Privacy-Preserving Identity Verification using Zero-Knowledge Proofs & ePassport Data
Verify your identity without revealing personal information. Powered by ZK-SNARKs and NFC passport reading.
Overview · How It Works · Architecture · Components · Quick Start · Use Cases
ZKAuth is a decentralized identity verification system that enables users to prove attributes about themselves (like being over 18) without revealing their actual personal data. By combining:
- 📱 NFC-enabled passport reading on Android devices
- 🔐 Zero-Knowledge Proof generation using ZoKrates
- ⛓️ On-chain proof verification via Ethereum smart contracts
- 🌐 Web3-native DApp integration with modern frontend
Users can cryptographically prove claims about their identity while maintaining complete privacy over their sensitive passport data.
| Feature | Description |
|---|---|
| 🔏 Privacy-First | Your passport data never leaves your device. Only cryptographic proofs are shared. |
| ✅ ICAO 9303 Compliant | Full support for international ePassport standards |
| 🔗 On-Chain Verification | Proofs verified by Ethereum smart contracts for trustless verification |
| 📱 Mobile-Native | Android app with OCR, NFC, and QR code support |
| 🏛️ Decentralized | No central authority required for verification |
| 🔄 Reusable Proofs | Generate proofs once, use across multiple DApps |
ZKAuth operates through a seamless flow between the mobile app, web DApps, and blockchain smart contracts.
The complete verification flow involves 7 key steps:
- MRZ Capture & NFC Scan - User reads their passport using the ZKAuth Android app
- Secure Storage - Passport data is encrypted and stored locally on the device
- QR Code Generation - DApp creates a verification challenge encoded as a QR code
- QR Scanning - User scans the QR code with the ZKAuth app
- ZK Proof Generation - App generates a zero-knowledge proof based on the challenge
- Proof Submission - Proof is sent to the verification server
- On-Chain Validation - Admin-side DApp fetches and validates the proof on-chain
This diagram illustrates the interaction between the DApp and ZKAuth mobile app:
DApp Side:
- User interacts with DApp and selects "Verify Age"
- DApp creates a verification challenge with specific criteria
- Challenge is encoded as JSON and converted to QR code
- QR code is displayed on screen for the user
ZKAuth App Side:
- User scans the QR code with the mobile app
- App parses and validates the JSON challenge
- Challenge data is stored and prepared for proof generation
- App signals readiness for ZK proof generation
This comprehensive flow shows the complete passport onboarding process:
User Onboarding:
- User opens ZKAuth app and is prompted to add a passport
- Choice between OCR (camera) scanning or manual MRZ input
Key Generation & NFC:
- BAC key is derived from MRZ data
- Passport chip is read via NFC communication
Security Verification:
- ✅ BAC (Basic Access Control)
- ✅ PACE (Password Authenticated Connection Establishment)
- ✅ AA (Active Authentication)
- ✅ CA (Chip Authentication)
- ✅ CSCA (Certificate Authority Validation)
Data Handling:
- Data fields extracted from passport chip
- Encrypted and stored securely on device
- Identity data ready for ZK proof generation
ZKAuth/
├── 📱 PassportAndroidApp/ # Android mobile application
│ ├── app/src/main/
│ │ ├── java/example/jllarraz/ # Kotlin source code
│ │ │ ├── passport/ # Passport reading logic
│ │ │ ├── camera/ # OCR & QR scanning
│ │ │ ├── nfc/ # NFC communication
│ │ │ └── zk/ # ZK proof generation
│ │ ├── assets/zokrates/ # ZoKrates proving keys
│ │ └── res/ # Android resources
│ └── libs/ # External libraries (JMRTD)
│
├── 🌐 ZK-Minimal-DApp/ # Web application & smart contracts
│ ├── Foundry-Backend/ # Solidity smart contracts
│ │ └── src/
│ │ ├── AuthBluePrint.sol # Base authentication contract
│ │ └── RandomDApp.sol # Example DApp implementation
│ ├── frontend/ # Next.js React application
│ │ ├── app/ # App router pages
│ │ ├── components/ # React UI components
│ │ └── contracts/ # Contract ABIs
│ └── zk-passport-auth/ # ZK verification system
│
└── 📊 media/ # Documentation assets
A comprehensive Android application for reading and verifying ePassport documents.
| Category | Capabilities |
|---|---|
| 📖 Passport Reading | OCR-based MRZ scanning, NFC chip reading, Manual data entry |
| 🔐 Security Protocols | BAC, PACE, EAC, Active Authentication, Chip Authentication |
| 🔍 Verification | CSCA certificate chain validation, Cryptographic hash verification |
| 📱 Mobile Features | QR code scanning, ZK proof generation, Encrypted local storage |
- Language: Kotlin
- NFC/Passport: JMRTD 0.7.35, Bouncy Castle
- OCR: Google ML Kit Text Recognition
- Camera: CameraX, ML Kit Barcode Scanning
- ZK Proofs: ZoKrates.js via WebView
- Security: Android Security Crypto, EncryptedSharedPreferences
- Android 6.0+ (API Level 23)
- NFC-enabled device
- Camera for OCR/QR scanning
📚 Full Android App Documentation →
A decentralized web application for requesting and verifying ZK proofs.
| Feature | Description |
|---|---|
| 🔗 Wallet Integration | RainbowKit for seamless Web3 wallet connections |
| 📱 QR Generation | Dynamic QR codes for verification requests |
| ⛓️ Smart Contracts | Ethereum-based proof verification |
| 🎨 Modern UI | Next.js 15 + React 19 + Tailwind CSS |
| 👨💼 Admin Panel | Dashboard for managing verification requests |
AuthBluePrint.sol - Base abstract contract providing:
// Core authentication states
enum AuthState { NONE, REQUESTED, PENDING, VERIFIED, FAILED }
// Key functions
function genQRCodeInfo() public; // Generate verification challenge
function validateProof(...) public; // Verify ZK proof on-chainRandomDApp.sol - Example implementation showing custom verification logic.
- Frontend: Next.js 15, React 19, TypeScript
- Styling: Tailwind CSS, shadcn/ui
- Web3: ethers.js, Wagmi, RainbowKit
- Contracts: Solidity, Foundry, OpenZeppelin
# Required tools
- Node.js 18+ & pnpm
- Android Studio (for mobile app)
- Foundry (for smart contracts)
- Gitgit clone --recurse-submodules https://github.com/roudra323/ZKAuth.git
cd ZKAuthcd ZK-Minimal-DApp/Foundry-Backend
forge install
forge build
forge testcd ../frontend
pnpm install
# Create environment file
cat > .env.local << EOF
NEXT_PUBLIC_CONTRACT_ADDRESS=your_contract_address
NEXT_PUBLIC_WALLET_CONNECT_PROJECT_ID=your_wallet_connect_id
EOF
pnpm dev- Open
PassportAndroidApp/in Android Studio - Sync Gradle dependencies
- Configure CSCA certificates (optional)
- Build and run on NFC-enabled device
Prove you're over 18/21 without revealing your birthdate to access age-restricted services.
Verify nationality or identity for financial services while preserving privacy.
Prove citizenship eligibility without linking votes to your identity.
Verify credentials for exclusive events without sharing personal data.
Comply with age regulations while maintaining user privacy.
| Layer | Protection |
|---|---|
| 📱 Device | Passport data encrypted with Android Keystore |
| 🔐 Transmission | Only ZK proofs leave the device, never raw data |
| ⛓️ Blockchain | Proofs verified without revealing inputs |
| 🔄 Verification | Zero-knowledge: verifier learns only true/false |
- ICAO 9303 - International standard compliance
- BAC - Basic Access Control for chip access
- PACE - Password Authenticated Connection Establishment
- EAC - Extended Access Control for biometrics
- Active Authentication - Proves chip authenticity
- CSCA Validation - Country certificate chain verification
| Module | Path | Technology |
|---|---|---|
| Android App | PassportAndroidApp/ |
Kotlin, Android SDK |
| Smart Contracts | ZK-Minimal-DApp/Foundry-Backend/ |
Solidity, Foundry |
| Web Frontend | ZK-Minimal-DApp/frontend/ |
Next.js, React, TypeScript |
| ZK Circuits | ZK-Minimal-DApp/zk-passport-auth/ |
ZoKrates |
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit changes:
git commit -m 'Add amazing feature' - Push to branch:
git push origin feature/amazing-feature - Open a Pull Request
- Use functional programming paradigms
- Follow TypeScript best practices
- Write comprehensive tests
- Document new features
- ICAO 9303 - Machine Readable Travel Documents
- EIP-712 - Typed structured data hashing
- ZoKrates - ZK-SNARK toolbox
- JMRTD - Java Machine Readable Travel Documents
- Foundry - Ethereum development toolkit
- RainbowKit - Web3 wallet integration
This project is licensed under the MIT License - see the LICENSE file for details.
The Passport Android App component is licensed under Apache License 2.0.
- ZoKrates Team - ZK-SNARK framework
- JMRTD Project - Passport reading library
- OpenZeppelin - Smart contract security
- shadcn/ui - UI component library
- The Ethereum and ZK communities for advancing privacy-preserving technologies
Built with ❤️ for privacy-preserving identity verification
