Davide Crapis, AI lead at the Ethereum Foundation, and Vitalik Buterin, co-founder of Ethereum, proposed using zero-knowledge proofs to ensure user privacy during interactions with large language models, while also preventing spam and abuse. Every time a user sends a message to an AI chatbot, an API call is triggered. They state that the core challenges faced by users and providers are privacy, security, and efficiency.
Privacy and Legal Risks of AI Chat Records
(Source: Davide Crapis)
Each time a user sends a message to an application (such as an AI chatbot), an API call is triggered. Crapis and Vitalik Buterin noted in a Wednesday blog post that the main challenges for users and providers are privacy, security, and efficiency. They said, “We need a system where users can deposit funds once and then make thousands of API calls anonymously, securely, and efficiently.” They added, “It must ensure that service providers receive payment and are protected from spam, while also guaranteeing that user requests cannot be linked to their identity or other users.”
With the widespread adoption of AI chatbots, concerns about data leaks from large language models (LLMs) are increasing. Chatbots often handle highly sensitive data, and linking usage to identities can pose serious privacy, legal, and security risks. Log records can even be used as evidence in court cases. These risks are not hypothetical; there are real-world examples.
For instance, if someone asks ChatGPT “How to legally evade taxes” or “How to handle property disputes with an ex,” these chat records, if subpoenaed, could be unfavorable in divorce proceedings or tax investigations. In more extreme cases, if someone discusses sensitive political topics or content deemed illegal in authoritarian countries, these records could lead to political persecution. Current AI services typically store user chat logs, claiming encryption and anonymity, but these protections may fail in the face of government subpoenas or hacking attacks.
Three Major Issues with Current AI API Calls
Privacy risk: Service providers know who asked what, potentially leaking or being forced to disclose information
Traceability: Identity-based access requires email or credit card info, revealing true identity
Inefficiency and high cost: Per-request on-chain payments are slow, expensive, and traceable
Crapis and Buterin state that current service providers are forced to choose between two “suboptimal paths”: one is identity-based access, where users must provide sensitive info like email or credit card details, risking privacy; the other is per-request on-chain payments, which are slow, costly, and traceable. Neither approach truly protects user privacy.
Zero-Knowledge Proof Deposit Anonymity Query Solution
Crapis and Buterin proposed a system where users deposit funds into a smart contract and then make API calls without revealing their identity or linking requests, using zero-knowledge proofs and rate limiters for payment and anti-spam enforcement. They say, “A user deposits 100 USDC into a smart contract and makes 500 queries to a hosted LLM. The provider receives 500 valid, paid requests but cannot link them to the same depositor or to each other, and the user’s requests remain unlinked to their identity.”
The technical logic is as follows: the user deposits 100 USDC (or other cryptocurrency) into a smart contract, which generates a set of anonymous credentials based on zero-knowledge proofs. Each time the user sends a query to the AI, they prove with an anonymous credential “I have paid, but I won’t tell you who I am.” The AI provider verifies the credential’s validity and provides the service, but cannot determine which user made the request or link multiple requests to the same individual.
“This model enforces spending limits by requiring users to prove their total expenditure (represented by the current ticketing index) remains within the initial deposit and verified refund records.” This prevents double-spending attacks. Users cannot make more than a certain number of queries (e.g., 500) with a 100 USDC deposit (assuming each query costs 0.2 USDC). Zero-knowledge proofs ensure that spending does not exceed the deposit, without revealing who is spending.
Innovative Double-Stake Anti-Abuse Mechanism
To prevent fraudsters, illegal content generation, jailbreaking attempts, and other violations of terms of service, Crapis and Vitalik Buterin introduced a double-stake system. If a user is found attempting double-spending, their deposit can be seized by anyone (including the server). However, users violating terms will have their deposits sent to a burn address, and the seizure event will be recorded on-chain.
Crapis and Buterin state: “For example, a user might submit a request asking the model to generate instructions for manufacturing weapons or help bypass security controls, which would violate many providers’ policies. While the user’s identity remains hidden, the community can review the frequency of server stake burns and the evidence published for these burns.”
This mechanism balances privacy and accountability. Users enjoy full anonymity, but if they abuse the service (e.g., generate illegal content or attempt jailbreaking), they lose their deposit as punishment. While this economic penalty cannot prevent all abuse, it raises the cost of misuse. Importantly, the entire process remains anonymous; providers and communities can see “someone was penalized for violation” but not who.
This “anonymous but accountable” design could become a new paradigm in privacy protection technology. It demonstrates that privacy and security are not mutually exclusive; cryptographic innovations can enable both simultaneously. If adopted by AI companies like OpenAI or Anthropic, it could fundamentally change the privacy model of AI services.
For users, the practical experience might be: deposit 100 USDC once into a wallet, then use AI services anonymously for months or even years (depending on usage), without logging in or linking a credit card each time. If they accidentally violate rules, they only lose their deposit, while their identity remains protected. This “pay with money for anonymity” model could attract many privacy-conscious professionals and institutions.
For AI service providers, this solution is also attractive. It solves the dilemma of “privacy means no revenue, revenue means no privacy.” Automated payments via smart contracts eliminate credit card fees and dispute costs. Zero-knowledge proof anonymity reduces legal risks of data leaks (since no user identity info is collected). The staking penalty mechanism offers a more effective anti-abuse measure than traditional bans.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
