MobiScale

App Attester is a mobile application that provides cryptographically secure identity verification while preserving user privacy through zero-knowledge proofs. The system combines AI-powered facial recognition with Apple's Secure Enclave technology to create a verifiable proof of identity that can be trusted without exposing sensitive biometric data. The process begins with users uploading a passport photo and taking a live selfie. Advanced facial recognition AI compares these images to verify identity with high confidence scores. This verification data is then cryptographically signed using Apple's Secure Enclave, proving the data came from a genuine, untampered device. Finally, the system generates zero-knowledge proofs using RISC-0 and Noir circuits, allowing third parties to verify the identity assertion without seeing the underlying biometric data, confidence scores, or image hashes. This creates a privacy-preserving identity verification system where users can prove their identity without revealing sensitive information, while still providing cryptographic guarantees about the authenticity of the verification process and the device used.

Frontend: Built with SwiftUI for iOS, providing a native mobile experience with smooth animations and intuitive user flows. The UI clearly communicates each step of the verification process, from photo capture to final proof generation.

AI/ML: Integrated facial recognition using Vision framework and custom face embedding models. The system computes cosine similarity between passport and selfie embeddings to determine identity match confidence scores.

Cryptographic Infrastructure:

• Apple's Secure Enclave for device attestation and data signing
• DRAND (League of Entropy) for cryptographically secure randomness
• SHA-256 hashing for data integrity
• Zero-Knowledge Proofs:
• RISC-0 circuits for proving attestation validity and signature authenticity
• Noir circuits specifically for ECDSA signature verification
• Composite proofs combining RISC-0 receipts with Noir proofs for maximum privacy

Privacy Architecture: The system uses a multi-layered approach to privacy: Local processing of biometric data (no server-side image storage)

1. Cryptographic signing to prove data authenticity
2. ZK proofs to verify computations without revealing inputs
3. Selective disclosure allowing users to prove identity without exposing confidence scores or image hashes

Technical Stack: Swift, SwiftUI, Vision framework, DeviceCheck API, RISC-0, Noir, SHA-256, ECDSA signatures, JSON encoding/decoding, async/await for concurrent operations.

The project demonstrates how modern cryptographic techniques can be combined with mobile device security features to create privacy-preserving identity verification systems that maintain both security and user privacy.