Ethereum Foundation AI lead Davide Crapis and Ethereum co-founder Vitalik Buterin have proposed a way to use zero-knowledge proofs and other methods to ensure that a user’s interactions with large language models are private, while preventing spam and abuse.
API calls occur every time a user sends a message to a software application, such as an AI chatbot. Crapis and Buterin said in a blog post on Wednesday that a core challenge for both users and providers is privacy, security and efficiency.
“We need a system where a user can deposit funds once and make thousands of API calls anonymously, securely, and efficiently,” they said.
“The provider must be guaranteed payment and protection against spam, while the user must be guaranteed that their requests cannot be linked to their identity or to each other,” they added.
With the use of AI chatbots rising, data leaks from LLMs have become a growing concern. Chatbots often handle highly sensitive data, and linking usage to identities can create significant privacy, legal, and security risks. Usage logs can even be used in court proceedings.
Crapis and Buterin’s solution for users and providers
Crapis and Buterin said providers currently are forced to choose between two “suboptimal paths,” identity-based access with users forced to hand over sensitive information like an email or credit card, which creates privacy risks, or per-request on-chain payments, which are slow, costly, and traceable.
The duo proposes a system where users deposit funds into a smart contract and then make API calls without revealing their identity or linking requests, leveraging zero-knowledge proofs and rate-limit nullifiers for payments and anti-spam enforcement.
“A user deposits 100 USDC into a smart contract and makes 500 queries to a hosted LLM. The provider receives 500 valid, paid requests but cannot link them to the same depositor, or to each other, while the user’s prompts remain unlinkable to the user identity,” Crapis and Buterin said.
“The model enforces solvency by requiring the user to prove that their cumulative spending — represented by their current ticket index —remains strictly within the bounds of their initial deposit and their verified refund history.”
Cheating the system could slash your deposit
To deter scammers, illegal content generation, jailbreaking attempts, and other terms-of-service violations, Crapis and Buterin propose a dual-staking system.
Related: Vitalik draws line between ‘real DeFi’ and centralized yield stablecoins
If a user is caught trying to double-spend, their deposit can be claimed by anyone, including the server. However, users violating the terms of service will have their deposit sent to a burn address, and the slashing event is recorded on-chain.
“For example, a user might submit a prompt asking the model to generate instructions for building a weapon or to help them bypass security controls — requests that would violate many providers’ usage policies,” Crapis and Buterin said.
“While the user’s identity remains hidden, the community can audit the rate at which the Server burns stakes and the posted evidence for these burns.”
Magazine: Hong Kong stablecoins in Q1, BitConnect kidnapping arrests: Asia Express
