zkbiometric

As part of the European Union’s initiative to issue digital credentials to all citizens by 2027, our project provides a secure and privacy-preserving solution for biometric identity verification. Our system is designed to ensure that service providers can verify user identities with high assurance, while respecting the privacy constraints associated with biometric data.

1. Biometric Data Capture and Credential Issuance: We leverage technology from Mobai, a leader in biometric verification, to create a digital representation of a user’s facial biometrics. During the user onboarding process, this biometric "fingerprint" is captured and, alongside other relevant claims such as identity and residency, is encapsulated into a BiometricOnboardingCredential. This credential is then securely issued to the user’s digital wallet, ensuring that it meets EU standards for data protection and privacy.

2. Biometric Verification for Service Access: When accessing services, users are asked by service providers to verify their identity by reproducing their biometric "fingerprint" using Mobai's technology. This generates a BiometricChallengeCredential, mirroring the process undertaken during onboarding.

3. Zero-Knowledge Proof of Identity Verification: To verify the user's identity without compromising biometric data, our system utilizes RISC Zero's zkVM. A zero-knowledge proof is generated to confirm that the BiometricChallengeCredential matches the BiometricOnboardingCredential. This process ensures that the service provider can confidently verify the identity without ever accessing or viewing the actual biometric data.

4. Secure Data Transmission: If verification is successful, the zkVM can safely return relevant user data required by the service provider, such as account numbers, public identifiers, or an Ethereum address. This information can be used for transactions, registrations, or any service requiring secure identity confirmation.

System Benefits:

Enhanced Security and Privacy: By utilizing zero-knowledge proofs, our system ensures that biometric data remains private and secure, adhering to the stringent GDPR regulations. High Assurance Identity Verification: The use of a robust biometric verification mechanism allows for high confidence in user identity, essential for sensitive transactions. Scalability and EU Compliance: Designed to be scalable across the EU, our system supports the upcoming rollout of digital credentials, ensuring compliance with EU regulatory frameworks. Potential Applications: This verification system is not only applicable to basic service access but can also be expanded to financial services for KYC processes, secure voting systems, and any digital platform requiring reliable user authentication.

In our version it is currently setup with using a mock data file. Containg:

1. public key of biometric credential issuer
2. BiometricOnboardingCredential - mock biometric data for the onboarded user
3. BiometricChallengeCredential - mock biometric data created upon request by the Service Provider.

Technology:

1. Verifiable Credentials (eIDAS 2.0) : https://github.com/eu-digital-identity-wallet Biometric credentials are encapsulated within JSON Web Tokens (JWTs), which serve as Verifiable Credentials (VCs). This format is chosen for its versatility and widespread adoption, which supports the seamless integration and interoperability of our system within existing digital infrastructures. The JWTs securely contain the biometric data and other identity claims, ensuring they are tamper-proof and verifiable across different platforms.

2. RISC Zero zkVM https://www.risczero.com/ At the core of our identity verification process is the RISC Zero zkVM. This zero-knowledge virtual machine enables us to create and verify zero-knowledge proofs that the BiometricOnboardingCredential matches the BiometricChallengeCredential without revealing any underlying biometric data.

3. Foundry Template from RISC Zero zkVM