Last updated 5 months ago
Keyd improves identity data privacy and security by issuing private, reusable digital credentials so platforms can verify user attributes without exposing sensitive data or repeating verification.
Keyd lets users verify once and get private, reusable credentials. Apps verify identity, age, country and digital signatures via ZK + selective disclosure—no sensitive data storage or repeat checks.
Please provide your proposal title
Keyd - Verified and reusable identity credentials
Please specify how many months you expect your project to last
3
What is the problem you want to solve?
Keyd improves identity data privacy and security by issuing private, reusable digital credentials so platforms can verify user attributes without exposing sensitive data or repeating verification.
Supporting links
Does your project have any dependencies on other organizations, technical or otherwise?
No
Describe any dependencies or write 'No dependencies'
No dependencies
Will your project's outputs be fully open source?
Yes
Please provide here more information on the open source status of your project outputs
Open Source Status & License Keyd is open source in a public GitHub repo (Compact contracts, KYC app, backend/API, and integration utilities). It is released under the MIT License (permissive), and we commit to keeping the repo public with clear docs and milestone-based releases for reuse by the Midnight ecosystem.
Please choose the most relevant theme and tag related to the outcomes of your proposal
Identity & Verification
What is useful about your DApp within one of the specified industry or enterprise verticals?
Keyd is especially valuable for regulated industries where identity verification is mandatory, costly, and risky: banking/fintech, crypto exchanges and RWA platforms, online casinos, fiat↔crypto on/off-ramps, healthcare, and digital government.
Today, every company repeats the same KYC process, forcing users to submit documents and sensitive data over and over again. Platforms must then store that information in centralized databases, taking on the risk of breaches, audits, and regulatory penalties. This creates friction, reduces conversions, and increases onboarding costs.
Keyd changes the model: users verify once and receive private, reusable credentials (identity, age, country/jurisdiction, humanity). Platforms integrate a single credentials layer on Midnight and can verify only the attribute they need—such as “≥18,” “allowed country,” “verified identity,” “human user,” or digital signatures—without accessing the exact underlying value or storing raw personal data. With selective disclosure and ZK proofs, Keyd enables compliance while preserving privacy.
In practice, this gives companies lower operational cost per user, reduced legal and security burden from data custody, faster onboarding, higher conversions, and interoperable identity across services. For users, it delivers a verifiable, portable identity under their control, with lower exposure to fraud (including deepfakes) and no endless repetition of verification across platforms.
What exactly will you build? List the Compact contract(s) and key functions/proofs, the demo UI flow, Lace (Midnight) wallet integration, and your basic test plan.
We will build Keyd, a privacy-preserving identity credentials layer on Midnight, delivered as a working demo with a KYC app + a consumer dApp.
A) kyc-credentials.compact (core)
Purpose: store private/reusable credentials as commitments + issuer status + revocations.
Key storage (high level):
commitments for Identity / Age / Country / Humanity
authorized issuer keys
revocation flags + reasons (as private/opaque)
Key functions (tx):
registerIdentity(subjectKey, identityCommitment, metadataRef, issuerKey)
issueAgeCredential(subjectKey, ageCommitment, proofRef, issuerKey)
issueCountryCredential(subjectKey, countryCommitment, proofRef, issuerKey)
recordHumanVerification(subjectKey, humanCommitment, proofRef, issuerKey)
revokeCredential(subjectKey, credentialType, reason, issuerKey)
read helpers: hasCredential, isRevoked, getIssuer, getCommitmentRef (minimal getters needed by dApps)
We will ship circuits/proofs for:
Age proof: prove age ≥ 18 without revealing date of birth.
Country proof: prove country ∈ allowedList (or equality to an allowed jurisdiction) without revealing the raw value.
(Optional demo extension if time: Humanity proof reference from liveness provider; the contract stores commitment + reference.)
Proof integration:
Midnight HTTP proof provider (prover) + verifier artifacts (ZKIR / keys) wired into the transaction flow.
KYC App (Next.js)
Connect Lace wallet
Step 1: Identity verification (off-chain form + issuer approval) → on-chain registerIdentity
Step 2: Humanity/liveness (off-chain check) → on-chain recordHumanVerification
Step 3: Age verification (ZK) → generate proof ≥18 → on-chain issueAgeCredential
UI shows per-step status + tx hash links to Midnight Explorer.
Consumer dApp (example: RWA / regulated access app)
Connect Lace wallet
Calls /api/kyc/status (hydrated, privacy-safe status)
Enforces access:
allow login / allow purchase only if required credentials are Verified and not revoked
If missing, redirects to KYC App, then returns with “Access granted”.
Use Lace to:
connect wallet
sign transactions for contract calls
Derive a deterministic subjectKey from wallet (or wallet-linked identity key) used to index credentials privately.
Display tx hashes + explorer links for transparency.
Unit tests (JS/TS)
deriveSubjectKey() — deterministic output, correct Bytes<32> formatting
ledger “hydration” — correctly maps opaque state → Verified/Pending/NotStarted, respects revocations
explorer URL builder — correct explorer link per network
Integration tests (API)
GET /api/kyc/status — handles missing/malformed contract state safely
POST /api/kyc/verify-proof — revoked subjects always fail; valid proof succeeds
Manual end-to-end scenarios
Happy path: new wallet completes all steps and gains access in consumer dApp
Revocation path: revoke identity → consumer dApp denies access
Stale cache path: local tx state differs from chain → refresh from indexer is authoritative
How will other developers learn from and reuse your repo? Describe repo structure, README contents, docs/tutorials, test instructions, and extension points. Which developer personas benefit, and how will you gauge impact (forks, stars, issues, remixes)?
Readme in repo with all information
Developers can learn from and reuse our repo because it’s a complete, end-to-end reference implementation of a privacy-preserving KYC/credentials system on Midnight: UI flow + Compact contract + ZK proof generation + API layer + wallet integration.
Repo structure (easy to navigate and copy)
The repository is organized so builders can reuse a single part (contract-only, API-only, or UI-only) or run the full demo:
app/ (Next.js App Router)
app/verify/* verification flows (identity, age, human)
app/credentials/* credential viewing pages
app/api/kyc/* API routes (status, verify-proof, store-proof)
components/ reusable UI components (components/ui includes Radix-based building blocks)
contracts/kyc_credentials/ Compact contract + deployment scripts (pnpm run deploy)
lib/ shared core logic
blockchain-utils.ts contract calls + Midnight interactions
zk-proof-utils.ts proof generation/verification helpers
proof-store.ts server-side proof storage (demo implementation)
store.ts Zustand state layer
This separation makes extension straightforward: UI flows live in app/verify, contract logic lives in contracts/, and protocol glue code is centralized in lib/.
README content (how devs get started)
The README is designed as a “run it + understand it” guide:
What the platform does (identity/age/human + commitments + ZK + selective disclosure)
Tech stack and prerequisites (Node 20+, pnpm, Midnight Wallet)
Environment configuration (NEXT_PUBLIC_MIDNIGHT_PROOF_SERVER, asset app URLs)
Contract deployment steps (contracts/kyc_credentials → pnpm run deploy)
Local dev instructions (pnpm dev)
API documentation with request/response examples
Full verification flow description per route:
/verify/identity → issues Identity + Country credentials + stores country proof
/verify/human → CAPTCHA + liveness → issues Human credential + stores captcha proof
/verify/age → under/over 18 → issues Age credential + generates proof for Over18
Docs/tutorials (what developers learn)
By following the README and code paths, developers learn:
How to store on-chain commitments instead of raw PII
How to generate and verify ZK proofs (age/country/captcha) via a Midnight proof server
How to design a clean KYC wizard UX with real credential states
How to connect a Midnight wallet (Lace / Midnight wallet SDK) and sign txs
How to expose a minimal API layer for:
state hydration (/api/kyc/status)
verification (/api/kyc/verify-proof)
proof persistence for demo (/api/kyc/store-proof)
How to integrate with a “consumer” app via redirect parameters (example asset tokenization app)
Test plan and instructions
The repo includes standard dev ergonomics:
pnpm test for test execution
pnpm lint for linting
pnpm build / pnpm start for production builds
In addition to automated tests, the README-defined flow supports quick manual E2E validation:
New wallet completes Identity → Human → Age and sees allComplete: true in /api/kyc/status
Proof verification returns expected boolean flags (isAdult, country flag, captchaPassed)
Consumer app integration works via redirect and URL params
Extension points (how devs can build on top)
The repo is intentionally easy to extend:
Add a new credential type by:
adding a new commitment + issuer/revocation mapping in the Compact contract,
adding proof logic in lib/zk-proof-utils.ts,
exposing status via app/api/kyc/status,
adding a new step UI under app/verify/
Swap the KYC provider / liveness provider without changing the on-chain model (commitments remain the interface).
Replace proof-store.ts with production storage (DB/object storage) while keeping the same API contract.
Update the country proof logic from “country == France” to “country ∈ allowed list” to support real compliance policies.
Developer personas who benefit
Midnight dApp developers: learn contract + proof-provider + wallet integration patterns.
Compliance/RWA builders: reuse identity/age/country gating with minimal sensitive data handling.
Web2 platforms entering Web3: adopt a KYC flow that reduces data custody and improves conversions.
ZK learners: get a practical, working example of proofs used for real compliance checks.
Please describe your proposed solution and how it addresses the problem
Keyd solves the privacy and security problem in identity verification by replacing today’s model (uploading documents and leaving sensitive data in centralized databases across every platform) with private, reusable credentials on Midnight.
Users complete a KYC-style identity verification once (off-chain). From that validation, Keyd issues on-chain credentials (identity, age, country, humanity) stored as cryptographic commitments—not raw personal data. When a platform needs to validate someone, the user proves they are the rightful holder by signing with their wallet (digital signature), and can also sign documents or consents to prove they were authorized by the correct person. Keyd also enforces an anti-Sybil principle: a real person can have only one root identity in the system, preventing duplication and abuse.
Platforms then verify only the required attributes through selective disclosure and ZK proofs (e.g., “≥18” or “allowed country”) without revealing exact values or storing sensitive information. This reduces PII exposure and breaches, removes repeated KYC across services, lowers cost and regulatory risk, and enables secure onboarding and document signing with a unique, verifiable identity.
Please define the positive impact your project will have on Midnight ecosystem
Keyd brings real users and real transaction flow to Midnight by turning identity into reusable, privacy-preserving credentials that regulated apps—and traditional institutions—need. It benefits the Midnight ecosystem by: (1) driving mass wallet adoption through a simple “verify once, reuse everywhere” onboarding, (2) showcasing Midnight’s core differentiators—privacy by default, selective disclosure, and native ZK proofs—in a production-like KYC/compliance use case, (3) enabling more builders and enterprises to launch regulated dApps (RWA, exchanges, casinos, on/off-ramps, e-gov) without storing PII, (4) supporting traditional entities (banks, fintechs, insurers) that need to reduce identity fraud, account takeover, and deepfake-driven impersonation by relying on verified, non-duplicable credentials, and (5) creating recurring network usage as credentials are checked, updated, signed, and revoked across many platforms. This makes Midnight more attractive to enterprises and developers, accelerates ecosystem growth, and strengthens trust in Midnight as the privacy layer for compliant applications.
What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?
We can deliver Keyd with high trust and accountability because we’re building on proven execution, not assumptions. Our team has shipped real Web3 products before, and we’ve already demonstrated Keyd as a working prototype on Midnight—so we validate by doing, not by promising.
For us, trust comes from four pillars:
Transparency: everything is open, documented, and reproducible. Anyone can run the repo, follow the flows, and verify on-chain results in the Explorer.
User-first delivery: we design the experience so users don’t need to understand crypto or ZK—verification feels like standard KYC, but with privacy by default.
Clear ownership and measurable milestones: we define what “done” means and deliver iteratively with visible progress.
Real-world applicability: we’ve analyzed concrete use cases and verticals where Keyd fits immediately (banking/fintech, exchanges, RWA, online casinos, fiat↔crypto on/off-ramps, healthcare, and digital government), ensuring we build something adoptable that solves real problems.
To validate feasibility, we use practical proof points:
Repeatable end-to-end demos: verify once → credential issued → access granted in an integrating app; revoke → access denied.
ZK proof validation with real pass/fail checks tied to on-chain commitments (age/country/human), preserving privacy.
Product-level testing: completion rates, edge cases (revocation, missing credentials, stale state), and reliability across wallets and environments.
Please provide a cost breakdown of the proposed work and resources
Budget & Cost Breakdown (Total: $10,000)
Our budget is allocated across three milestones, covering engineering, product/design, QA, documentation, and demo delivery. Costs reflect time and resources required to deliver a working, reusable open-source implementation on Midnight.
Milestone 1 — Core Protocol (Compact Contract) + Issuer Governance ($3,000)
Smart contract engineering (Compact): $1,600
Credential ledger structure, issuer authorization, revocation, anti-sybil rules, read interfaces.
Deployment & environment setup: $600
Preview/testnet deploy scripts, configuration, reproducible setup.
Security review & protocol hardening: $500
Access control checks, revocation enforcement, invariants, edge cases.
Documentation (contract spec): $300
/docs/contract.md, function descriptions, privacy/security model.
Milestone 2 — Mobile-first UX/UI + Lace Integration + ZK Proof Pipeline ($3,500)
Mobile-first UX/UI design & implementation: $1,200
Wizard flow, responsive screens, clear states/errors, user-friendly copy.
Frontend engineering (Next.js + Lace integration): $1,000
Wallet connect/sign, transaction lifecycle UX, explorer links.
Backend/API engineering: $800
/api/kyc/status, /api/kyc/verify-proof, hydrated state model without exposing PII.
ZK proof integration (Midnight proof provider): $500
Proof generation/verification wiring, deterministic pass/fail behavior.
Milestone 3 — Integrator Toolkit + Consumer dApp + QA + Docs ($3,500)
Integrator toolkit & example consumer dApp integration: $1,500
Reusable helpers, compliance gating, signature validation, “Verify with Keyd” flow.
Testing & QA: $900
Unit tests, API tests, E2E scenarios (revocation, missing credentials, stale state).
Documentation & tutorials: $700
README upgrades, /docs/integration.md, /docs/demo.md, extension points.
Demo packaging + CI readiness: $400
Final demo video, reproducible instructions, basic CI pipeline setup.
How does the cost of the project represent value for the Midnight ecosystem?
The $10,000 budget delivers strong value to Midnight because it funds not just a demo, but a reusable identity infrastructure that can drive real adoption across regulated verticals—and it also promotes network usage and $NIGHT token adoption.
Reusable public infrastructure: we deliver open-source Compact contracts, ZK proof flows, Lace integration, and an integrator toolkit so other builders can reuse it instead of rebuilding the same primitives.
Direct ecosystem growth: Keyd targets high-volume onboarding in regulated industries (fintech/banking, exchanges, RWA platforms, online casinos, fiat↔crypto on/off-ramps, healthcare, and digital government), bringing real users to Midnight with low friction and privacy by default.
Showcases Midnight’s differentiators: it’s a practical reference implementation of privacy-by-default, selective disclosure, and ZK verification—exactly what makes Midnight unique.
Adoption-ready, not just a prototype: milestones include mobile-first UX, tests, documentation, and a working consumer dApp integration so third parties can adopt quickly.
Drives network usage and $NIGHT adoption: the model supports incentives and economic circularity where verification and credential reuse generate on-chain activity on Midnight and strengthen $NIGHT’s utility as an incentive token tied to real usage.
Compounding impact: once deployed and documented, every new integrator benefits, amortizing cost across many apps and increasing ROI for Midnight over time.
I confirm that the proposal clearly provides a basic prototype reference application for one of the areas of interest.
Yes
I confirm that the proposal clearly defines which part of the developer journey it improves and how it makes building on Midnight easier and more productive.
Yes
I confirm that the proposal explicitly states the chosen permissive open-source license (e.g., MIT, Apache 2.0) and commits to a public code repository.
Yes
I confirm that the team provides evidence of their technical ability and experience in creating developer tools or high-quality technical content (e.g., GitHub, portfolio).
Yes
I confirm that a plan for creating and maintaining clear, comprehensive documentation is a core part of the proposal's scope.
Yes
I confirm that the budget and timeline (3 months) are realistic for delivering the proposed tool or resource.
Yes
I Agree
Yes
Juan Ignacio Lazarte (Director-Blockchain Developer)
Matias Acevedo (CMO-Marketing Specialist)
Joaquín Linares (Director-Blockchain Developer)
Zain (Blockchain Developer)
Zeus Vargas (Full Stack developer)
Diego Guillen (Full Stack developer)