We enable users to prove that they participated in a clinical trial / study without the conducting service or company (RH) being aware of the "crypto" aspect of their user identity. On the other hand, the prover (us) shouldn't learn anything about the actual user. Welshare's protocol also neither publicy correlates any user ids or personally idenitifiable information.
To enable this blindfolded proof issuance, we require minimal action on the service company's (RH) side. To initiate the proof creation process, they must be able to
- identify one user by an unique identifier (UID) that can be unique for a trial instance
- store a random array of bytes ("nonce") per user, ideally using a crypograpically sufficiently safe RNG. The nonce helps deidentifying the user
- display the UID & the indidual nonce to the user / allow them to request it
- invite study participants by their preferred means of communication to a decentralized web application, hosted by welshare
On the decentralized frontend, the user
- connects or creates their wallet / cryptographic identity (derives another account for this purpose)
- requests their UID & nonce for / read it from their profile
- create a zero knowledge proof that they know the preimage of the hash, using the account that should receive the proof
- authenticate the account / Siwe
- can exchange the proof with a signed attestation by welshare (simpler to present)
- can store the attestation on a permissionless decentralized storage compatible to HPMP
- sends authentication and proof / public inputs to CerebrumDao (or a claiming app)
- can always present the attestation or proof to 3rd parties / attach to HPMP profile