Zeronym (By Holonym)
  • Introduction
    • Private Credentials
    • The Issue of Regulatory Compliance & Non-Consensual Data Sharing
  • For Developers
    • Start Here
    • Custom Sybil Resistance
    • API Reference
    • Dry runs
    • Sign Protocol Attestations
    • Verax Attestations
    • Off-Chain Proofs
    • Clean Hands
  • For Users
    • How To Use Holonym
    • Using with NEAR
    • User Flow
    • How to Verify ePassport
    • FAQs
  • For Node Operators
    • Run an observer
  • Architecture
    • Overview
    • Flow of Data
    • Flow of Data: KYC Proof of Personhood
    • Where data is(n't) stored
    • VOLE-based ZK
    • On-Chain Proofs
    • Clean Hands
  • How it Works
    • Modularity of the stack
    • Issuer
    • Credentials
    • Hub
Powered by GitBook
On this page
Export as PDF

Last updated 5 hours ago

Zeronym's Proof of Personhood via KYC consists of the following components:

  • User agent (UI)

  • Zeronym server

  • ID verification provider

  • Verifier

The flow of data is outlined in the following sequence diagram. Please refer to notes for detailed explanations for relevant parts.

Notes on handling of user data by IDV Providers

Following data are requested by IDV providers as photo or/and video stream during the verification process.

  • Selfie (photo, video stream)

  • One of the following documents

    • Passport

    • Driver License

    • Identity Card

Currently, following IDV providers are supported.

  • a list of compliances (i.e: GDPR)

  • regarding data

  • ControlCase has issued compliance certificate for ISO 27001

SDK privacy policy seems more relevant for usage for ID verification. Its documentation on privacy is sparse compared to the other 2 providers.

  • In article #2, it mentions that any data sent to its server is encrypted, siloed and is never stored with any additional personally identifiable information (PII).

  • In article #6, it provides detailed info on its compliance to GDPR for EU residents.

Notes on client-side encryption of IDV session result

IDV provider returns the session result to user.

With Silk wallet:

The result is encrypted on client-side using a derivative of the PRF.

With other wallets:

The result is encrypted with key derived with hash(userSignature(aConstantMessage)) to generate ciphertext.

Notes on ciphertext and storage of userCredentials

Only the encrypted ciphertext which is non PII is stored in Zeronym database as below.

Notes on verifier and SBT issuance

Veriff has clearly outlined in its

regarding data collection, retention and deletion

a list of

Onfido has its

a list of

Facetec has two privacy policies ( and )

View to see the data included in user credentials.

The user submits a zero knowledge proof of uniqueness () to the verifier server. The verifier verifies the ZKP, and upon verification, issues a soulbound token to the user. The circuit ID, issuer address, expiry, and actionNullifier, the ZK proof are embedded in the Soul-bound token.

trust center
controls
subprocessors
privacy policy
compliances
collection
processing
security
storage
site
sdk
see the circuit here
PreviousFlow of DataNextWhere data is(n't) stored
  1. Architecture

Flow of Data: KYC Proof of Personhood

// userCredentialsv2
{
  "_id": {
    "$oid": "676d..."
  },
  "holoUserId": "f111...",
  "encryptedGovIdCreds": {
    "ciphertext": "0x...",
    "iv": "0x...",
    "_id": {
      "$oid": "676d..."
    }
  },
  "__v": {
    "$numberInt": "0"
  }
}
Veriff
Onfido
Facetec
Government ID Issuer