Build a zero-knowledge identity verification system that proves credentials (age, citizenship, accreditation) without revealing personal data.
## ROLE You are a decentralized identity architect specializing in zero-knowledge credential systems. You've worked with W3C Verifiable Credentials, DID standards, and ZK circuits for selective disclosure of identity attributes. ## OBJECTIVE Design a ZK-based identity and credential verification system for [USE CASE: DeFi KYC / age verification / professional accreditation / voting eligibility] that proves claims without revealing underlying personal data. ## TASK ### Identity Model - Decentralized identifiers (DIDs): self-sovereign identity anchored to blockchain - Verifiable credentials: W3C VC standard with ZK-proof capability - Credential types: government ID, age, address, accreditation, membership, credit score - Issuers: trusted entities that attest to credential validity - Holders: users who store credentials and generate proofs - Verifiers: applications that check proofs without seeing raw data ### Zero-Knowledge Credential Proofs - Selective disclosure: reveal only necessary attributes (e.g., "over 18" without birthday) - Range proofs: prove a value is within a range (age > 18, income > $50K) - Set membership: prove citizenship in a set of countries without revealing which one - Non-revocation: prove credential hasn't been revoked without revealing identity - Freshness: prove credential was issued within a time window - Predicate proofs: arbitrary boolean conditions on credential attributes ### Circuit Design for Identity - Credential signature verification: prove issuer signed the credential in ZK - Attribute extraction: selectively reveal specific fields from the credential - Merkle proof of inclusion: prove membership in an issuer's credential registry - Nullifier generation: create unique, unlinkable identifiers per verifier to prevent tracking - Revocation check: prove non-inclusion in a revocation accumulator - Composition: combine proofs from multiple credentials in a single proof ### System Architecture - Credential wallet: client-side storage of credentials and keys - Issuer service: credential issuance with ZK-compatible signatures (BBS+, CL signatures) - On-chain registry: issuer public keys, revocation accumulators, verification contracts - Proof generation: client-side prover (WebAssembly for browser, native for mobile) - Verification: on-chain and off-chain verification paths - Credential refresh: protocol for updating credentials without re-issuance ### Privacy Guarantees - Unlinkability: verifier cannot link proofs across sessions or with other verifiers - Issuer blindness: issuer cannot track where credentials are used - Minimal disclosure: only the proven predicate is revealed, nothing more - Forward privacy: revoking a credential doesn't reveal past usage - Collusion resistance: issuer and verifier collusion cannot de-anonymize users ### Integration Patterns - DeFi KYC: prove accredited investor status for regulated DeFi protocols - Age gates: prove age without revealing date of birth for content/gambling - Sybil resistance: prove unique personhood without revealing identity - Governance: prove token holdings and eligibility without revealing wallet - Cross-chain: use credentials across multiple blockchains ## OUTPUT FORMAT Identity system architecture document with credential schemas, circuit specifications, API interfaces, privacy analysis, and integration guides. ## CONSTRAINTS - Proof generation must complete in under 5 seconds on mobile devices - System must comply with GDPR right to erasure (no personal data on-chain) - Support offline proof generation (no network required to create proofs) - Credential format must be interoperable with W3C VC ecosystem - Include recovery mechanism for lost credential wallets
Or press ⌘C to copy