Glossary
This glossary defines the key terms and concepts used throughout the Hadinet Africa documentation.
A
AES-256-GCM
Advanced Encryption Standard with 256-bit key length in Galois/Counter Mode. A symmetric encryption algorithm that provides both confidentiality (data cannot be read) and authenticity (tampering is detectable). Used by Hadinet to encrypt documents in the vault before uploading to IPFS.
Arbitrum
An Ethereum Layer 2 (L2) scaling solution that uses optimistic rollups. Hadinet uses Arbitrum Sepolia as the settlement layer for the Cartesi rollup, providing finality, fraud proofs, and input ordering.
Attestation
A verified claim about a user's identity stored on the Cartesi rollup. An attestation contains non-PII metadata (verification status, country code, provider, level) and a ZK proof confirming the verification.
Attestor
The backend service in Hadinet that orchestrates KYC verification, generates ZK proofs, and encrypts documents. The attestor runs inside a Trusted Execution Environment (TEE) to ensure data privacy during processing.
C
Cartesi
A blockchain infrastructure project that provides a full Linux virtual machine (RISC-V) running as a rollup. Hadinet uses Cartesi to store verification records and vault metadata in a deterministic, fraud-provable environment.
Curve25519
An elliptic curve used for key exchange in the TweetNaCl encryption library. Part of the input encryption layer that protects data submitted to the Cartesi rollup.
D
DID (Decentralized Identifier)
A globally unique, self-issued identifier derived from a user's wallet public key. In Hadinet, DIDs follow the did:key method and look like did:key:zQ3sh.... The same wallet always produces the same DID. No registration is required.
Deterministic Execution
A property of the Cartesi rollup where every validator node processes the same inputs and arrives at the exact same state. This makes the system fraud-provable — any deviation from the expected state can be detected and challenged.
F
Fraud Proof
A mechanism in Arbitrum's optimistic rollup that allows anyone to challenge incorrect state transitions. If a validator publishes incorrect state, the challenged computation is re-executed on Ethereum, and the dishonest validator's stake is slashed.
I
InputBox
A smart contract on Arbitrum that ensures all inputs to the Cartesi rollup are processed in the same order by all validators. This prevents reordering attacks and transaction censorship.
IPFS (InterPlanetary File System)
A decentralized, peer-to-peer file storage network. Hadinet uses IPFS (via Pinata's private gateway) to store encrypted document vault files. The files are encrypted before upload, so IPFS stores only unreadable encrypted blobs.
K
KYC (Know Your Customer)
A regulatory process that requires businesses to verify the identity of their customers. Hadinet integrates with KYC providers (Smile ID, Plaid) to perform verification, then generates ZK proofs so users do not need to repeat the process for every service.
L
Layer 2 (L2)
A scaling solution built on top of an existing blockchain (Layer 1, such as Ethereum). Arbitrum is an L2 that provides faster, cheaper transactions while inheriting Ethereum's security guarantees.
M
Multicodec
A self-describing codec identifier used in the DID derivation process. The prefix 0xe7 0x01 identifies a secp256k1 public key in the multicodec registry.
N
Non-PII Metadata
Data that does not personally identify an individual. In Hadinet, this includes verification status (true/false), country code, provider name, and verification level. This is the only data stored on-chain.
O
Optimistic Rollup
A type of Layer 2 scaling solution where state transitions are assumed correct unless challenged. Arbitrum uses this model, providing a challenge period during which fraud proofs can be submitted.
P
PBKDF2 (Password-Based Key Derivation Function 2)
A key derivation function used to generate unique encryption keys for each document in the vault. PBKDF2 uses a random salt per document, ensuring that identical documents produce different encrypted outputs.
PII (Personally Identifiable Information)
Any data that can identify a specific individual, such as name, date of birth, ID document numbers, address, or biometric data. Hadinet does not store PII — it is discarded immediately after ZK proof generation.
Pinata
An IPFS pinning service used by Hadinet to store encrypted document vault files. Pinata provides a private gateway, meaning the encrypted files are not discoverable on the public IPFS network.
Privy
A wallet infrastructure provider used by Hadinet for user authentication. Privy supports MetaMask, WalletConnect, email login, and social login, creating embedded wallets for users who do not have a crypto wallet.
R
RISC-V
An open-source instruction set architecture (ISA) used by the Cartesi rollup's virtual machine. RISC-V provides a full Linux environment for running application logic on-chain.
Rollup
A Layer 2 scaling solution that executes transactions off-chain but posts transaction data on-chain. The Cartesi rollup processes Hadinet's application logic while settling state on Arbitrum.
S
secp256k1
The elliptic curve used by Ethereum and Bitcoin for public key cryptography. Hadinet derives DIDs from wallet public keys on this curve.
Self-Sovereign Identity (SSI)
An identity model where the individual owns and controls their digital identity without reliance on a central authority. In Hadinet, SSI is implemented through wallet-based DIDs and on-chain ZK proofs.
SQLite
A lightweight, file-based relational database used inside the Cartesi rollup for deterministic data storage. It stores identity attestations, vault metadata, and access control records.
T
TEE (Trusted Execution Environment)
A hardware-isolated secure enclave within a processor that protects code and data from inspection, even by the server operator. The Hadinet attestor runs inside a TEE to ensure personal data is never exposed during processing.
TLS (Transport Layer Security)
A cryptographic protocol that provides secure communication over a network. All Hadinet API communications use TLS. The zkFetch system uses TLS sessions to generate ZK proofs of provider responses.
TweetNaCl
A compact, auditable cryptographic library used for input encryption in Hadinet. It implements Curve25519 key exchange, XSalsa20 symmetric encryption, and Poly1305 authentication.
W
Wallet
A crypto wallet (MetaMask, WalletConnect, or embedded via Privy) that serves as the user's authentication credential and identity anchor in Hadinet. The wallet's public key is used to derive the user's DID.
X
XSalsa20-Poly1305
A symmetric encryption algorithm combining the XSalsa20 stream cipher with Poly1305 message authentication. Used by TweetNaCl for input encryption before data is submitted to the Cartesi rollup.
Z
Zero-Knowledge Proof (ZK Proof)
A cryptographic method that lets one party prove a statement is true without revealing any information beyond the truth of the statement itself. In Hadinet, ZK proofs confirm that a KYC provider verified a user without revealing any personal details.
zkFetch
A technology from Reclaim Protocol that creates verifiable proofs of web data by using TLS sessions to generate ZK proofs. Hadinet uses zkFetch to prove that a KYC provider returned a positive verification result.
zkIdentity
The core identity verification system within Hadinet Africa. zkIdentity combines wallet-based DIDs, KYC provider integration, and zero-knowledge proofs to create privacy-preserving identity verification.