One of the first few ZK-SNARK based On-Chain KYC deployment in Cosmos

Hey Osmosis Community!

We are from Hypersign.id. We specialize in building Zero-Knowledge-based on-chain KYC solutions. With our embeddable widget, users can complete KYC, generate SNARK-based ZK-proofs, and mint Soulbound Tokens (SBTs) directly on the blockchain. This empowers Dapps to stay compliant while ensuring a seamless onboarding experience for verified users.

We developed custom zk-circuits tailored to KYC requirements, supporting passport and government ID documents verification from over 100 countries. Our zk-circuits currently support the following zk proofs: Proof Of Age, Proof Of KYC, Proof Of Membership, Proof Of Personhood. These zk-proofs utilize the Groth16 proving scheme, renowned for its efficiency due to minimal proof size and fast verification times. For the proving curve, we opted for BN128 over BLS12-381, primarily because it produces shorter proofs and incurs lower gas costs during verification in smart contract environments. In our CosmWasm implementation, we leveraged the Bellman crate (wished CosmWasm natively support this crate in future) for proof verification. However, we had to parse and transform the proofs generated by SnarkJS to ensure compatibility with Bellman and CosmWasm. This would probably mark one of the first few smart contracts which verifies zk-snark proofs on CosmWasm contracts.

image1286×1326 72.9 KB

We deployed our on-chain KYC and ZK-based smart contracts on the Osmosis Testnet, but we needed a practical use case to validate the solution. To address this, we partnered with Eiko.zone—a platform providing community-building tools exclusively for Cosmos projects. Together, we introduced the “EIKO Passport,” an integration of our on-chain KYC solution on Osmosis.

With EIKO Passport, users perform a face scan to generate a Proof of Personhood and mint their On-Chain ID on the Osmosis Testnet. In return, they earn Eiko XP, which can later be converted into EIKO tokens. This passport serves two key purposes:

1. Whitelisting users for EIKO token airdrops.
2. Granting exclusive access to premium Eiko communities.

We believe this is an excellent use case and a strong starting point to test our solution. Here’s how it benefits all parties involved:

1. Hypersign.id: Our product gets real-world testing.
2. Eiko.zone: Gains infrastructure for the EIKO Passport.
3. Osmosis: Increases testnet transactions.
4. All three partners: Enhance market visibility.

We invite the community to participate in this campaign and create their own EIKO Passport. It’s simple:

• No ID document is required—just a face scan.
• No mainnet tokens are needed–all you need is Osmosis Testnet tokens.

This is a great opportunity to explore the potential of on-chain KYC and zk-based identities in the Cosmos ecosystem.

Lastly, I want to emphasize our commitment to data privacy. Your On-Chain ID does not contain any personal data, including your face image. Instead, users generate zk-proofs, and only these proofs are sent to the blockchain prior to minting the On-Chain ID. We have also designed the product to be as user-centric as possible (not to be confused with decentralization). We implemented a user-controlled encrypted data vault, where users securely store their data in verifiable credentials format. Access to this vault is protected by the user’s PIN, ensuring full control over their sensitive information.

Our Ask:

1. Community, kindly try our product and give us feedback.
2. Any suggestions on this use case or technology is welcome and we discuss in this forum.
3. Developers, who want to dig deeper, I can give access to Github repo which is currently private.
4. Any other support in terms of marketing efforts, grants would be really helpful. We are actively seeking grants.

What’s Next?

1. Implement all feedbacks we get from this test.
2. We aim to launch this product on Osmosis Mainnet.

Resources:

• Eiko Campaign Link: Eiko
• Hypersign Website: https://www.hypersign.id/
• Hypersign Docs: https://docs.hypersign.id/

Thank you!

Edit: Recorded the demo video last night:

Thanks for the post!

It looks very user-friendly and easy to use. Some questions out of curiousity;

• you state that the user-data is not stored on chain. Where is the data going to ensure you can prove the obtained ID is compliant with the proven age, etc?
• is there also something in place where the user has to proof he/she is the owner of the ID before being able to use it? To avoid abuse of underaged people, etc?
• Will the service involve costs to be made by the users?

Hey, great questions!

1. In the SBT, we store only the type of token, not the actual data. Verifiability comes from ZKP verification done “in the contract,” allowing others to see what proofs were verified. For instance, in this transaction, the user submitted a ZKP (proving KYC completion), verified by this Issuer contract. DApp contracts can confirm that the proof was indeed verified by a trusted Issuer contract.
   However, verifying the ZKP alone is insufficient, as the same proof could be generated from random data. It’s crucial to verify the Issuer and other factors, which we handle in our zk-circuits. The challenges with ZKP in KYC use cases are explained in this document. Additionally, the actual document credential is stored in the user’s vault and can be requested by verifiers if needed outside the blockchain.

2. Yes Ofc, thats where verifiable credential (VC) comes into picture. let me explain, a VC is a signed document by issuer identity (DID). Once VC is sent to a user, and once a verified asks for the credential, the user do not share the VC directly to the verifier, instead they generate something called Verifiable Presentation (VP) which is a signed document (by user identity (DID)) which contains one or more credential (verifier can ask for say, payment reciept as well as ID doc in the same request). So you see users ID also got verified — this is what I was saying that our zk circuites does all of that. so contract only need to verify the zkp!

3. So there are two things you may notice: 1) KYC verification cost: which is borne by service / dapp 2) Token minting cost - basically gas - which user pays.

See, the bigger vision is to make KYC both affordable and reusable. Once verified, it can be used by others at a much lower cost. The KYC business is dominated by monopolies - I had to pay $5k only as integration cost which is obnoxious, and we aim to disrupt that. By bringing this solution to Osmosis, making it an ID hub, enabling all Cosmos chains to use these minted identities across blockchains via IBC—a solved technical problem in Cosmos. What remains unsolved is data management and regulatory compliance, challenges we are committed to addressing.

I hope I answered your question!

Does this also mean that the document will be hashed in some way, making it impossible to change the document along the way? In the end you want a 1:1 relationship between the document in the vault and the issued ZKP, right?

Will this also require some kind of signing? Latest forms of proof that you really are the person owning the ID is in a lot of cases consisting of something you know, something you are (for example something biometrical) and something you have. If all 3 conditions are met it can relatively safely stated that the person is really the one owning the ID.

Don’t get me wrong, I really understand the idea for a decentralized ID service and I think it can certainly serve its purpose. I do however also know that there are a looooot of hurdles to be taken in terms of completeness of data vs privacy legislation and more.