zkWhistle

Team Name: zkWhistle

Inspiration 💡

In an age where accountability is paramount, whistleblowers serve as a critical check on power. However, the profound fear of retaliation (professional, financial, and personal) systematically silences those who witness misconduct. Existing platforms often rely on centralized trust, creating single points of failure that can be compromised or censored, leaving the whistleblower exposed.

We were inspired by the mathematical certainty of cryptography to re-imagine this broken model. We envisioned a system where anyone could prove the validity of a claim without ever having to prove their identity. This led us to build zkWhistle: a truly anonymous, decentralized, and censorship-resistant platform that empowers anyone to speak truth to power, backed by the unbreakable security of zero-knowledge proofs on the Midnight Network.

Key Challenges Addressed:

The Whistleblower's Dilemma: Fear of retaliation is the primary deterrent for reporting misconduct, creating a chilling effect on transparency.
The Failure of Centralized Trust: Platforms that rely on a trusted third party are vulnerable to coercion, censorship, and data breaches.
The Verifiability Paradox: Anonymity is useless if the report is not credible. We needed a way to verify the submission's integrity without compromising the source.

What it does 🤔

zkWhistle is a privacy-first, anonymous reporting dApp built on the Midnight blockchain that leverages a layered privacy stack to provide mathematical guarantees of anonymity and security.

Objective: To allow anyone to anonymously and securely report misconduct without fear of exposure, while ensuring the integrity, authenticity, and spam-resistance of the submitted information.

Users connect their Midnight Lace wallet to a clean, intuitive interface. They can then submit a report containing text and file attachments to a designated moderator by using their public key. The entire report is end-to-end encrypted in the browser, ensuring only the intended recipient can ever decrypt it.

Before submission, the platform generates a Zero-Knowledge Proof, ensuring the submission is valid without revealing any information about the user's identity, wallet, or history. To prevent spam from anonymous sources, we are implementing a Rate-Limit Nullifier (RLN) system, which blocks a user from flooding the inbox without deanonymizing them.

By deploying on a decentralized network, zkWhistle is resistant to censorship and single points of failure. It creates a secure, trustless channel where the focus is entirely on the information, not the identity of the person sharing it.

UX Flow:

A whistleblower connects their Midnight Lace Wallet to the zkWhistle web application in a seamless, one-click process.
They paste the moderator's public key to designate the secure, encrypted recipient for their report.
The user composes their report, adding a title, a detailed description, and attaching any supporting digital evidence.
The app then generates a ZK proof and end-to-end encrypts the report data locally in the browser.
The encrypted payload and ZK proof are submitted as a single transaction to the Midnight blockchain.
The user receives a confirmation with a transaction hash, confident that their report is delivered securely and their identity is cryptographically protected.

Flow Summary: Connect Wallet → Compose Encrypted Report → Generate ZK Proof → Submit to Blockchain → Anonymously Delivered 🚀

How we built it ⚙️

🚀 Built with a privacy-first ethos, our full-stack decentralized application provides mathematical guarantees of anonymity through a layered defense.

⚡ It combines a modern frontend with a cutting-edge privacy-preserving blockchain and advanced cryptographic primitives.

Tech Stack:

Frontend: React 19 + TypeScript + Vite + TailwindCSS for a responsive, modern, and secure user interface.
Blockchain: Midnight Network, the privacy-focused L1 blockchain providing the censorship-resistant backbone for data and smart contracts.
Wallet Integration: Midnight Lace Wallet for seamless, secure user authentication and transaction signing, with a fully functioning end-to-end integration.
Zero-Knowledge Proofs: Custom ZK Implementation generates proofs of valid submission, cryptographically decoupling the user's identity from their report.
Encryption: End-to-End Encryption (E2EE) ensures report data is encrypted in the client before transmission, so only the designated moderator can decrypt it.
Spam Resistance: Rate-Limit Nullifiers (RLN) are a crucial layer to prevent abuse of the anonymous system without compromising user privacy.
Smart Contracts: Midnight's Privacy-Preserving Contracts handle the on-chain logic for proof verification, moderator management, and nullifier checks.

Design 🎨

Our design philosophy was "Trust Through Simplicity." For zkWhistle to be effective, a user in a high-stakes situation must feel safe and confident. The interface for handling advanced cryptography needed to be as simple and intuitive as sending an email.

We drew inspiration from the evolved Double-Diamond design process, which goes beyond visual design to incorporate a comprehensive research cycle. Before diving into solutions, we discover and define the problem, ensuring a structured approach before developing and delivering the final product.

🔍 Discover – Deep exploration of the problem we aim to solve.
🎯 Define – Refining insights into a clear problem statement.
💡 Develop – Brainstorming and iterating on potential solutions.
🚀 Deliver – Selecting and building the most effective solution.

Our focusing was entirely on the whistleblower's journey. The entire flow was prototyped in Figma to ensure every step was clear, concise, and reassuring. The UI is intentionally minimalist, removing all distractions and guiding the user through the secure submission process, transforming a potentially stressful action into a straightforward and empowering experience.

Challenges we ran into 😤

Our biggest challenge was implementing the custom ZK proof generation within the frontend. Bridging the gap between theoretical cryptography and a practical, performant browser-based implementation required significant iteration.

A second major hurdle was designing the smart contracts on Midnight. Shifting from a transparent ledger model to one with a public/private state was a steep learning curve. We had to fundamentally rethink data handling to ensure no sensitive metadata could ever be linked back to a user on-chain.

Finally, integrating a robust anti-spam mechanism like RLN into an anonymous system was complex. We had to ensure the nullifier system could prevent abuse without creating any new vectors for user deanonymization, which required careful cryptographic design.

Accomplishments that we're proud of ✨

We are incredibly proud of building a functional, end-to-end system that successfully implements a layered privacy stack, combining ZK proofs, E2EE, and RLN into a clean, accessible user interface. We didn't just build an app; we built a tool with mathematical guarantees of privacy.

Our biggest accomplishment is creating a practical, real-world application on a next-generation, privacy-focused blockchain. We are proud to have one of the only projects with a fully functioning Lace Wallet integration, demonstrating how this cutting-edge technology can be used for profound social good and provide a truly safe harbor for whistleblowers.

What we learned 📖

Building zkWhistle taught us how to translate complex cryptographic theory into a tangible, user-facing product. We learned firsthand the paradigm shift required to develop on privacy-preserving blockchains, mastering the interplay between private and public states.

This project gave us invaluable experience in orchestrating a full-stack dApp pipeline, from wallet interactions and client-side proof generation to secure smart contract design with spam resistance. It solidified our conviction that the future of Web3 lies in applications that solve critical human problems, where privacy is not a feature but a fundamental, non-negotiable right.

What's next for zkWhistle 🚀

Our immediate next step is to harden the entire system for a mainnet release. This involves integrating production-grade, audited cryptographic libraries and undergoing a formal security audit of our smart contracts and frontend.

Looking forward, we plan to expand the platform's capabilities by building a decentralized moderator dashboard for secure key management and report verification. We will also explore creating pluggable verifiers, allowing for ZK attestations that prove a whistleblower's role (e.g., "I am an employee of X Corp") without revealing their identity. Ultimately, we aim to partner with journalistic and human rights organizations to make zkWhistle the gold standard for secure, anonymous reporting worldwide.

The future of accountability is secure, anonymous, and powered by zkWhistle!

📜 License — Apache 2.0 ⚠️ Note — API credentials have been revoked. If you want to run the same on your local, use your own credentials.