ZKpass

A secure authentication system that uses Zero-Knowledge Proofs (ZKPs) to verify user identities without revealing sensitive information.

Comment

Inspiration

Traditional logins use email and passwords, but they expose secrets, risk data leaks, and rely heavily on trust in centralized servers. We wanted to build something privacy-first, user-owned, and future-ready. Inspired by Self-Sovereign Identity (SSI) and Zero-Knowledge Proofs (ZKPs), we created ZKPass — a secure login system where users prove their identity without ever revealing their secret.

What it does

ZKPass enables users to log in using a unique identity (UID) without ever sharing a password. Instead, the system uses Zero-Knowledge Proofs to verify that users know their secret (derived from UID) — without revealing it. It ensures:

  • No password storage
  • No identity leaks
  • Blockchain-based UID ownership
  • Fast, trustless, cryptographic login

How we built it

Frontend: React + Tailwind for a sleek UI Backend: Node.js + Express handles ZKP verification ZKP Layer: Groth16 zk-SNARKs (compiled using Circom and SnarkJS) Blockchain: Smart contracts store UIDs on the Polygon Mumbai testnet Integration: The client derives a priKey from the UID and uses it to generate a ZKP proof. The backend verifies the proof using on-chain UID and a precomputed verifying key.

Challenges we ran into

ZKP Complexity: Learning and integrating zk-SNARKs (Groth16) was tough, especially proving/verification circuits. Private Key Derivation: Designing a safe one-way derivation method without storing anything sensitive. Blockchain Integration: Syncing UID verification with the smart contract and keeping gas costs low. Recovery Mechanism: Creating a secure yet user-friendly recovery phrase flow.

Accomplishments that we're proud of

Built a passwordless login system using real cryptography (zk-SNARKs). Achieved login verification under 2ms, even when integrated with blockchain. Stored no secrets on servers, keeping user identity private and self-owned. Designed a scalable modular architecture for future integrations.

What we learned

  • Hands-on experience with zk-SNARKs, Circom circuits, and proof systems.
  • How to structure a secure identity system without relying on centralized databases.
  • The importance of modular architecture when combining frontend, backend, blockchain, and ZKP components.
  • Best practices in privacy-preserving authentication and cryptographic proof generation.

What's next for ZKpass

🔐 Add support for multi-device identity syncing via encrypted keys. 🪪 Integrate with SSI wallets and DIDs (Decentralized Identifiers) ⛓️ Move verification fully on-chain with verifier contracts. 🌐 Support additional use cases like e-voting, private DAO access, and web3 login systems. 📱 Build a mobile-first version with QR-based proof authentication.

Built With

Share this project:

Updates