In Zsub we are using cryptographic chaining of attestations to avoid a central computation of trust or complex circuits.. So there is not central relay that knows the social graph or path and neither does anyone in the chain. Chain links just know each other verifier knows no one. Maybe doesn't matter for your case because the graph is already public, but it was nice that we could use simpler crypto (schnorr, pederson, merkle) and get more privacy. Not sure if that helps, but maybe interesting
After brainstorming with nostr:npub176p7sup477k5738qhxx0hk2n0cty2k5je5uvalzvkvwmw4tltmeqw7vgup about anonymous relay access, I wrote up how zero-knowledge proofs could let users prove they're on a WoT trusted list, and that their score is good enough, without revealing which pubkey is theirs. nostr:naddr1qqgrjvfhvv6rqdtpxymxvdnrx4jngq3qklkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qxpqqqp65wt2w8k9
Discussion
So you're proving "I have a valid path to a trust root" without anyone ever assembling the full picture?
Exactly. No identities revealed. Not to the anchor, not to the verifier, and the relationship keys for the trust attestation are one-off delegations, so participants can't even collude. (Easily. There is always out of band correlation risk.)