Skip to main content

Identity Registry

Obsidion has developed an onchain identity registry which leverages zkPassport by Obsidion Labs to allow a user to link a verifiable credential such as their passport to their Aztec Account. This allows you to prove that the account that you are interacting with is a valid human.

In the future, certain actions will be gated, and you can only interact with certain protocols if you have connected your zkPassport to your Obsidion Account to privately prove that you meet certain conditions.

ie, you are not a sanctioned person from a specific country or you are over a certain age.

ZKPassport

ZKPassport enables privacy-preserving identity verification using passports and ID cards. It allows developers to request and verify specific identity attributes without exposing unnecessary personal information. To see more information about integrating ZKPassport into your app please refer to the documentation here.

First the user has to download the ZKPassport app and go through the onbaording process here.

Adding ZKID to the Registry

To add your ZKID to the identity registry, navigate to the "Settings" tab in the sidebar and like on the "ShowQR" button. This will show a QR code that needs to be scanned within the ZKPassport app. The app will generate the proof with your phone and share this information with the Obsidon Wallet App through an encrypted web socket connection.

Once this information has been shared from your mobile device and the Obsidion App. You can add your ZKID to the identity registry.

Remove ZKID

Once you have added your ZKID to the registry, you can also remove by clicking the "Remove ZKID" button at any time.

Privacy concerns

Your ZKID does not reveal any information about the credential that you used to add it to the idenity registry. Part of what is used to generate it is the scoped nullifier. It is dependent on the hash of the domain that you interacted with. In this case Obsidion Wallet, so all personal information is completely private.

If you use your ZKPassport credentials on another app, this will not link you with your ZKID used in Obsidion Wallet.

Technical Details

Once a user scans the QR code, a secure Websocket connection is established using Obsidion Bridge. The passport proof is generated on the users device and is sent to the users browser for processing.

The mobile app generates 4 proofs

  1. Document Signer Certificate check (Circuit A): Verifies the document's signature
  2. ID Data check (Circuit B): Validates the identity data
  3. Integrity check (Circuit C): Ensures document integrity
  4. Disclosure check (Circuit D): Controls what specific data is revealed

These proofs are then processed for onchain verification.

To add the ZKID to the registry, the four subproofs are validated, with the commitments in and out being checked to ensure correct linking of the proofs. Once the proofs are verified within the contract the ZKID (scoped nullifier) is linked with the Aztec Address. This authenticates that the owner of the Aztec Address has a valid passport, without revealing any of the passport information!!!

Removing the ZKID from the registry, removes the mapping between the ZKID and the address from storage and can be done at any time.

Significance

  1. Privacy Preservation: The zkPassport implementation ensures that users retain control of their identity documents. Only zero-knowledge proofs are shared, not the actual document data.
  2. Sybil Resistance: The identity registry enables applications to verify unique personhood without revealing personal information.
  3. Decentralized Verification: The entire verification process happens without a centralized authority, maintaining user sovereignty.
  4. On-chain Identity: The zkID serves as a privacy-preserving on-chain identity that can be referenced by other applications.

User Flow

  1. User activates zkPassport verification in Obsidion Wallet
  2. QR code is generated for the zkPassport mobile app
  3. User scans QR code with mobile app
  4. Mobile app generates zero-knowledge proofs
  5. Wallet receives and verifies proofs
  6. zkID is generated from the verification
  7. User adds zkID to Identity Registry contract
  8. Applications can verify the user's identity via the registry