing their identity with the lounge operators. In addition, credit card companies can easily enforce the limits on number of lounge access (and therefore their liabilities) across multiple lounge operators.

This can also give rise to more interesting product offerings by these companies. For instance the credit card company can allow their priority customers to claim one “expensive” birthday treat (think a dinner, or spa, or activities) across all the companies they partner with, without sharing information of these card holders with the partners.


Identity Group: Citizens of Singapore
Message: Hougang CC

Finally, as the name voucher suggest, it can be used to exchange for goods & services that are rationed. Some potential use cases:

Other than conventional goods & services, the voucher can be used to exchange for the rights to use e-services to limit registration to a known group of people to prevent sybil attack and frauds.

For instance P2P selling platforms (such as Craigslist or Carousell) can allow users to exchange a voucher to register for an account on their platform:

Identity Group: Citizens of Singapore
Message: <username>

This will enforce that a user is a citizen of Singapore and that he may only possess at most one account without revealing more information such as name, age, personal ID, etc.

Try it for yourself

The application currently only runs on Firefox browser. Other browsers will throw an error Maximum call stack size exceeded .

If you would like to try VeilOS out right now, you may assume the identity of any of the users in the identity group 9436b3a9-e1c6-4214-8398-e5036c220995.

One hundred identities are generated and inserted into that group. You may import any of the identities below to start playing with VeilOS:






*You will be able to create your own identity group, generate your own identity and add identities to your own group when more features are rolled out.

What’s Next

  • Identity group management & access control
  • Voting app
  • Quadratic voting app
  • Live demo
  • Ethereum smart contract for identity group management


Originally published at

Blockchain Engineer @ GovTech Singapore. Writes about personal finance, risk management & decentralized finance.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store