ZK Identity System

The ZK Identity System provides a privacy-preserving way to attest to an identity (e.g., verifying you are a Github user) without revealing the specific identity or linking multiple actions to the same user. It uses Zero-Knowledge Proofs (ZK-SNARKs) to guarantee:

Privacy: No one knows which user performed an action.
Uniqueness: A user cannot double-spend an action in the same context (via Nullifiers).
Soundness: Mathematical proof of validity.

Core Concepts

Commitment

Poseidon(provider_id, secret) A cryptographic commitment to an identity, stored on-chain in a Merkle Tree. It hides the user’s ID and secret.

Nullifier

Poseidon(provider_id, context) A unique hash generated for a specific action (context). Prevents double-spending while maintaining anonymity.

Merkle Tree

A valid commitment must exist in the global Merkle Tree. The ZK proof verifies inclusion in this tree.

ZK Proof

A Groth16 proof that asserts: “I know a secret corresponding to a commitment in the Merkle Tree, and here is my unique nullifier for this context.”

Architecture Overview

The system operates in a Two-Phase Flow:

Phase 1: Link Identity (One-time)

Generate Secret

User generates a random secret locally. This never leaves their device.

Create Commitment

User calculates commitment: Hash(provider_id, secret).

Submit to Chain

User submits the commitment to the blockchain via an identity_commitment transaction.

Merkle Update

Validators verify the transaction and add the commitment to the global Merkle Tree.

Phase 2: Prove Ownership (Repeatable)

When a user wants to perform an action (e.g., vote, claim airdrop) anonymously:

Generate Proof

User uses their secret and the current Merkle path to generate a ZK proof locally.

Calculate Nullifier

User calculates a nullifier based on the action context: Hash(provider_id, context).

Submit Attestation

User submits identity_attestation transaction with the proof and nullifier.

Verification

Validators verify the proof against the current Merkle root and checking if the nullifier has been used before.

Privacy Model

Component	Visibility	Description
Provider ID	🔒 Private	Hidden inside commitment and ZK proof
User Secret	🔒 Private	Known only to user, never transmitted
Commitment	🌍 Public	Visible on-chain, but opaque
Nullifier	🌍 Public	Visible on-chain, used for uniqueness check
Context	🌍 Public	The specific action being performed

Security Guarantees

Anonymity Set: All users across all providers in the Merkle Tree.
Unlinkability: No link between the commitment (Phase 1) and the attestation (Phase 2).
Double-Spend Protection: The nullifier guarantees a user can only act once per context.

Internal Mechanisms

Global Change Registry

Consensus Mechanism

L2PS Privacy Subnets

ZK Identity

Architecture

MCP Server

Bridges

Developers Testbed

Miscellaneous

ZK Identity Overview

ZK Identity System

Core Concepts

Commitment

Nullifier

Merkle Tree

ZK Proof

Architecture Overview

Phase 1: Link Identity (One-time)

Phase 2: Prove Ownership (Repeatable)

Privacy Model

Security Guarantees

Internal Mechanisms

Global Change Registry

Consensus Mechanism

L2PS Privacy Subnets

ZK Identity

Architecture

MCP Server

Bridges

Developers Testbed

Miscellaneous

​ZK Identity System

​Core Concepts

Commitment

Nullifier

Merkle Tree

ZK Proof

​Architecture Overview

​Phase 1: Link Identity (One-time)

​Phase 2: Prove Ownership (Repeatable)

​Privacy Model

​Security Guarantees

ZK Identity System

Core Concepts

Architecture Overview

Phase 1: Link Identity (One-time)

Phase 2: Prove Ownership (Repeatable)

Privacy Model

Security Guarantees