A frequent theme is noninteractive verification of anonymous identities, for purposes of peer review.
Use case
The importance of anonymity in peer review is widely accepted (though slightly controversial). Exactly what needs to be verified here is not yet clear. Possibly it has to do with attesting the expertise on the topic. Thomas Lemberger at EMBO has been a helpful thought partner.
Proposed solution
Some possibilities that occur to me:
The "anonymous individual" is attested to exist and have XYZ qualifications by a nonanonymous party, such as a review group, with such attestation present in the docmap. The reviewer has no crypto identity in the scheme, and deals in back channels with the review group. This is the simplest implementation.
Use ZK-SNARKs to create a long-term signing key with provable qualifications attested by any party, such as a review group or university. That key is used to sign reviews anonymously. This is the most expressive, but increases the complexity as well.
Use threshold cryptography to support provable claims about "membership in a subgroup", such as a review group, whose members are probably somewhat known. Which members of the subgroup actually did the signing remains obfuscated. This is probably strictly worse than SNARKs, but a middle ground of complexity.
Protocol semantics improvement
Description
A frequent theme is noninteractive verification of anonymous identities, for purposes of peer review.
Use case
The importance of anonymity in peer review is widely accepted (though slightly controversial). Exactly what needs to be verified here is not yet clear. Possibly it has to do with attesting the expertise on the topic. Thomas Lemberger at EMBO has been a helpful thought partner.
Proposed solution
Some possibilities that occur to me: