Prove identity claims without revealing underlying personal data.
Zero-Knowledge Proofs (ZKP) allow users to prove specific claims about their identity — such as “I am over 18” or “I passed AML screening” — without disclosing any underlying personal data. The verifier learns nothing except that the claim is true.
ZKPs are the most privacy-preserving verification method available. No name, date of birth, document, or address is ever revealed to the verifier.
A user completes identity verification and their session is approved.
2
Proof generation
You request a ZK proof for specific claims. Verilock generates a cryptographic commitment from the verified session data, without exposing the raw data.
3
User receives proof
The user receives a compact proof token that they can share with any third party.
4
Trustless verification
The verifier submits the proof token to Verilock. The system confirms the proof is valid and the claim is true — without revealing any personal data.
If the claim cannot be satisfied (e.g., user is 17 and you request age_over: 18), the API returns a 422 error. No proof is generated and no data is leaked about why the claim failed.
1. Age Verification Without PII (Gaming / Alcohol / Cannabis)
An online gaming platform needs to verify players are over 18 to comply with regulations, but doesn’t want to collect or store personal data.
// Game platform: Verify age proof at registrationconst result = await platform.zkp.verify({ proof_token: playerProvidedToken,});if (result.valid && result.result === true) { // Player is verified as over 18 // Zero personal data collected or stored // No GDPR data subject access requests to handle createPlayerAccount();}
Compliance benefit: No PII stored means no data breach risk, no GDPR Article 15 (access) or Article 17 (erasure) obligations for age data.
A DeFi protocol needs to verify users are not sanctioned without collecting identity data (preserving pseudonymity while meeting compliance).
# DeFi protocol: Check AML status without collecting identityresult = client.zkp.verify(proof_token=user_proof)if result["valid"] and result["claim_type"] == "aml_clear" and result["result"]: # User has passed AML screening # Protocol knows nothing about the user's identity # Compliant with OFAC while preserving privacy allow_protocol_access(wallet_address)
Impact: Bridges the gap between regulatory compliance and crypto privacy. Users prove compliance without doxxing themselves.
An employer needs to verify a candidate has the right to work in a country, without collecting passport or visa copies during the application stage.
// HR system: Verify right to workconst proof = await hr.zkp.verify({ proof_token: candidateProof,});if (proof.valid && proof.claim_type === 'nationality_is') { // Candidate confirmed as national of the required country // No passport copy collected during application // Physical documents only needed at contract signing moveToNextStage(candidate);}
A lending platform needs to verify identity without building a full profile. The user proves specific facts needed for the credit decision.
# Generate multiple proofs from one sessionage_proof = client.zkp.prove( session_id=session_id, claim_type="age_over", claim_value=18,)identity_proof = client.zkp.prove( session_id=session_id, claim_type="identity_verified", claim_value=True,)aml_proof = client.zkp.prove( session_id=session_id, claim_type="aml_clear", claim_value=True,)# User shares all three proofs with the lender# Lender verifies each independently# Result: identity confirmed, age confirmed, AML clear# No name, DOB, address, or document data shared
A conference organizer needs to verify attendees have been identity-verified (for security) without collecting their personal data.
// Conference check-in: Scan QR code containing proof tokenconst result = await venue.zkp.verify({ proof_token: scannedToken,});if (result.valid && result.claim_type === 'identity_verified' && result.result) { // Attendee has a verified identity -- allow entry // No name or photo collected at the door openGate();}
A financial service needs to confirm a user resides in the EU for MiCA compliance, without collecting their full address.
proof = client.zkp.prove( session_id=session_id, claim_type="residency_country", claim_value="FR", # Or any EU country code)# Verifier checksresult = client.zkp.verify(proof_token=proof["proof_token"])if result["valid"] and result["result"]: # User confirmed as resident of France # No address, no utility bill, no data stored enable_eu_services()
For maximum flexibility, issue a Verifiable Credential first, then generate ZK proofs from it:
// Step 1: Issue a full credential after KYCconst vc = await verilock.credentials.issue({ session_id: session.id, credential_type: 'IdentityCredential', claims: ['full_name', 'date_of_birth', 'nationality', 'aml_clear'],});// Step 2: User generates ZKP proofs for specific claimsconst ageProof = await verilock.zkp.prove({ session_id: session.id, claim_type: 'age_over', claim_value: 18,});// User now has:// - A full VC for services that need identity data (banks, regulated platforms)// - A ZK proof for services that only need age verification (e-commerce, gaming)
