Zero-Knowledge Proofs
Zero-knowledge proofs (ZK proofs) are the cryptographic foundation that makes privacy-preserving identity verification possible in Hadinet Africa.
What Are Zero-Knowledge Proofs?
A zero-knowledge proof is a cryptographic method that lets one party prove a statement is true without revealing any information beyond the truth of the statement itself.
Analogy: Imagine you need to prove you are over 18 to enter a venue. Instead of showing your full ID (which also reveals your name, address, and exact birthdate), you show a sealed card from a trusted authority that simply says "This person is over 18" — and the venue can mathematically verify the card is authentic without learning anything else about you.
In Hadinet, ZK proofs work similarly:
- The KYC provider (Smile ID, Plaid) verifies your identity using your documents
- Hadinet's attestor creates a TLS tunnel to the provider and generates 14 separate ZK proofs
- These proofs collectively confirm: "This provider verified this person" — without encoding who the person is
- The proofs are stored on-chain and can be independently verified by anyone
How zkFetch Works
Hadinet uses zkFetch, a technology from Reclaim Protocol, to create verifiable proofs of web data. This is the mechanism that makes the zero-knowledge proofs trustworthy.
The Process
- The attestor establishes a TLS-encrypted connection to the KYC provider
- It requests your verification status through this encrypted tunnel
- The TLS session is used to generate cryptographic proofs that:
- The data came from the genuine KYC provider (not fabricated)
- The provider confirmed a positive verification
- The connection was not tampered with
- These proofs are generated without the attestor needing to reveal the actual response content
Why This Matters
This means even the attestor cannot forge a verification — the proofs are tied to the actual TLS session with the real KYC provider. There is no way to fabricate a proof without a genuine interaction with the provider's servers.
Proof Properties
Each ZK proof generated by Hadinet has the following properties:
| Property | Detail |
|---|---|
| Unforgeable | Requires a genuine TLS handshake with the KYC provider's servers |
| Non-reusable | Each proof is tied to a specific session and timestamp |
| Publicly verifiable | Anyone can verify a proof is valid without special access |
| Privacy-preserving | Proves verification happened without revealing what was verified |
| Redundant | 14 independent proofs per verification increase the security margin |
What the Proofs Prove
The ZK proofs generated during verification collectively prove the following:
| What Is Proven | What Is NOT Revealed |
|---|---|
| A real KYC provider was contacted | Which documents were submitted |
| The provider returned a positive result | The user's name or personal details |
| The response came through a genuine TLS session | The user's date of birth |
| The data was not tampered with | ID document numbers |
| The verification happened at a specific time | Photos or biometric data |
The 14-Proof System
Each verification generates 14 separate ZK proofs. These proofs cover different aspects of the TLS session and verification response:
- TLS handshake proofs — Prove the connection was to the genuine KYC provider
- Response integrity proofs — Prove the response was not modified
- Data extraction proofs — Prove specific fields (like "verified: true") were present in the response
- Timestamp proofs — Prove when the verification occurred
Multiple independent proofs provide defense in depth. Even if one proof mechanism were compromised, the remaining proofs maintain the system's integrity.
ZK Proofs vs. Traditional Verification
| Aspect | Traditional KYC | ZK-Verified KYC |
|---|---|---|
| Data shared | Full PII to every verifier | Nothing — only a proof |
| Verification method | Re-check documents each time | Verify cryptographic proof |
| Speed | Minutes to days | Instant (proof is already on-chain) |
| Breach risk | Every copy of PII is a target | No PII exists to breach |
| Cross-border | Different requirements per country | One proof works everywhere |
| Trust required | Trust every verifier with your data | Trust math (cryptography) |
Verifying a Proof
Any third party can verify a Hadinet ZK proof without any special access or relationship with Hadinet. The verification process:
- Retrieve the proof from the Cartesi rollup (publicly accessible)
- Check the proof's cryptographic validity using standard ZK verification algorithms
- Confirm the proof references a recognized KYC provider
- Check the timestamp and expiry
No API key, no account, and no permission from Hadinet is needed.
Next Steps
- Privacy Model — How proofs fit into the broader privacy architecture
- Trust Model — What you trust each system component with
- Data Flow — The full verification flow step by step