Revolutionizing KYC in Web 3: A Deep Dive into zCloak’s zk-SBT

zCloak Network
6 min readJul 21, 2023



In Web 3, we need to rethink the way we do KYC (Know Your Customer). How can we balance the crucial need to verify user identity attributes while preserving their privacy? How can we empower individuals to gain sovereign control over their data? At zCloak Network, we have been working hard to solve these problems. Now we’re excited to introduce zk-SBT, our groundbreaking solution that redefines KYC for Web3.

The Problem

Consider an example where Alice wants to participate in a blockchain-based game that requires age verification. If the gaming platform needs to verify Alice’s age independently, they would need to process Alice’s identity documents and potentially even biometric data. These operations are complex, subject to strict regulations such as GDPR, and can also incur high costs. This is not in the interest of the gaming platform, whose primary business is gaming, not identity verification. This process is also burdensome for Alice, as she would need to repeat it each time she accesses a service requiring some form of identity verification. Furthermore, the risk of identity data leakage increases with the number of identity checks performed.

We might wonder if there is a better solution, where Alice can complete the KYC process just once and use it across various platforms, and where service providers can focus on their core business without worrying about implementing an identity verification solution and managing user data. Let’s explore zCloak Network’s solution.

The zCloak Network KYC Solution

User-Controlled Data: In zCloak Network’s zk-SBT solution, Alice’s data is not stored in the databases of each service provider. Instead, it resides in her own devices, giving her full control over her personal information. When a service requires identity verification, Alice doesn’t need to share her raw data. Instead, she uses her previously verified data, stored as a Verifiable Credential(VC), which has been authenticated by a trusted entity. This approach ensures Alice’s control over her data while meeting the verification needs of the service provider.

Off-Chain VC and On-Chain zk-SBTs: For privacy protection, the VC, which contains Alice’s verified data, is stored off-chain, specifically on Alice’s device. When Alice needs to prove a certain attribute of her identity, a zk-SBT is generated from the VC. This zk-SBT, stored on-chain, serves as tamper-proof and traceable evidence of the KYC result, without revealing the sensitive data contained in the VC.

User-Side Computation for Various Identity Checks: The zk-SBT solution allows for user-side computation to meet various identity verification requirements, such as age, nationality, or income level. This means that Alice’s VC can be reused for different identity checks, each time generating a new zk-SBT. This process “cloaks” Alice’s data, adding an extra layer of privacy protection, as the service provider can verify Alice’s attributes without accessing her raw data.

Stage 1: KYC Verification and VC Issuance

In the first stage, we embark on the KYC verification process, where a trusted entity verifies the user’s identity and issues a Verifiable Credential (VC).

The platform would act as a trusted entity, verifying Alice’s identity using various methods such as document verification, biometric authentication, and other identity verification techniques.

Upon successful completion of the KYC verification, the trusted entity generates a VC for Alice. This VC contains essential identity information, including Alice’s name, age, nationality, and address. To facilitate selective disclosure of specific attributes during subsequent computations, the VC incorporates a built-in Merkle tree data structure. This design allows for efficient and secure disclosure of only the necessary information, without compromising the confidentiality of the entire credential.

Stage 2: ZKP Computation

In the second stage, Alice’s VC serves as input for Zero-Knowledge Proof (ZKP) computation. This process is tailored to verify a specific attribute of Alice, such as her age. The computation takes place within a zk-STARK VM in the user wallet using a WASM implementation of the Polygon Miden VM prover logic. This proves that Alice is old enough to participate in the gaming platform without revealing her exact age.

The Miden VM utilizes advanced cryptographic techniques, such as polynomial commitments and evaluation protocols, to perform secure computations. These techniques ensure that the computations are performed correctly and securely without leaking any private information. The input data from the VC serves as the secret input to the ZK computation and is hidden from the outside world throughout the complete process.

At the heart of the ZKP computation is the zk-Program. The zk-Program defines the logic and rules for the computation and specifies the desired attribute to be proven. It takes the input data from the VC, applies the necessary computations and transformations, and produces an output that represents the attributes of user data, e.g. Income higher than 10,000 USD.

The output of the ZK computation is accompanied by a STARK proof. The verifier takes the computation output, a ZK proof and the ZK program for the final verification process. If everything matches, the proof verifier will generate a “pass” result.

Stage 3: zk-SBT Creation

Upon successful ZKP computation and verification, Alice proceeds to create a zk-SBT on-chain. This involves generating a unique token that links back to the ZKP computation result and associating it with Alice’s on-chain address. Cryptographic techniques, including hashing and digital signatures, are employed to achieve this association.

The zk-SBT itself does not contain any sensitive personal data. Instead, it acts as a reference to the ZKP computation result, providing verifiable evidence of the proven attribute. For example, instead of saying Alice is 28 and from Thailand, the zk-SBT says she is an adult from Asia. By linking the zk-SBT to Alice’s identifier, it becomes a tamper-proof representation of the verified attributes of Alice stored on the blockchain.

The zk-SBT is stored on the blockchain, making it transparent and immutable. Other participants in the network can verify the authenticity and correctness of the zk-SBT by validating the associated ZKP computation and Alice’s identity. This ensures trust and reliability in the KYC process, as the zk-SBT provides a secure and tamper-proof representation of the verified attribute.

Stage 4: Use of zk-SBT

The final stage involves the use of Alice’s zk-SBT for other Dapps. A third party Dapp can verify Alice’s identity attributes as well as the authenticity of the underlying VC without the need for access to her raw data. The verification takes place on-chain, while the linked VC remains securely hidden off-chain.

The zCloak Network team has prepared example smart contracts for the use of the zk-SBT data. Any third-party Dapp can reuse these contracts to add user identity check logic to their existing product. The idea was to introduce as few changes to existing smart contracts as possible. So without any major modification, a DApp can now use user identity data to provide an enhanced user experience.

Advantages of zk-SBT in KYC Scenarios

The use of zk-SBT offers several significant advantages in a KYC scenario:

  1. Privacy-Preservation: zk-SBT leverages ZKP to maintain privacy. A zk-SBT represents a ZKP of user assertions based on their VC, eliminating the need to reveal sensitive data. For instance, Alice was able to prove she was of legal age to use the gaming platform without disclosing her exact age, promoting privacy in blockchain interactions.
  2. Decentralization and Trustlessness: zk-SBT embodies Web 3’s principles of decentralization and trustlessness. Unlike traditional KYC processes that require trust in a central authority, zk-SBT shifts trust to mathematical proofs. Alice maintained control over her data, and verification confirmed proof of authenticity without needing to access her data.
  3. Efficiency: The use of Miden VM for computation enhances zk-SBT’s efficiency. This technology supports fast, secure, and scalable computation and verification, even with large data volumes or user numbers. The elimination of the need for a trusted setup and the streamlined process of minting and verifying zk-SBTs make the KYC process more efficient and robust.
  4. Reusability: zk-SBT offers notable reusability. Traditional KYC processes often involve repeated verification steps across different platforms. zk-SBT eliminates this redundancy. Alice’s minted zk-SBT can be reused across platforms and services, adhering to the “do it once, use it everywhere” principle. This reusability saves time and resources, enhancing the user experience.

In conclusion, zk-SBT is transforming the KYC landscape in the Web 3 era, leveraging ZKPs and zk-STARK VM to uphold privacy, decentralization, and trustlessness. Its unique reusability feature eliminates redundancy, boosting efficiency and user experience. zk-SBT is currently under testing and has been deployed on optimismGoerli, baseGoerli, and Linea testnets (access the event here). We’re excited about its upcoming official mainnet deployment in August. For the latest updates, please stay connected with our social media channels.



zCloak Network

zCloak Network is a Real-World Identity (RWI) infrastructure for Web3. Website:; Product: