zkSNARKs + eMRTDs = 👌

Published in
3 min readJun 13, 2020


At Credentials App, we are combining zkSNARKs (Non-interactive zero-knowledge proofs) with eMRTDs (NFC-enabled passports and national ID cards) to streamline KYC processes that often cause data breaches.

Today, internet users are unable to determine if their information has been or will be monetized. The resulting lack of control, safety, and transparency raises multiple concerns and is a major issue for internet users.

In the future, we might not have to use centralized authorization services to access the Internet such as Twitter, Google or Facebook and instead we will use our self sovereign identity to validate our identity without having to rely on third parties, using a mobile device.

Credentials App is a self-sovereign identity project with a focus on privacy and authenticity. With Credentials App, you can scan your existing passport and national id card that has a contactless RFID chip inside, which is standardised as part of Doc 9303, Machine Readable Travel Documents, by the International Civil Aviation Organization (part of the United Nations).

eMRTD Logical Data Structure (Doc 9303)

The contactless chip contains reliable personal information about you, including your full name, birthdate and nationality. This information has been provided and digitally signed by the issuing country, and will be used for KYC verification by Credentials App. We provide the complex cryptography that is needed to verify the authenticity of information on the chip.

Authority — Passport Issuing Process

Using zero-knowledge proofs, we propose a unique way to obscure sensitive information while verifying your identity. This allows you to have complete control of your personal information without having to reveal it to third parties, thus providing a smart and simple way to verify the authenticity of the identity while preserving privacy.

With zkSNARKs, we have a prover, who is the individual user, and a verifier, who is the third party that needs to verify an individual’s identity. In this case, all the prover needs to show a verifier is the value of X, without showing the actual information. All this requires is a proof of knowledge to verify that the individual is who they claim to be. This is a form of digital fingerprint that can prove an individual’s identity. The validity of the proof lies in using a cryptographic hash function that proves without a doubt that the identity is valid.

Credentials App — Obscuring sensitive information while verifying the authenticity of the identity

Our new approach will solve two challenges: reputation and risk. Risk will be managed directly because people around the world will be able to share anonymized information for health, credit or other services controlling how information is shared allowing to apply an intelligence layer to it. This could also allow for the creation of decentralized reputation models to establish trust in the peer-to-peer economy.

The future of identity will be a return to identity as defined by the web of trust that links all humans. To fully understand where we are going with digital identity, we need to know where we are coming from.

Right now, we’re stuck with a system that forces people to duplicate key processes, and means sensitive personal documents are stored in multiple locations with multiple services. There is now ample evidence of the vulnerability of even the world’s largest data referencing companies. The Equifax data breach in 2017, for example, exposed sensitive personal information belonging to 143 million Americans. However, identity data has more often been exposed in breaches, affecting our social, professional, and financial lives.

We believe that there’s a better way. Every person has a right to an identity that they own and control, one that preserves privacy.

With Credentials App, internet users will no longer need to have sensitive personal documents stored in vulnerable third party silos. We’ll be able to meet regulatory requirements, make life easier for customers, and eliminate the danger of third-party data breaches. KYC can become as easy as ABC.