Tech stack overview
In this section, I'll guide everyone through learning and understanding the overall technology stack architecture of zCloak. In the current design, we divide the overall architecture into four parts: the Identity Layer, the Storage Layer, the Computation Layer, and the Proof Layer. The relationship between these four layers is shown in Figure 1 below:
Identity Layer
Let's delve into the first layer of the zCloak technology stack architecture - the Identity Layer. Our design intention is to build a personal privacy ecosystem in the Web3 world, enabling users to control their own data (referred to as self-carrying data). We aim to transform the usage scenarios of data into a transfer of trust, making the data usage process secure and reliable. Therefore, in choosing the technology stack for the Identity Layer, we have adopted concepts under the W3C standards, such as DID and VC.
DID, or Decentralized Identifier, can be understood as a unique identification ID for a device or an individual. VC, or Verifiable Credential, can be simply perceived as a card containing information, which is verified and endorsed, hence the term 'verifiable digital credential'. VP, or Verifiable Presentation, is a form of aggregating VCs for presentation and proving their correctness to others.
With a fixed identity identifier and a carrier for information, a communication channel is also needed, namely the message point-to-point encryption system. We utilize the KeyAgreement Key from DID to encrypt and decrypt the transmitted VC, ensuring that only the sender and receiver are privy to the specifics of the message; this point-to-point encrypted channel ensures the privacy and security of the communication.
Storage Layer
The second layer of the zCloak technology stack is the Storage Layer. Considering the need for backup of data related to the DID and VC systems to facilitate on-chain and off-chain indexing and queries, we have designed a storage architecture that combines the VDR (Verifiable Data Registry) structure from the W3C framework with Web3 scenarios. This design bifurcates storage into on-chain and off-chain components.
For the off-chain part, we have a database that acts as a caching layer. In tandem, we use Arweave for on-chain perpetual storage. The components involved in storage include ctype (Credential Type Structure), which allows users to freely create their own credentials. Additionally, the correspondence between DID and DID documents, as well as message data (point-to-point encrypted messages), are also stored.
This dual-layered storage approach ensures that essential data related to digital identities and credentials are securely backed up and easily accessible, both on-chain and off-chain, thereby enhancing the robustness and efficiency of the system.
Computation Layer
The third layer of the zCloak technology stack is the Computation Layer. Given the importance of securely using personal privacy data, we have adopted zero-knowledge proof computation as the method to ensure the security of data use. Specifically, for the ZK (Zero-Knowledge) VM (Virtual Machine), we utilize Polygon Miden, which is based on the STARK algorithm, along with the corresponding ZK programs.
In our design, the computation process related to ZK, including the generation of ZK Proofs, is centered around parameters selected from necessary fields within the VC (Verifiable Credentials). All these computations are carried out locally in the user's zkID-Wallet. This approach ensures that sensitive computations related to user privacy are processed in a secure and decentralized manner, right at the user level. By leveraging ZK proofs, we can validate data without exposing the underlying information, thus maintaining the user's privacy and data integrity.
Proof Layer
The fourth and final layer of the zCloak technology stack is the Proof Layer. In the previous Computation Layer, we have already obtained the ZK (Zero-Knowledge) Proofs through zero-knowledge proof computation. The design of this layer aims to create a closed loop for user operations, effectively utilizing the results of ZK Proofs.
In the Proof Layer, we use a zk-verifier program to validate the ZK Proofs. Following this validation, based on the outcomes, zkSBT (Zero-Knowledge Soulbound Tokens) are minted. These zkSBTs can then be used for various threshold operations by checking for the existence of such tokens.
An important aspect of this process is that users, through local computations, link the generated zkSBT with their VC (Verifiable Credentials). This is done without revealing specific details contained within the VC. Instead, they leverage zero-knowledge proof computation to demonstrate that their data meets certain conditions. This mechanism ensures that while user data compliance is verifiable, the privacy of the actual data remains intact.
Overall, this layer plays a crucial role in operationalizing the privacy and security features of the zCloak system, enabling users to interact in the Web3 environment with confidence in their data integrity and privacy.
Last updated