ZKGameVault

Privacy-first blockchain gaming. Verify your age with zero-knowledge proofs without exposing data. Play Starknet games while keeping personal info private.

Comment

Inspiration

Online gaming often requires sharing sensitive personal information—age, location, identity—exposing players to privacy risks and data breaches. Meanwhile, many games have legitimate requirements like age verification for compliance, but existing solutions force users to reveal their actual age or use centralized databases that can be hacked or misused.

We asked: What if players could prove they meet requirements without revealing their private data?

ZKGameVault was born from this vision—combining the transparency of blockchain with the privacy guarantees of zero-knowledge cryptography to create a gaming ecosystem where players control their identity and prove facts about themselves without exposing the underlying data.

What it does

ZKGameVault is a privacy-first blockchain gaming platform built on Starknet that enables:

  1. Privacy-Preserving Identity Creation: Users create on-chain identities with age stored as Pedersen commitments—cryptographically sealed so the actual age is never stored on the blockchain.

  2. Zero-Knowledge Age Verification: When joining age-restricted games, players generate STARK proofs that demonstrate they meet the minimum age requirement (e.g., "I am ≥18") without revealing their actual age.

  3. Cryptographically Signed Proofs: Uses a trusted STARK prover service with ECDSA signatures to generate verifiable proofs that are validated on-chain, ensuring proofs cannot be forged.

  4. Age-Gated On-Chain Games: Fully functional Tic-Tac-Toe game with privacy-gated entry—only players who cryptographically prove they meet the age requirement can join, with all game logic executed on Starknet.

  5. Portable Identity: Users create their identity once and can use it across multiple games and platforms in the Dojo gaming ecosystem.

How we built it

Architecture Stack:

Smart Contracts (Cairo on Starknet):

  • identity_vault.cairo: Manages user identities with Pedersen commitments for age privacy
  • stark_age_verifier.cairo: Verifies STARK proofs with ECDSA signatures on-chain, validates cryptographic commitments
  • tictactoe.cairo: Fully on-chain game with age-gated entry using verification tokens
  • Built with Dojo framework for game state management

Frontend (Next.js + TypeScript):

  • NextJS with starknet-react hooks for wallet connection
  • Client-side proof generation and management
  • Local storage for sensitive data (age, salt) that never leaves the device

STARK Prover Service:

  • Backend API (/api/generate-proof) that generates cryptographic proofs
  • Computes Pedersen commitments and validates age claims
  • Signs proofs with ECDSA private key
  • Returns proof hash + signature for on-chain verification

Zero-Knowledge Flow:

  1. Identity Creation: User inputs age → Frontend generates random salt → Computes age_commitment = pedersen(age, salt) → Stores commitment on-chain
  2. Proof Generation: When joining a game, send private inputs (age, salt) to trusted prover → Prover validates age ≥ minimum_age and commitment integrity → Returns signed proof hash
  3. On-Chain Verification: Contract verifies ECDSA signature using stored prover public key → Validates proof hash → Issues verification token → Grants game access

Challenges we ran into

  1. Cryptographic Complexity: Implementing Pedersen commitments and ECDSA signature verification in Cairo was challenging—required understanding of elliptic curve cryptography and Starknet's primitives.

  2. Proof System Design: Balancing privacy, security, and trust—we chose a trusted prover model with signature verification as a good solution while maintaining age privacy.

  3. Cairo Type System: Navigating Cairo's strict typing and felt252 arithmetic for cryptographic operations required careful handling of hash values and signature components.

  4. State Management: Coordinating between local storage (private data), smart contracts (public commitments), and the prover service (proof generation) while maintaining security guarantees.

  5. User Experience: Making zero-knowledge proofs intuitive—abstracting complex cryptography behind simple "Create Identity" and "Join Game" buttons with clear status feedback.

Accomplishments that we're proud of

End-to-End ZK System: Built a complete zero-knowledge proof pipeline from frontend to smart contracts with real cryptographic verification

On-Chain Signature Verification: Successfully implemented ECDSA signature verification in Cairo to validate trusted proofs on-chain

Privacy Guarantees: Actual age never leaves the user's device or appears on the blockchain—only cryptographic commitments and proofs

Working Game: Fully functional on-chain Tic-Tac-Toe with age-gated access—players must cryptographically prove eligibility to join

Developer Experience: Clean abstractions make it easy to add more games with privacy features—just check for verification tokens

Production-Ready UX: Smooth wallet connection, clear transaction flows, and real-time status updates make complex cryptography feel simple

What we learned

Zero-Knowledge Cryptography: Gained hands-on experience with commitment schemes, proof systems, and selective disclosure—understanding when to reveal information and when to keep it private.

Cairo Smart Contracts: Mastered Cairo's unique features including Pedersen hash primitives, ECDSA signature verification, and Dojo's entity-component system.

Starknet Development: Learned Starknet's transaction model, event systems, and how to build responsive dApps with starknet-react.

Privacy Engineering: Discovered that privacy is about architecture—carefully designing what data lives where and who can access it at each layer of the stack.

Cryptographic Trust Models: Balanced trade-offs between fully trustless ZK-SNARK circuits and pragmatic trusted prover models with cryptographic signatures.

What's next for ZKGameVault

🎮 Expand Game Library: Add more on-chain games (poker, chess, word games) with varying age and reputation requirements

Full Dojo Integration: Deep integration with Dojo's world state for cross-game reputation and achievements with privacy

Additional Identity Attributes: Extend beyond age—prove location (without revealing city), skill level (without revealing exact rank), or reputation (without linking to past games)

Private Leaderboards: ZK-based rankings where players prove their scores without revealing their identity or linking across games

Optimized Proofs: Implement client-side STARK proof generation using WebAssembly for faster, fully trustless verification

Decentralized Prover Network: Replace single trusted prover with a decentralized network using threshold signatures for improved security

Mobile Support: Build React Native app for mobile gaming with biometric-secured local storage

Cross-Chain Bridges: Enable portable ZK identities across multiple blockchains for truly universal gaming profiles

ZKGameVault proves that blockchain gaming can be both transparent and private—where players control their data and prove what they choose, nothing more.

Built With

  • cairo
  • crptography
  • ecdsa
  • nextjs
  • pedersen
  • stark
Share this project:

Updates