Identity Infrastructure Stack

Identity Infrastructure Stack is the foundational layer of the zkMe Protocol. It provides the cryptographic primitives, secure storage mechanisms, and on-chain anchoring systems that ensure user data remains under the user’s exclusive control throughout its entire lifecycle. Every credential issued, every proof generated, and every agent interaction authorized by zkMe ultimately depends on the guarantees provided by these modules.

The design philosophy of this layer follows a strict privacy-by-default principle: raw personal data is never transmitted to any third party. Instead, data is processed locally on the user’s device, encrypted at rest using threshold cryptography, and represented on-chain only as zero-knowledge proofs or cryptographic commitments. Even in regulatory scenarios requiring data recovery, no single party can access the underlying information alone.

How the Modules Fit Together

The Identity Infrastructure modules form a layered stack, each building on the capabilities of the layer below:

1. Chain Layer. The zkMe Identity Chain provides the settlement and persistence foundation for the entire stack. All identity smart contracts are deployed on this chain, all credential state commitments are anchored here, and the Decentralized Storage Provider network manages encrypted credential data persistence. The chain's instant finality and dedicated block space ensure that identity operations are never delayed by unrelated network congestion.

2. Identity Foundation. Self-Sovereign Identity (SSI) defines the trust model and role relationships (Issuer, Holder, Verifier, Regulator). The DID Method provides each participant with a globally unique, on-chain resolvable decentralized identifier (did:zkme).

3. Data Protection. zkVault provides encrypted secrets storage using a combination of TEE-based key hierarchy and threshold encryption (EC-ElGamal). For AI agents, secrets are decrypted only inside hardware enclaves. FHE enables computation on encrypted data, specifically facial feature vectors, allowing privacy-preserving DID creation without ever exposing biometric data in plaintext.

4. Data Acquisition. zkPassport extracts and attests identity data from government-issued ePassports via NFC chip reading and Active Authentication. zkTLS bridges Web2 data sources (bank accounts, credit scores, government portals) by generating zero-knowledge proofs from standard HTTPS sessions.

5. On-Chain Anchoring. Smart Contracts provide the immutable trust anchor, managing credential state (Merkle roots, revocation status), cross-chain relay, and the Mint/Delegate/Verify contract suite deployed across all supported chains.

Module Index

Recommended Reading Order

For readers new to the zkMe Protocol, we recommend reading the Identity Infrastructure modules in the following order:

1. Start with zkMe Identity Chain to understand the blockchain foundation that all other modules depend on.

2. Start with SSI to understand the trust model and role definitions.

3. Read DID Method to understand how identities are represented on-chain.

4. Read zkVault to understand how sensitive data is stored and protected.

5. Read FHE to understand how biometric data is processed without exposure.

6. Read zkPassport and zkTLS to understand how identity data is acquired from real-world sources.

7. Read Smart Contracts to understand the on-chain verification and state management layer.

For readers primarily interested in building on zkMe, you may want to start with the Credential System and Agent Trust Gateway modules, which consume the guarantees provided by this infrastructure layer.

Available as Independent Services

The Identity Infrastructure Stack is available for licensing and deployment by external organizations. Customers can acquire any module independently or license the full stack to build and operate their own identity infrastructure using zkMe's chain layer, cryptographic primitives, and on-chain anchoring systems.