ZKure

The cure for data privacy in healthcare. A decentralized, privacy-preserving identity solution that uses zero-knowledge proofs to securely verify user credentials without revealing sensitive data.

Comment

Inspiration

The idea for ZKure emerged from the increasing need for secure, privacy-preserving solutions in digital identity verification. Inspired by the potential of zero-knowledge proofs (ZKPs) to authenticate information without revealing any underlying data, ZKure aims to address privacy concerns prevalent in sectors like healthcare, finance, and digital identity. Patients are in control of their data, with the assurance that their personal health information is always protected, no matter how or where it’s processed. Healthcare providers can access the insights they need through secure computations and AI-driven analytics, without compromising patient privacy. Innovative AI models can transform the healthcare industry, offering predictive and personalized medical insights while maintaining the highest standards of data.

The project draws inspiration from the rising importance of self-sovereign identity and decentralized identity frameworks. These technologies allow users to own, manage, and share their data without relying on centralized institutions, thereby protecting sensitive information from unnecessary exposure. Additionally, with ZKPs proving beneficial in blockchain systems like Polygon ID and zkEVM solutions, ZKure aspires to implement these technologies for creating a safer verification system for users.

Market Opportunity Analysis for ZKure

1. Total Addressable Market (TAM) The Total Addressable Market represents the overall revenue opportunity available if ZKure were to achieve 100% market share in the healthcare cybersecurity sector.

2. Serviceable Available Market (SAM) The Serviceable Available Market is the segment of the TAM that is targeted by ZKure’s products or services and is within reach based on its business model, geography, and current operational capacity.

  • Market Focus: If we estimate that the data privacy segment within healthcare cybersecurity represents around 30% of the TAM, then the SAM would be approximately $10.38 billion ($34.6 billion x 30%).

3. Serviceable Obtainable Market (SOM) The Serviceable Obtainable Market represents the portion of the SAM that ZKure realistically expects to capture within a defined timeframe, considering factors such as competition, pricing, and market dynamics.

The vision of ZKure is to revolutionize the way healthcare data is handled by creating a privacy-first, secure platform that empowers patients to have full control over their sensitive medical information. By leveraging the power of Fully Homomorphic Encryption (FHE) and Polygon ID, we aim to ensure that medical data can be securely stored, shared, and analyzed without ever being exposed, even during computation.

What it does

ZKure is a privacy-preserving medical data decentralized application (dApp) that enables users to verify specific attributes or credentials without exposing their full identity. For example, users can prove they are of a certain age, hold a valid certification, or possess certain rights without revealing the actual details of their credentials.

ZKcure is a privacy-centric application that leverages advanced cryptographic technology to secure and streamline identity verification in sectors like healthcare and finance. Here’s an overview of its features and functionalities:

Core Features

  1. Decentralized Identity Management
    ZKcure uses Decentralized Identifiers (DIDs) to give users control over their digital identities, moving away from traditional, centralized identity systems. Each user is assigned a unique DID, stored on the blockchain, which they can manage autonomously. This feature empowers users to control and share their personal data selectively, enhancing privacy and security.

  2. Verifiable Credential (VC) Integration
    ZKcure incorporates Verifiable Credentials (VCs) that contain digitally signed proofs of specific claims about a user—such as age, medical eligibility, or membership status. These credentials, issued by trusted organizations like healthcare providers, serve as reliable proof of identity and attributes, without requiring users to share the full scope of their personal data.

  3. Zero-Knowledge Proofs for Privacy-Preserving Verification
    A standout feature of ZKcure is its implementation of Zero-Knowledge Proofs (ZKPs), which allow users to validate certain attributes (e.g., “I am over 18”) without revealing any additional information. This feature is particularly valuable for use cases that involve age verification, eligibility checks, or other sensitive data confirmations, allowing verifiers to trust the validity of claims without gaining access to underlying details.

For ZKure’s vaccination record example, you can design a Zero-Knowledge Proof (ZKP) circuit that verifies whether a user has received a specific vaccine without revealing any further personal details. In this example, the user could prove they have been vaccinated for a specific disease, such as COVID-19, without revealing the date, location, or other vaccination details.

Example: Vaccination Record Verification Circuit in Circom

Here’s how a simple vaccination record verification circuit might look in Circom:

pragma circom 2.0.0;

template VaccinationVerifier {
    signal input vaccineReceived;   // 1 if the user has received the vaccine, 0 otherwise
    signal input requiredVaccine;   // 1 if the specific vaccine is required for verification
    signal output isVaccinated;     // Output signal to indicate vaccination verification

    // Check if the vaccine received matches the required vaccine status
    isVaccinated <== (vaccineReceived == requiredVaccine) ? 1 : 0;
}

// Instantiate the circuit
component main = VaccinationVerifier();

Explanation

  1. Inputs:

    • vaccineReceived: A private input indicating whether the user has received the vaccine (1 if vaccinated, 0 if not).
    • requiredVaccine: A public input specifying whether this particular vaccine is required (e.g., 1 for COVID-19).

  2. Logic:

    • The circuit compares vaccineReceived with requiredVaccine. If they match, isVaccinated outputs 1 (indicating vaccination proof is met).
    • If not, isVaccinated outputs 0.

  3. Output:

    • isVaccinated is a binary output, returning 1 if the user is vaccinated according to the requirement, and 0 otherwise.

Using the Circuit

  1. Compile: Compile the circuit with circom:

    circom VaccinationVerifier.circom --r1cs --wasm --sym --c

  2. Generate Proof: Generate a proof using SnarkJS by specifying the vaccination status:

    const { proof, publicSignals } = await snarkjs.groth16.fullProve(
   { "vaccineReceived": 1, "requiredVaccine": 1 },
   "VaccinationVerifier.wasm",
   "VaccinationVerifier_final.zkey"
);

  3. Verify Proof: The generated proof can be verified by a smart contract or off-chain application, confirming the vaccination status without exposing any additional details about the user’s health or personal records.

Customization and Expansion

For ZKure, this basic circuit could be expanded to handle additional verification requirements, such as:

  • Multiple vaccines or boosters
  • Verification for different types of vaccines (e.g., flu, COVID-19)
  • Additional inputs or signals for data privacy, such as an encrypted user ID or vaccination batch identifier (without revealing it).

This circuit can serve as a secure foundation for building privacy-preserving vaccination verification in ZKure.

  1. User-Friendly Interface
    With a focus on accessibility, ZKcure offers an intuitive interface where users can manage their credentials, verify attributes, and interact with different providers in a few simple steps. The interface ensures ease of use while maintaining the technical sophistication required for secure, privacy-preserving interactions.

Functionality Overview

In practice, ZKcure enables users to carry out secure, trustless interactions with third parties while protecting sensitive information. For instance:

  • Healthcare Verification: A user could present a VC issued by a healthcare provider to verify eligibility for treatment without disclosing their entire medical history. The verifier, perhaps a pharmacy or another provider, can confirm eligibility without learning any personal health information.

  • Financial Services: Users may verify financial credentials, like a credit score or KYC verification, by presenting a VC. ZKure’s zero-knowledge capabilities allow users to validate these credentials while keeping the underlying financial details confidential.

  • Age Verification: By utilizing a VC that certifies the user’s age, ZKcure allows users to prove they meet age requirements (such as being over 18) without showing their exact date of birth, ensuring compliance with age-based regulations while maintaining privacy.

Security and Privacy Advantages

ZKcure’s use of DIDs, VCs, and ZKPs ensures that identity verification is both secure and privacy-preserving. By decentralizing identity management and minimizing data exposure, ZKcure reduces the risks of data breaches and unauthorized access, making it an ideal solution for sectors with stringent data privacy requirements.

Overall, ZKcure is a robust application that combines cutting-edge cryptographic techniques with a user-centric approach to enable secure, efficient, and private interactions across various sectors.

ZKure uses verifiable credentials (VCs) backed by zero-knowledge proofs to accomplish this. It leverages a verifier component that checks if the user meets the specified requirements (e.g., age verification) and grants them access to the application’s gated features if the criteria are met. This selective disclosure helps protect user privacy and ensures compliance with required standards.

Privacy-Preserving Computation:

  • ZKure enables processing of encrypted health data, such as lab results, medical images, or prescriptions, directly on Polygon ID canisters without exposing the data to third parties.
  • The platform uses FHE to ensure that even during computations (like analytics or machine learning models), data remains encrypted.

Secure Medical Records Storage:

  • Patient records are stored in Polygon ID canisters in encrypted form, with no direct access to plaintext data by anyone except the authorized user.
  • Patients and healthcare providers can securely share encrypted medical data through the platform, while the system ensures privacy at every stage.

AI-Assisted Health Analytics:

  • The platform integrates AI models for medical analysis (e.g., disease prediction, risk assessments) that can run on encrypted data using FHE.
  • These AI models can process the data while it remains encrypted, ensuring privacy throughout the process.

How we built it

ZKure was developed using a combination of blockchain technology, zero-knowledge proof frameworks, and smart contracts.

Verifiable Credential (VC) Schemas and Smart Contract Integration: To facilitate private access control, we created specific Verifiable Credential (VC) schemas tailored for sensitive data, including the VaccinationRecordCredential, COVIDTestResultCredential, AllergyConditionCredential, and others. Each credential type has a unique schema hash, derived by hashing the schema’s URL, ensuring that the data format remains verifiable and standardized. For instance, the VaccinationRecordCredential uses a JSON-LD context hosted on GitHub, while its schema hash is generated using Keccak256. This process helps maintain data integrity and enables secure, privacy-preserving authentication.

Backend Architecture and Circuit-Based Credential Validation: Our backend, powered by Node.js, leverages Polygon ID’s VC gate for access control, using credentialAtomicQuerySigV2 circuits for each credential. Each credential query specifies allowed issuers and credential types, ensuring flexibility in credential issuance. The backend processes incoming requests, verifying the authenticity of the VC data against the allowed schemas and issuers. This approach is both extensible and secure, allowing us to support multiple types of sensitive information, from health records to government-issued ID verification.

Frontend Implementation and UI/UX Design: Built using Next.js and styled with Chakra UI, the frontend offers a seamless experience for both users and credential issuers. The interface guides users through the process of VC issuance and verification, with a streamlined design that incorporates customizable components and icons. We implemented a RainbowKit wallet connector for Ethereum-based networks, allowing users to link their wallets easily, while leveraging Polygon zkEVM and Cardano testnets for flexibility. Access control is enforced through a QR-code-based verification, which users can scan with the Polygon ID mobile app.

Zero-Knowledge Proofs for Enhanced Privacy: To ensure data privacy, we use zero-knowledge proofs (ZKPs) for credential validation without exposing the user’s underlying data. For example, users can verify their age or vaccination status without revealing specific details, like birthdate or vaccine type. This ZKP-enabled approach is especially beneficial for sensitive use cases, allowing data holders to verify claims securely while minimizing data exposure.

Server Setup and Local Development: The server is configured to run on localhost:8080, interfacing with the frontend on localhost:3000. We used the repository template from Polygon ID’s VC gated Dapp, which provided a foundational setup for integrating VCs and smart contracts. Instructions for KYCAgeCredential issuance and server configuration were followed to set up credential verification. With Node.js (v20.2.0) as a prerequisite, we ensured compatibility and a smooth deployment pipeline.

Smart Contract Interaction and Testing: To demonstrate VC-gated access to smart contracts, we implemented both read and write functionalities on a Polygon zkEVM Testnet smart contract. This demo setup enables authorized users to interact with decentralized applications (dApps) directly after successful credential verification. Using wagmi hooks, we enabled secure contract interactions, further expanding ZKURE's functionality and utility in real-world scenarios.

''' // 1. VaccinationRecordCredential // This credential verifies that an individual has received a specific vaccination, such as COVID-19 or influenza. // It can be used to confirm immunization status for travel, work, or healthcare access.

VaccinationRecordCredential: (credentialSubject) => ({ id: 1, circuitId: 'credentialAtomicQuerySigV2', query: { allowedIssuers: ['*'], type: 'VaccinationRecordCredential', context: 'https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/vaccination-record.jsonld', credentialSubject, }, }),

// 2. COVIDTestResultCredential // This credential validates the COVID-19 test result of an individual, showing the test type, result, and date. // Useful for travel, event attendance, or workplace safety compliance. COVIDTestResultCredential: (credentialSubject) => ({ id: 2, circuitId: 'credentialAtomicQuerySigV2', query: { allowedIssuers: ['*'], type: 'COVIDTestResultCredential', context: 'https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/covid-test-result.jsonld', credentialSubject, }, }),

// 3. AllergyConditionCredential // This credential stores information on allergies, such as food or medication allergies, to ensure safe medical treatment. // Often required in healthcare settings to prevent adverse reactions. AllergyConditionCredential: (credentialSubject) => ({ id: 3, circuitId: 'credentialAtomicQuerySigV2', query: { allowedIssuers: ['*'], type: 'AllergyConditionCredential', context: 'https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/allergy-condition.jsonld', credentialSubject, }, }),

// 4. GovernmentIDVerificationCredential // This credential verifies the identity of an individual using government-issued ID, like a passport or driver’s license. // Essential for identity proofing in various official and private sector applications. GovernmentIDVerificationCredential: (credentialSubject) => ({ id: 4, circuitId: 'credentialAtomicQuerySigV2', query: { allowedIssuers: ['*'], type: 'GovernmentIDVerificationCredential', context: 'https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/government-id-verification.jsonld', credentialSubject, }, }), '''

Key components include:

  • Frontend: Built with React, the frontend interface integrates with a wallet connector (such as RainbowKit) for user authentication and uses a responsive design for an intuitive user experience.
  • Backend and Verification Server: A server verifies credentials against ZK-based criteria using cryptographic libraries for zero-knowledge proofs, with Polygon ID integrated as the primary verification tool.
  • Blockchain Integration: Leveraging Polygon zkEVM for secure smart contract deployment and credential verification. We wrote and deployed a smart contract for ZKure that accepts cryptographic proofs and checks the validity of user credentials.
  • API and Credential Issuance: ZKure uses the Polygon ID API to issue, store, and verify user credentials, allowing for decentralized data management and secure access control.

Challenges we ran into

Building ZKure came with several challenges:

Understanding and Implementing ZKPs: Zero-knowledge proofs are complex cryptographic systems. It was challenging to ensure ZKPs' accuracy, especially in integrating them with the existing smart contract logic and handling edge cases. Smart Contract Deployment: Deploying smart contracts on Polygon zkEVM presented its own challenges, particularly regarding gas optimization and contract compatibility. Verification Server Setup: Creating a verification server that could interact smoothly with the blockchain and support zero-knowledge proof verification was a technically demanding task. We faced issues with integrating verifiable credentials and ensuring that the server could validate these without compromising privacy. User Experience and Accessibility: Ensuring an intuitive user interface that clearly conveyed the privacy benefits of ZKPs without overwhelming users with technical jargon was a fine balance. Testing and refining the interface for usability and accessibility were essential but time-consuming steps.

Accomplishments that we're proud of

The ZKure team is particularly proud of:

Successful ZKP Integration: Achieving a fully functional zero-knowledge proof-based verification system was a significant milestone, allowing us to securely validate user credentials. User-Centric Design: We created a straightforward interface that educates users on ZKPs and the importance of data privacy while providing a seamless experience. End-to-End Decentralization: By utilizing verifiable credentials and zero-knowledge proofs, we enabled a privacy-preserving, decentralized solution that emphasizes user control over their data. Efficient Contract Deployment on Polygon zkEVM: We optimized our smart contracts to minimize gas fees and improve efficiency, a critical consideration for user adoption in the real world.

What we learned

Working on ZKure provided us with valuable insights into:

The Complexity of Zero-Knowledge Proofs: Implementing ZKPs required in-depth knowledge of cryptography and highlighted the importance of modular code design. Smart Contract Optimization: Deploying contracts on Polygon’s zkEVM chain taught us to balance security, efficiency, and scalability. User Education on Privacy: Many users are unfamiliar with ZKPs and verifiable credentials, so clear communication and UI design are essential for adoption. This experience emphasized the importance of user education in deploying privacy-focused solutions. The Power of Decentralization: Through this project, we experienced first-hand the benefits of decentralized identity verification, strengthening our belief in the future potential of decentralized, privacy-preserving technologies.

What's next for ZKure

The next steps for ZKure include:

Expanding Verifiable Credential Types: Currently, ZKure supports a limited set of verifiable credentials. We aim to expand this to include credentials relevant to multiple sectors, such as healthcare, education, and finance. Integrating with More Blockchains: While ZKure is currently built on Polygon zkEVM, we plan to integrate with other blockchains that support zk-proof technology, such as zkSync, to increase interoperability. Improving User Accessibility: Simplifying the user onboarding process, possibly through social logins or decentralized identity standards, to make the app more accessible to non-technical users. Enhancing Security and Auditing: Conducting a full security audit to ensure ZKure’s robustness, followed by implementing enhanced encryption standards and more secure verification protocols. Exploring Cross-Platform Verification: Expanding ZKure’s verification services to other dApps, thereby allowing users to use their ZKure credentials across multiple platforms without re-verification.

Milestones:

Milestone 1: Initial Platform Development (Weeks 1-3)

  • Objective: Set up the foundation for the ZKure platform, including basic infrastructure for secure data handling.
  • Deliverables:
  • Development of core Polygon ID canisters that will handle encrypted data storage and transmission.
  • Basic user interface allowing users to upload encrypted health data.
  • Implementation of client-side encryption and decryption functionalities using an FHE library (e.g., Microsoft SEAL or HELib).

Milestone 2: FHE Integration and Encrypted Computation (Weeks 4-6)

  • Objective: Integrate Fully Homomorphic Encryption into the platform and enable encrypted computations within the Polygon ID canisters.
  • Deliverables:
  • Implementation of encrypted data processing functions, allowing computations (e.g., addition, multiplication) on ciphertext data.
  • Initial deployment of AI models (e.g., for medical analytics) on the encrypted data stored within canisters.
  • Encryption of the computation results, which will be sent back to the user for decryption.

Milestone 3: Secure Medical Data Sharing (Weeks 7-9)

  • Objective: Enable secure data sharing between patients and healthcare providers using FHE on Polygon ID.
  • Deliverables:
  • Feature allowing patients to share encrypted medical records with healthcare providers securely through Polygon ID.
  • Implementation of role-based access control (RBAC), where patients can grant limited access to specific encrypted data.
  • Automated key management for users, ensuring easy access and sharing of encryption keys between authorized parties.

Milestone 4: AI-Assisted Health Analytics on Encrypted Data (Weeks 10-12)

  • Objective: Implement AI models for health analytics that operate directly on encrypted medical data.
  • Deliverables:
  • Deployment of trained AI models (e.g., for disease prediction or patient risk scoring) that can perform analytics on encrypted patient data.
  • Optimization of FHE-based AI computation for efficiency, minimizing computational overhead and latency.
  • Testing and validation of AI results, ensuring the accuracy of the model’s predictions post-decryption.

Milestone 5: User Testing, Security Audits, and Optimization (Weeks 13-15)

  • Objective: Conduct user testing and third-party security audits to ensure the platform’s robustness, security, and usability.
  • Deliverables:
  • Completion of user acceptance testing (UAT) with a small group of patients and healthcare providers to gather feedback.
  • Independent security audit of FHE implementation to ensure no vulnerabilities exist in data encryption, computation, or sharing.
  • Optimizations to UI/UX and canister performance based on user feedback and audit findings.

Milestone 6: Full Platform Launch (Weeks 16-18)

  • Objective: Launch the ZKure platform to the public, ensuring full functionality and privacy-preserving features.
  • Deliverables:
  • Public release of the platform with all features, including secure data sharing, encrypted computations, and AI-assisted analytics.
  • Final deployment on Polygon ID with documentation and support for users and healthcare providers.
  • Marketing and outreach campaign targeting healthcare institutions and privacy-conscious users.

Built With

Share this project:

Updates