Aadhaar-Zero
Privacy-Preserving KYC with Zero-Knowledge Proofs
Problem
KYC forces users to overshare PII-banks and apps see full ID scans while fraudsters replay stolen documents. India’s DPDP Act demands consent trails, minimization, erasure, and unlinkable verification, but most stacks still centralize raw Aadhaar/PAN images.
Approach
Aadhaar-Zero issues wallet credentials after AI document + liveness checks, then lets holders generate selective-disclosure proofs (attribute pick-list + QR). Groth16 proves age thresholds without revealing DOB; Poseidon nullifiers and on-chain registries block replay and record consent/revocation. PostgreSQL stores session state; Base Sepolia anchors trust; verifier API runs cryptographic + chain checks before approval.
At a glance
Recognition
CSIC Stage III Shortlist
Organizer
DSCI · CSIC 1.0
Contracts
6 on Base Sepolia
API routes
37+
ZK
Groth16 + BBS+ flow
Tech decisions
Dual ZK: Groth16 age + selective disclosure proofs
Age gates need arithmetic constraints in-circuit; attribute sharing needs a separate proof format for everyday KYC.
On-chain registries over single monolith
Separates issuer trust, verifier trust, nullifiers, consent, and revocation so each policy rule maps to an auditable contract.
Next.js API routes + Prisma
One deployable demo app with typed DB models for credentials, verifications, risk, and audit batches.
Merkle audit batches anchored on-chain
Tamper-evident event log without putting full PII on-chain-only roots and hashes.
AI gate before issuance
Document forensics and liveness reduce fake enrollments before any credential is signed or anchored.