| Component | What It Does | Key Technology | Learn More |
|---|---|---|---|
| zkMe Identity Chain | Purpose-built L1 for identity settlement and credential state anchoring | CometBFT PoS, EVMOS EVM, Decentralized Storage Providers | Identity Chain → |
| Self-Sovereign Identity | Defines the trust model and role relationships (Credential Issuer, ZKP Issuer, Holder, Verifier, Regulator). Provides the SSI Wallet (zkMe App) for credential custody and on-device ZKP generation. | W3C VC, MPC key management, OCR, facial recognition | SSI → |
| DID Method | On-chain registry for did:zkme decentralized identifiers. Enables creation, resolution, update, and deletion of DIDs linked to EVM addresses. | did:zkme specification, Solidity smart contract | DID Method → |
| zkVault | Encrypted secrets storage combining TEE-based key hierarchy with threshold encryption. For agents, secrets are decrypted only inside hardware enclaves. For regulatory compliance, threshold encryption ensures no single party can access raw data alone. | AES-256-GCM, EC-ElGamal threshold encryption, TEE (Intel SGX / AMD SEV), Shamir’s Secret Sharing, IPFS | zkVault → |
| FHE | Fully Homomorphic Encryption enabling computation on encrypted facial feature vectors. Powers the Face-to-DID creation process where biometric data is never exposed in plaintext. | CKKS scheme (Cheon-Kim-Kim-Song) | FHE → |
| zkPassport | Privacy-preserving ePassport verification. Reads NFC chip data, performs Active Authentication, and generates ZKPs from ICAO 9303 passport data without exposing the raw document. | NFC, ICAO 9303, Active Authentication, zk-SNARKs | zkPassport → |
| zkTLS | Bridges Web2 data sources (bank accounts, credit scores, government portals) by generating zero-knowledge proofs from standard HTTPS sessions. Enables trustless attestation of off-chain data. | TLS 1.2/1.3, MPC-based session splitting, zk-SNARKs | zkTLS → |
| Smart Contracts | On-chain contract suite managing credential state (Merkle roots, revocation), cross-chain relay, and the Mint/Delegate/Verify/Certify lifecycle. Deployed across all supported chains. | Solidity, SBT, cross-chain relay | Smart Contracts → |
| Component | What It Does | Key Technology | Learn More |
|---|---|---|---|
| Core Concepts | System architecture (4-layer model), credential data model (W3C VC, JSON-LD), Claim Tree and Merkle commitment model, complete credential lifecycle (issuance, verification, revocation, expiration), and cryptographic assumptions. | W3C VC, Sparse Merkle Tree, Poseidon hash, Baby JubJub curve | Core Concepts → |
| Selective Disclosure | Fine-grained privacy control allowing Holders to reveal only specific credential fields. Supports 14 query operators including range matching, set membership, and field extraction. Gas-optimized on-chain verification via circuitQueryHash compression. | ZK Query Language, SD operator, circuitQueryHash | Selective Disclosure → |
| Multi-Credential Proofs & Delegation | Batch verification of up to 10 queries across multiple credentials in a single proof. Cross-chain identity portability via Delegated Proofs bound to secondary addresses or AI agent DIDs. | LinkedMultiQuery10, Delegate SC, Soulbound Token | Multi-Credential Proofs & Delegation → |
| Anti-Sybil Mechanisms | Nullifier-based uniqueness enforcement for "one person, one action" guarantees. Unified authentication supporting both BabyJubJub keys and standard Ethereum wallet signatures. Unified SIG/MTP circuit. | Nullifier, unified authentication, Groth16 zk-SNARK | Anti-Sybil Mechanisms → |
| Reusable Credentials | “Verify Once, Prove Anywhere” paradigm. Cross-chain credential portability via Delegate smart contracts. Context-specific proof generation prevents replay. | Delegate SC, cross-chain relay, nonce-bound proofs | Reusable Credentials → |
| Agent-Ready Credentials | Credentials optimized for AI agent consumption. Cryptographic delegation protocol, machine-readable JSON-LD schemas for LLM parsing, and automated proof generation. | Constrained proxy credentials, JSON-LD, Agent Trust Gateway | Agent-Ready Credentials → |
| Component | What It Does | Key Technology | Learn More |
|---|---|---|---|
| Gateway Overview | Authorization and policy enforcement layer for AI agents. TEE Enclave for confidential execution, Policy Engine for user-defined constraints, Credential Verifier for on-chain validation, Protocol Adapters for ecosystem integration. | TEE (Intel SGX / AMD SEV), Remote Attestation | Gateway Overview → |
| Agent Session Flow | The complete 8-step session lifecycle: Initiation → TEE Ingress → Credential Verification → Policy Evaluation → Human-in-the-Loop → Context Provisioning → Execution Proxy → Audit Logging. | PASETO v4, OAuth2/PKCE, append-only audit ledger | Session Flow → |
| Supported Protocols | Native adapters for MCP (AI agent communication), APF/x402 (agent payments), W3C VC/DID, ERC-8004 (agent reputation), OIDC4VP (Web2 bridge), zkTLS, and PASETO. | MCP, x402, ERC-8004, OIDC4VP, PASETO | Protocols → |
| Tool | Description | Documentation |
|---|---|---|
| zkMe Widget / SDK | JavaScript SDK for embedding credential verification into web applications. Desktop browser component with mobile QR code support. | JS SDK → |
| Mobile SDK | Native mobile SDK for iOS and Android integration. | Mobile SDK → |
| zkMe Dashboard | Management interface for Verifiers to configure verification profiles, define eligibility rules, and access analytics. | Dashboard → |
| zkMe API | RESTful API for programmatic access to KYC and KYT verification, user management, risk assessment, and transaction analysis. | API Reference → |