Last updated 2 months ago
DIDs depend on registries as trust anchors. No privacy-preserving, open, decentralised DNS, not-for-profit, global standard layer exists, leaving the trust paradox unsolved and sovereignty at risk.
.zkdid™ explores zero-knowledge decentralised DNS as a trust anchor, enabling proof-of-personhood where PII and biometric traits can be both protected and verified without revealing raw data.
Please provide your proposal title
.zkdid™ Advancing Global Standards in Proof-of-Personhood
Enter the amount of funding you are requesting in ADA
185714
Please specify how many months you expect your project to last
12
Please indicate if your proposal has been auto-translated
No
Original Language
en
What is the problem you want to solve?
DIDs depend on registries as trust anchors. No privacy-preserving, open, decentralised DNS, not-for-profit, global standard layer exists, leaving the trust paradox unsolved and sovereignty at risk.
Supporting links
Does your project have any dependencies on other organizations, technical or otherwise?
No
Describe any dependencies or write 'No dependencies'
.zkdid™ is designed to deliver independently, but will expand on prior Cardano & Catalyst-funded open source such as Gimba Labs, Blink Labs, Cardano Foundation's Veridian Wallet, and optionally align with Handshake as a root zone partner. .zkdid™ has no single-point dependencies essential to delivery. The project can operate with or without Handshake. However, Handshake provides an established decentralised root zone that may accelerate adoption and strengthen alliances. Our approach is modular: Gimba Labs tooling, Blink Labs infrastructure, and Handshake decentralised DNS innovation can be integrated to expand continuity and ecosystem impact, but they are not critical-path dependencies.
Will your project's outputs be fully open source?
Yes
Please provide details on the intellectual property (IP) status of your project outputs, including whether they will be released as open source or retained under another licence.
.zkdid™ will be fully open source under the Apache 2.0 licence, ensuring permissive global use and long-term sustainability. Elements of the work have been presented within the Decentralized Identity Foundation (DIF), where the project lead is an individual member, supporting standards alignment and community review while remaining institution-neutral. This guarantees transparency, mitigates capture risks, and aligns with Fraunhofer’s research standards and Catalyst’s public-good aims.
Please choose the most relevant theme and tag related to the outcomes of your proposal
Identity & Verification
Describe what makes your idea innovative compared to what has been previously launched in the market (whether by you or others).
Most existing DID and identity projects solve one layer of the problem, a new DID method, a verifiable credential wallet, a biometric proof-of-personhood scheme, or a naming system, but they all depend, in practice, on someone’s registry, someone’s trust logic and someone’s business model.
There is currently no neutral, non-financial, zero-knowledge decentralised DNS layer dedicated solely to identity that all of these systems can share as a common root of trust.
.zkdid™/.zkdns™ is innovative because it proposes a self-sovereign internet of identity: a decentralised, zero-knowledge DNS (dDNS) root zone for people and devices that any DID method, wallet or credential stack can plug into as a shared, protocol-agnostic trust anchor.
1. A bolt-on, protocol-agnostic trust anchor – not “yet another stack”
a) .zkdid does not compete with or replace existing DID methods, wallets or ZK schemes.
b) It provides a common uniqueness, naming and discovery layer:
c) This gives the ecosystem a shared, privacy-preserving anti-Sybil substrate and root zone, while letting each project keep its own credential formats, trust frameworks and UX.
Instead of everyone building their own registry and Sybil logic, .zkdid offers a neutral infrastructure layer that other systems can treat as a plug-in.
2. Zero-knowledge decentralised DNS as identity-first internet infrastructure
a) The core registry is a decentralised DNS-style root zone (names, records, delegation) implemented on a public ledger, with ZK commitments and proofs built into the data model from day one.
b) Personhood, device status and attributes are proven via zero-knowledge proofs anchored to the domain, rather than:
c) This transforms DNS from “just” a technical naming system into a verifiable, privacy-preserving identity layer that can still interoperate with the existing internet stack (DNS resolvers, service endpoints, certificates).
In effect, zkdid™/.zkdns™ turns domain names for identity into privacy-respecting, cryptographically verifiable identifiers that can be resolved and relied on across systems.
3. Privacy-preserving interactions in physical and digital spaces
.zkdid™ supports privacy-preserving interactions by enabling identities to disclose only the minimum attributes required for a given context (e.g., “over 18”, “authorised for entry”, “valid ticket”). At the same time, .zkdid™ enables proof of uniqueness (“one real person/device here now”) without revealing biometric templates or linkable identifiers.
This model avoids the long-lived identifiers used in many biometric “proof of personhood” systems, which can enable tracking or centralised profiling. Instead, .zkdid™ is designed to support safe, privacy-respecting real-world and digital interactions (events, access control, IoT, point-of-sale payments) without exposing persistent behavioural data to any operator.
4. Human-rights-oriented design: identity as non-revocable infrastructure
.zkdid™ treats “having an identity” as a non-negotiable human right, independent of what a person is permitted to do in any specific context.
The protocol’s intent is to make it technically and governance-wise resistant to:
Policy decisions (who may access which service) are pushed to higher layers; the underlying identity anchor remains globally resolvable, even when particular permissions are revoked.
This is deliberately different from architectures where the same actors who issue credentials also control central registries, enabling unilateral revocation or global disablement of an identity.
5. Not-for-profit, token-free, public-good governance
To our knowledge, there is currently no Web3 protocol that combines:
Key points:
This design aims to keep the root of identity infrastructure structurally independent from VC-style or state-driven control.
6. Standards-aligned and institution-ready
a) The protocol is being developed in collaboration with the Fraunhofer TRAIN team, extending EU-funded DNS trust research rather than competing with it.
b) The design is intended to align with:
c) This enables regulators, NGOs and enterprises to treat .zkdid as shared infrastructure, not as a closed or proprietary product.
In summary, .zkdid™/.zkdns™ is not “another DID method” or “another naming service”, but a new category: a self-sovereign, zero-knowledge dDNS layer for people and devices, designed to tie the identity ecosystem together as a neutral, privacy-preserving uniqueness and naming substrate.
Self-assessed feasibility (0–10): 8.5/10
*Some additional links have been included below due to limit of only 5 allowed in the "Supporting Documentation" field:
https://blog.identity.foundation/november-ewsletter/
https://devpost.com/software/zero-knowledge-decentralised-dns-identity-protocol-zkdid
https://github.com/TobesVibration/zkdid-prototype
http://www.zkd.id/Comparative-Analysis-of-NFP-and-For-Profit-Proof-of-Personhood.pdf
[Fraunhofer TRAIN Links]
https://gitlab.cc-asp.fraunhofer.de/train
https://github.com/undp/Regi-TRUST/tree/fh-branch
https://github.com/eclipse-xfsc/train-trusted-content-resolver
https://ieeexplore.ieee.org/document/11229815
https://www.sciencedirect.com/science/article/pii/S1877050925004090?via%3Dihub
https://dl.gi.de/items/64362064-8326-4352-a52f-bd8fad17aa7d
https://dl.gi.de/handle/20.500.12116/38702
https://link.springer.com/chapter/10.1007/978-3-031-47198-8_6
Describe what your prototype or MVP will demonstrate, and where it can be accessed.
The MVP for this Catalyst phase is an architecture-first deliverable. Rather than implementing a full registry or zero-knowledge verifier, the project focuses on producing rigorous, standards-aligned architectural outputs that define how .zkdid™ functions as a decentralised, zero-knowledge-enhanced DID method and trust anchor.
The MVP will demonstrate:
1. A complete ZK-DID architecture design
A formal technical architecture for .zkdid™, including DID method structure, document model, privacy model, lifecycle flows, trust boundaries, and high-level models for off-chain proof generation and on-chain verification. This establishes the foundation for future implementation work and ensures compatibility with W3C DID architecture principles.
2. Standards alignment and DIF/W3C engagement
Submission of an early architectural draft to the DIF DID Working Group, including proposed specification direction and initial peer feedback. This demonstrates external review, alignment with established identity standards, and governance-ready design.
3. Cardano integration architecture
A conceptual architecture showing how .zkdid™ interacts with Cardano naming infrastructure (e.g., CNS or ADA Domains), including resolution models, uniqueness mapping, metadata structure, and ZK-enhanced privacy considerations. This clarifies interoperability without requiring executable smart contracts.
4. TRAIN trust anchor integration blueprint
A detailed architecture describing how .zkdid™ can operate as a trust anchor within the Fraunhofer TRAIN framework. This includes cross-registry resolution flows, personhood credential validation architecture, threat and risk models, and duplicate-prevention logic.
5. Research, publication, and ecosystem outreach
A peer-review–ready manuscript, architectural toolkit, and workshop materials demonstrating the design, governance model, and ecosystem alignment of .zkdid™. These outputs support community understanding and provide reusable artefacts for future development teams.
Access
All architectural documents, draft specifications, integration designs, and workshop materials will be published openly in version-controlled GitHub repositories under Apache 2.0 (for code) and permissive Creative Commons licences (for documentation). Drafts submitted to DIF, workshop materials, and the research manuscript will also be publicly available through the project repositories.
This architectural MVP establishes the foundation required for full implementation in later phases, while ensuring standards alignment, institutional review, and a clear pathway toward interoperable, privacy-preserving identity infrastructure on Cardano.
Describe realistic measures of success, ideally with on-chain metrics.
Because .zkdid™ is designed as shared infrastructure, success is measured by real use as a neutral trust anchor and by external adoption, not by token price, TVL or speculation.
For a 12-month Catalyst phase, realistic success measures are:
On-chain metrics (Cardano testnet)
• .zkdid™ registrations:
A meaningful number of .zkdid™ domains created and updated on Cardano testnets, demonstrating user interest and functional registry operations.
• ZK proof verifications:
Demonstrated on-chain verification of zero-knowledge proofs linked to .zkdid™ domains, confirming the viability of privacy-preserving personhood or attribute assertions.
• Multi-stack integrations:
Successful integrations with multiple independent projects (e.g., wallets, DID methods, naming services, identity dApps), showing .zkdid™ functioning as a bolt-on trust layer within the ecosystem.
• Reproducible deployment:
Clear documentation and deployment scripts enabling third parties to redeploy the registry and verifier contracts to testnets and reproduce demo scenarios.
These indicate that .zkdid™ is being used in practice and can be independently reproduced.
Open-source and ecosystem engagement
• GitHub activity:
Visible engagement across the repositories, including stars, forks, issues, and contributions from developers beyond the core team.
• Standards and institutional engagement:
Participation in at least one standards-focused engagement cycle (e.g., DIF, identity working groups) and publication of alignment notes mapping .zkdid™ to existing DID and credential standards.
• Research and outreach:
Publication of technical notes, working papers, or extended abstracts, alongside community workshops or tutorials demonstrating .zkdid™ usage and design principles.
Governance, rights and strategic outcomes
a) Governance participation
b) Human-rights-aligned architecture
Documented design decisions showing:
c) Strategic ecosystem signals
Together, these indicators show that:
Self-assessed feasibility (0–10): 9/10
Please describe your proposed solution and how it addresses the problem
The challenge of digital identity remains unsolved: decentralised identifiers (DIDs) depend on registries as trust anchors, yet these anchors are prone to centralisation, capture, and abuse. This creates the “trust paradox” for proof-of-personhood, where users must trust the very infrastructure that claims to grant them sovereignty.
.zkdid™ proposes a novel approach: anchoring proof-of-personhood directly into a decentralised DNS protocol secured by zero-knowledge cryptography. By combining DNS, the root naming system of the internet, with zero-knowledge proofs, .zkdid™ enables biometric traits (e.g., face, voice, fingerprint, iris) and also government documents such as a passport, to be verified as authentic without ever exposing raw data. This guarantees both verification and protection, preventing surveillance abuse while enabling sovereignty at the infrastructure layer itself, not merely at the credential layer.
The uniqueness of this approach lies in building a trust anchor that is:
Delivery will be led in collaboration with the Fraunhofer Institute’s TRAIN team, who have already received EU funding to develop a DNS-based trust framework.
At a European digital identity conference, it was recognised that the .zkdid™ mission and Fraunhofer’s work converge. Whereas the TRAIN framework risked breaking DID standards by using traditional DNS, .zkdid™ extends their research by embedding zero-knowledge proofs into a decentralised DNS protocol, aligning with global standards while safeguarding sovereignty.
All outputs will be fully open source under the Apache 2.0 licence, with intellectual property safeguarded under the Decentralized Identity Foundation (Linux Foundation entity). The project lead (Toby Bolton) provides strategic guidance voluntarily, ensuring neutrality and long-term commitment to public-good principles.
By integrating decentralised DNS, zero knowledge, and biometric-preserving proofs, .zkdid™ attempts to address the trust paradox at its root, offering Cardano and the wider ecosystem a foundation for sovereign proof-of-personhood that cannot be co-opted by corporate or state gatekeepers.
Please define the positive impact your project will have on the wider Cardano community
Our project brings a unique value proposition to Cardano by focusing not on speculation or financialisation, but on freedom, sovereignty, and governance. By developing a decentralised DNS and identity framework, we are creating critical public infrastructure that empowers individuals, communities, and devices to operate securely and independently.
This work has already drawn attention from major institutions, including engagement with a leading Top-10 global technology provider in cloud and internet infrastructure. We have been in dialogue with leading technology companies who recognise the importance of decentralised identity, and our collaboration with the prestigious Fraunhofer Society means we can leverage ongoing EU-funded field trials and bring them on-chain.
Most importantly, our aim is to establish a global standard, a unifying trust layer that can connect the entire world and bridge existing internet infrastructure into Web3. This positions Cardano not only as a financial network but as the people’s chain, underpinning human rights, privacy, and sovereignty at internet scale.
The positive impact for the wider Cardano community includes:
This is the kind of technology people want on the people’s chain: trustless, sovereign, global, and open source.
What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?
We recognise that our project is ambitious and still evolving in scope, but we are confident in our ability to deliver it with high levels of trust and accountability. Our capability rests on three pillars:
Institutional Strength: We are collaborating with the prestigious Fraunhofer Society, Europe’s leading applied research organisation, who bring decades of experience in building standards-based infrastructure. Their TRAIN team is already conducting EU-funded field trials in DNS trust frameworks, which can be directly aligned with our goals.
Open Source Governance: From the outset, the project is open-sourced under the Apache 2.0 licence, ensuring transparency, auditability, and community oversight. This guarantees that no single entity can capture or co-opt the work.
Industry Recognition: Our work has already gained attention from major technology companies, including one of the world’s largest providers of internet and cloud infrastructure. This external validation reinforces the feasibility and global relevance of our approach.
Phased delivery for feasibility and trust:
This incremental approach builds trust step by step, within Catalyst, within the Cardano ecosystem, and with the wider internet community. It allows us to validate feasibility at each stage while demonstrating accountability and delivering tangible results along the way.
Milestone Title
ZK-DID Architecture Design
Milestone Outputs
ZK-DID Technical Architecture Document, including:
Architecture-level conceptual model for off-chain proof generation and on-chain verification, demonstrated conceptually using a Cardano testnet (no prototype).
DIF DID Working Group Engagement Summary, including:
Acceptance Criteria
Architecture document clearly articulates:
DIF engagement summary demonstrates:
Evidence of Completion
Delivery Month
3
Cost
55714
Progress
30 %
Milestone Title
Standardization with DIF and Cardano Integration
Milestone Outputs
Draft DIF DID Method Architecture Specification, including:
Cardano Integration Architecture, covering:
Governance & Change Management Architecture for maintaining spec evolution with DIF and Cardano stakeholders.
Acceptance Criteria
Evidence of Completion
Delivery Month
10
Cost
55714
Progress
30 %
Milestone Title
TRAIN Trust Anchor Integration Architecture
Milestone Outputs
TRAIN Integration Architecture, including:
Acceptance Criteria
Evidence of Completion
Delivery Month
12
Cost
37143
Progress
20 %
Milestone Title
Peer-Reviewed Publication, Outreach & Toolkit Release
Milestone Outputs
Acceptance Criteria
Evidence of Completion
Delivery Month
12
Cost
37143
Progress
20 %
Milestone Title
Final Consolidation, Documentation & Reporting
Milestone Outputs
Acceptance Criteria
Evidence of Completion
Delivery Month
12
Please provide a cost breakdown of the proposed work and resources
The project consists of four architecture-focused milestones delivered by the Fraunhofer Institute. All funding is directed entirely to Fraunhofer to cover research time, specification work, standards engagement, publication costs, simulation work, and ecosystem outreach. The project lead (Toby Bolton) works voluntarily, ensuring that the full budget supports technical delivery.
Milestone 1 – ZK-DID Architecture Design
Cost: €22,500 (≈ 55,714 ADA)
Covers: development of the full ZK-DID technical architecture (DID method URI design, document structure, privacy model, lifecycle flows, trust boundaries, and cryptographic assumptions), plus initial DIF engagement and architectural review.
Milestone 2 – Standardisation with DIF and Cardano Integration Architecture
Cost: €22,500 (≈ 55,714 ADA)
Covers: drafting the DIF-aligned DID Method Architecture Specification, Cardano integration architecture (naming resolution, metadata anchoring, uniqueness mapping, security/threat modelling), and governance/change-management processes.
Milestone 3 – TRAIN Trust Anchor Integration Architecture
Cost: €10,000 (≈ 37,143 ADA)
Covers: TRAIN trust-anchor integration architecture, cross-registry resolution models, personhood-credential validation flows, and simulation-based verification with ecosystem partners.
Milestone 4 – Publication, Ecosystem Outreach, and Toolkit Release
Cost: €10,000 (≈ 37,143 ADA)
Covers: preparation and submission of the peer-reviewed manuscript, production of workshop/tutorial materials, and release of an open-source architectural toolkit.
Final Milestone – Final Consolidation, Documentation & Reporting
Cost: €0 (0 ADA)
Covers: formal confirmation that all planned activities have been completed, final consolidation of documentation and artefacts, and submission of the closing report to Catalyst. The practical costs of conference/journal submission and community engagement are already accounted for within the earlier milestones.
Total Requested Budget: €65,000 (≈ 185,714 ADA) @ €0.35c ADA
How does the cost of the project represent value for the Cardano ecosystem?
This project represents exceptional value for the Cardano ecosystem because it delivers foundational, non-financialised infrastructure that can be reused by the entire community. Unlike many proposals that create isolated applications, .zkdid™ provides a shared, zero-knowledge decentralised DNS and identity root that any wallet, dApp, DID method, or governance system can integrate with. It is a public good with network-wide benefits.
All development funds are directed to the Fraunhofer Institute, one of Europe’s most respected applied research organisations, ensuring world-class execution, institutional oversight and long-term credibility. The project lead works voluntarily, which means Catalyst funding goes entirely into technical delivery rather than salaries or overhead.
Because .zkdid™ is fully open source under Apache 2.0, the Cardano ecosystem gains permanent, permissionless access to all code, SDKs, specifications, verifier circuits and integration blueprints. This enables future teams to build on top of the work without paying licensing fees or depending on a private company.
In effect, Catalyst is funding a shared trust layer that:
For a relatively modest budget, Catalyst gains open, standards-aligned identity infrastructure delivered by a leading research institute. The resulting components can be reused across the ecosystem, making the project highly leveraged and broadly beneficial.
I confirm that evidence of prior research, whitepaper, design, or proof-of-concept is provided.
Yes
I confirm that the proposal includes ecosystem research and uses the findings to either (a) justify its uniqueness over existing solutions or (b) demonstrate the value of its novel approach.
Yes
I confirm that the proposal demonstrates technical capability via verifiable in-house talent or a confirmed development partner (GitHub, LinkedIn, portfolio, etc.)
Yes
I confirm that the proposer and all team members are in good standing with prior Catalyst projects.
Yes
I confirm that the proposal clearly defines the problem and the value of the on-chain utility.
Yes
I confirm that the primary goal of the proposal is a working prototype deployed on at least a Cardano testnet.
Yes
I confirm that the proposal outlines a credible and clear technical plan and architecture.
Yes
I confirm that the budget and timeline (≤ 12 months) are realistic for the proposed work.
Yes
I confirm that the proposal includes a community engagement and feedback plan to amplify prototype adoption with the Cardano ecosystem.
Yes
I confirm that the budget is for future development only; excludes retroactive funding, incentives, giveaways, re-granting, or sub-treasuries.
Yes
I Agree
Yes
Delivered in collaboration with the Fraunhofer Institute, with all funds directed to Fraunhofer for execution. The project lead (Toby Bolton) works voluntarily to ensure alignment with the long-term vision and open governance.
Fraunhofer Institute. The collaboration began after initial discussions at DICE a European digital identity conference, where our respective work converged. Fraunhofer’s TRAIN team has been developing a trust framework leveraging DNS.
Following technical dialogue, it was recognised that their approach risked fragmenting existing standards. The .zkdid™ mission, to build a decentralised DNS protocol with zero knowledge at its core aligned closely with their research.
This led Fraunhofer to propose an official collaboration, with their team providing implementation expertise and infrastructure, while the project lead (Toby Bolton) ensures strategic vision and adherence to decentralisation principles.