[Proposal setup] Proposal title

Please provide your proposal title

ZK-TanitID: The Digital Identity Layer

[Proposal Summary] Time

Please specify how many months you expect your project to last

3

[Proposal Summary] Translation Information

Please indicate if your proposal has been auto-translated

No

Original Language

en

[Proposal Summary] Problem Statement

What is the problem you want to solve?

Organizations are required to collect and store sensitive personal data to verify user identity, that increase operational risk, regulatory exposure, and vulnerability to breaches and surveillance.

[Proposal Summary] Supporting Documentation

Supporting links

• https://carthagexlabs.xyz/

[Proposal Summary] Project Dependencies

Does your project have any dependencies on other organizations, technical or otherwise?

No

Describe any dependencies or write 'No dependencies'

No dependencies

[Proposal Summary] Project Open Source

Will your project's outputs be fully open source?

Yes

Please provide here more information on the open source status of your project outputs

Apache-2.0 license

[Theme Selection] Theme

Please choose the most relevant theme and tag related to the outcomes of your proposal

Identity & Verification

[Campaign Category] Category Questions

What is useful about your DApp within one of the specified industry or enterprise verticals?

ZK-TanitID addresses the fundamental trust deficit in digital identity systems.

Today, governments and enterprises are required to collect and store large volumes of sensitive personal information like passports, IDs, residency documents, licenses, in order to verify users.

This creates centralized PII repositories that function as “honeypots,” exposing organizations to significant cybersecurity risk, regulatory liability, and public distrust.

ZK-TanitID provides a secure, privacy-preserving identity infrastructure that decouples verification from data storage.

Services can validate the authenticity or eligibility of a user without ever receiving or handling the underlying personal data. This creates a safer, more scalable foundation for digital governance and enterprise services.

Key Advantages for Enterprises & Public Institutions

1. Eliminates PII Liability

Organizations can validate attributes such as identity validity, residency, or license status, without collecting, transmitting, or storing raw personal data.

This dramatically reduces exposure under data-protection regulations and lowers the risk profile of identity workflows.

2. Eliminates Data Breach Vulnerability

Because sensitive personal data never leaves the user’s device, there is no centralized database of PII to defend.

Even if an institutional portal is compromised, attackers gain no access to citizen or customer data.

3. Restores Trust Through Zero-Knowledge Verification

Users no longer need to trust institutions with their most sensitive information.

Verification becomes cryptographic and tamper-proof, improving user confidence in digital services and reducing friction.

4. Removes Surveillance Concerns

Governments and enterprises can verify eligibility or entitlement such as subsidy qualification or district-based voting, without the ability to track behavior or access personal attributes.

This ensures compliance while respecting civil liberties.

5. Reduces Operational and Compliance Costs

Eliminating the need to secure and audit large PII repositories lowers cybersecurity spending, simplifies infrastructure, and speeds up onboarding.

Organizations can deliver digital services with far lower risk and overhead.

6. Enables Regulatory-Grade Compliance Without PII Exposure

Banks and financial institutions can satisfy KYC/AML requirements using cryptographic attestations.

This removes the burden of storing sensitive documents, which are common vectors for fraud and identity theft.

7. Accelerates Developer Adoption and Lowers Integration Costs

As a reference implementation for Midnight, ZK-TanitID provides a reusable, open-source framework for selective disclosure and Zero-Knowledge attestation flows.

Developers can integrate privacy-preserving identity capabilities quickly and reliably, without rebuilding complex ZK infrastructure.

What exactly will you build? List the Compact contract(s) and key functions/proofs, the demo UI flow, Lace (Midnight) wallet integration, and your basic test plan.

We will deliver ZK-TanitID as a fully functional MVP demonstrating privacy-preserving identity verification on Midnight using the Official Tunisian National Card schema. The implementation includes Compact smart contracts, Zero-Knowledge proof generation, Selective Disclosure, a full Trust Triangle demo UI, Lace/Midnight wallet integration, and a complete testing suite.

1. Compact Smart Contract Layer

A Compact smart contract that verifies identity attestations using Zero-Knowledge Proofs, enabling Selective Disclosure and eliminating the need for enterprises to handle sensitive PII.

ZK Proof Logic

A. Provenance Check (Authenticity):

• Verifies that CIN data was signed by the government’s public key.

B. Selective Disclosure (Attribute-Level Verification)

• Only the requested attribute is checked in ZK and all other fields remain private, unshared, and unrecoverable.

2. Demo UI Flow (Trust Triangle)

The React-based frontend demonstrates the complete lifecycle across three actors: Issuer → Holder → Verifier, mirroring a real digital identity workflow.

Step 1 — Issuer (Mock Government Portal)

• User clicks "Retrieve Digital CIN"
• System generates a signed credential JSON file "signed_credential.json"
• File stored locally only, never uploaded.

Step 2 — Verifier (Mock Bank Portal)

The Verifier selects which attribute to check:

“Select what to verify:”

☐ Valid ID

☐ Age

☐ Residency

☐ Name

The bank requests a ZK proof for that attribute only

Step 3 — Holder (User)

1. Connect Wallet

• User connects using Lace Midnight wallet.

1. Generate ZK Proof

• User selects signed_credential.json.
• Browser executes the ZK circuit locally to produce a proof for the selected attribute.

1. Submit Proof

• User signs the transaction via Lace.
• Only the zero-knowledge proof is sent to the blockchain.

1. Receive Verification Result

• The Mock Bank UI listens to the contract event and updates:

“KYC Approved — Attribute Verified Privately”

The bank never sees CIN, name, address, DOB, or any PII.

3. Lace Midnight Integration

We will integrate using:

A. Custom Wallet Hook

• useMidnightWallet() providing:
• Connect / disconnect
• Proof transaction submission
• Contract event listening
• Wallet state management

B. ZK Proof Payload Formatter

• Converts local ZK outputs into Compact-compatible calldata.

C. Secure Client-Side Execution

• All proofs generated in-browser, ensuring privacy and GDPR compliance.

4. Basic Test Plan

A robust testing suite ensures correctness, reliability, and educational value for Midnight developers.

A. Unit Tests

• Signature validation (valid/invalid)
• Age threshold (boundary conditions)
• Residency region matching
• Revocation rejection
• Frontend input validation

B. Integration Tests

• Issuer → Holder file transfer
• Frontend ↔ Lace wallet communication
• Proof → transaction → contract verification
• Selective Disclosure behavior
• Mock Bank event synchronization

C. End-to-End (E2E) Tests

Full Trust Triangle flow:

• Generate digital CIN
• Select attribute to verify
• Generate ZK proof
• Submit via Lace
• Receive on-chain verification result
• Mock Bank marks identity as approved

E2E confirms the entire privacy-preserving pipeline works as intended.

How will other developers learn from and reuse your repo? Describe repo structure, README contents, docs/tutorials, test instructions, and extension points. Which developer personas benefit, and how will you gauge impact (forks, stars, issues, remixes)?

ZK-TanitID is built as a reference implementation and educational resource for the Midnight ecosystem. The repository is structured to clearly separate concerns, provide practical onboarding documentation, and offer extension points that allow other developers to integrate or adapt the identity layer for their own dApps.

1. Repository Structure Designed for Learning

The repo follows a clean, industry-standard layout that helps developers understand the complete workflow:

/contracts
   verifier_cin.compact
   schemas/
   revocation/
   tests/

/frontend
   src/components/
   src/wallet/
   src/pages/issuer/
   src/pages/holder/
   src/pages/verifier/

/docs
   TUTORIAL_TRUST_TRIANGLE.md
   WALLET_INTEGRATION.md
   SELECTIVE_DISCLOSURE.md
   CONTRACT_SPEC.md

/tests
   unit/
   integration/
   e2e/

Key Architectural Decision: Split Computation

The repo clearly separates:

• /contracts — all Compact smart contract logic, proving logic, revocation registry
• /frontend — React UI, proof generation, Lace wallet integration
• /docs — tutorials and explanations of architecture and ZK concepts

This separation helps developers understand how on-chain verification interacts with off-chain proof generation, which is critical for building privacy-preserving dApps.

2. Practical, Developer-Centric Documentation

The repository includes high-quality documentation aimed at making ZK identity workflows easy to understand and reuse.

Root README

• Overview of ZK-TanitID
• Architecture diagram
• Trust Triangle concept (Issuer → Holder → Verifier)
• Selective Disclosure explained
• Setup instructions and quick start
• How to generate proofs locally
• How to run the example dApp

Focused Tutorials

Located under /docs, including:

• TUTORIAL_TRUST_TRIANGLE.md

Step-by-step guide for building the Issuer, Holder, Verifier simulator.

• WALLET_INTEGRATION.md

How to use Lace Midnight wallet for proof submission and event listening.

• SELECTIVE_DISCLOSURE.md

How to implement attribute-level proofs (age, residency, license validity).

• CONTRACT_SPEC.md

Full description of Compact inputs, constraints, public/private fields, and expected outputs.

These documents provide a zero-to-hero pathway for developers unfamiliar with ZK, Compact, or privacy-preserving identity.

3. Test Infrastructure That Teaches Best Practices

The project includes a comprehensive testing setup that doubles as an instructional tool:

Unit Tests

• Teach developers how to validate:
• Signature provenance
• Attribute-specific ZK checks (age, residency, license type)
• Revocation logic
• Error handling in the circuits

Integration Tests

• Interaction between frontend ↔ proof generator ↔ contract
• How to pass Compact proofs through the Lace wallet
• End-to-end data flow consistency

End-to-End (E2E) Tests

Show the full Trust Triangle flow:

• Issue credential
• Generate local proof
• Submit via Lace
• Verify on-chain
• Display result in Verifier UI

This makes the repo a practical learning environment, not just a code sample.

4. Built-In Extension Points for Reuse

The repository is intentionally designed for easy extension.

Schema Extensions

Developers can replace the Tunisian CIN schema with:

• Other national identity formats
• Corporate IDs
• University credentials
• Employee access passes
• eIDAS-compliant schemas

Issuer Upgrades

Replace the mock issuer with:

• A DID-based issuer
• OAuth / OpenID Connect provider
• Government digital identity backend
• Enterprise KYC provider

Verifier Extensions

Add new business rules, such as:

• Custom age thresholds
• Region-based eligibility
• License category validation
• Multi-attribute proofs

Clear inline comments identify all extension points to support rapid customization.

5. Target Developer Audience

This resource is designed specifically for:

• Web3 developers transitioning into ZK
• Midnight developers wanting real examples of Compact + ZK integration
• Teams building regulated or privacy-first applications
• Hackathon participants looking for a ready template
• Developers needing reusable KYC/identity modules for their dApps

ZK-TanitID functions as both a teaching tool and a production-grade template for identity verification on Midnight.

[Your Project and Solution] Solution

Please describe your proposed solution and how it addresses the problem

ZK-TanitID solves the core “Privacy vs. Utility” dilemma in digital identity by enabling organizations to verify user eligibility without ever collecting, transmitting, or storing sensitive personal data. Instead of relying on centralized PII repositories which create security, compliance, and surveillance risks, the system shifts verification to the user’s device and uses Zero-Knowledge Proofs (ZKPs) to prove facts privately.

How the Solution Works

A Reversed Identity Model

Traditional identity systems require users to upload documents (ID, passport, address) to centralized servers for verification.

ZK-TanitID replaces this model entirely.

User keeps their identity data locally

A ZKP is generated off-chain on the user’s device

Only a cryptographic proof is submitted to the verifier

The verifier never sees or stores the PII behind the proof

This ensures both service utility and strong privacy.

How ZK-TanitID Addresses the Problem

Decouples Data From Verification

ZK-TanitID uses Zero-Knowledge Proofs to allow users to prove specific attributes such as Valid CIN, Age ≥ 18, Residency, or License Validity, without revealing:

• the ID number
• birthdate
• name
• address
• or any underlying PII

Verification is achieved without exposing or transferring sensitive data.

Eliminates Centralized Security Risks

Because all raw PII remains on the user’s device:

• No identity databases are created
• No centralized attack surface exists
• No PII “honeypot” can be breached

Even if a government or enterprise portal is compromised, there is no personal data available for attackers to steal.

Prevents Surveillance and Over-Collection

Verifiers receive only a true/false cryptographic confirmation, not the underlying identity attributes.

This prevents:

• behavioral profiling
• unauthorized tracking
• mass surveillance
• unnecessary data harvesting

Institutions can meet compliance requirements without compromising citizen or customer privacy.

Preserves Digital Sovereignty

Users remain in full control of their identity data:

• They choose what to prove
• They decide when and to whom
• No third party can access or store their PII

This empowers citizens and enterprises with a privacy-first identity framework aligned with global regulatory expectations.

[Your Project and Solution] Impact

Please define the positive impact your project will have on Midnight ecosystem

ZK-TanitID delivers three strategic contributions that strengthen Midnight’s ecosystem across technology, compliance, and global adoption.

1. A Canonical Identity Layer for Midnight

ZK-TanitID provides the ecosystem with a ready-to-use, open-source identity foundation that developers can immediately adopt.

Identity is a prerequisite for advanced Midnight use cases such as:

• compliant DeFi
• on-chain voting and governance
• RWA tokenization
• age-restricted or region-restricted services
• credential-based access control

By supplying a fully functional reference implementation, including Compact smart contracts, Selective Disclosure, revocation logic, and the Trust Triangle workflow, we significantly reduce development friction.

This enables other teams to integrate identity verification without rebuilding complex ZK circuits, accelerating dApp innovation and ecosystem growth.

2. Establishing Trustless Compliance for Regulated Industries

ZK-TanitID demonstrates that Midnight can satisfy compliance requirements (KYC, AML, eligibility checks) without exposing or storing any personal data.

This “trustless compliance” model is a key differentiator for:

• banks and fintech
• healthcare platforms
• insurance
• government services
• enterprise identity management

The project shows that organizations can verify user attributes such age, residency, license validity, citizenship, cryptographically, not through document collection or data storage.

This positions Midnight as the most privacy-preserving and regulation-friendly infrastructure in the blockchain space, making it ideal for enterprise adoption and real-world integration.

3. Expanding Midnight’s Reach Into the MENA Region

ZK-TanitID leverages the Tunisian CIN identity model and aligns with the digital transformation efforts across the MENA region. This creates:

• a culturally and legally relevant entry point
• a demonstrable use case local governments and institutions can understand
• a foundation for cross-regional adoption of Midnight
• visibility for Midnight in emerging markets with fast-growing Web3 engagement

This regional focus diversifies Midnight’s user base and contributes to global ecosystem expansion beyond traditional Western markets.

[Your Project and Solution] Capabilities & Feasibility

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

This project is delivered by a highly capable, experienced, and ecosystem-aligned team with a clear track record of reliability, technical excellence, and contribution to the Midnight community.

Lead Engineer & Architect: Ahmed Amine Gargoura

• Midnight Ambassador with direct involvement in the ecosystem
• 11+ years of professional software engineering experience
• Specialized expertise in Compact smart contracts, ZK proof systems, and identity architectures
• Deep understanding of regulated and privacy-preserving systems through cybersecurity and QA experience

Ahmed leads the cryptographic logic, Compact circuits, identity architecture, and security model, ensuring the project is implemented to the highest technical and privacy standards.

Full-Stack & UI/UX Developer: Oussama Saoudi

• Experienced full-stack developer and designer
• Proven ability to deliver production-ready React applications
• Strong understanding of wallet integrations, user flows, and ZK-enabled UX
• Previously delivered multiple polished applications used by real users

Oussama leads the frontend, Lace wallet integration, developer experience, and overall usability, ensuring the solution is both technically sound and accessible to the community.

[Final Pitch] Budget & Costs

Please provide a cost breakdown of the proposed work and resources

The total requested funding is $10,000, distributed across three monthly milestones. Costs reflect engineering time, design work, testing infrastructure, documentation, and Testnet deployment.

Milestone 1: Core Identity Layer & Compact Contract

Total Cost: $3,500 Focus: Backend Architecture, Compact Contracts, ZK Circuits.

This milestone is heavy on specialized engineering.

ZK/Smart Contract Engineering - $2,475

Hours: ~45 hours

Tasks:

• Designing the final CIN identity schema and selective disclosure groups.
• Coding the complete verifier_cin.compact smart contract.
• Implementing ZK constraints for signature verification and age/residency checks.
• Developing the local proof validator logic.

Project Management & QA - $1,025

Hours: ~22 hours

Tasks:

• Writing comprehensive Unit Tests for all contract logic (valid/invalid proofs).
• Documenting the Architecture & Schema (architecture.md, cin_schema.json).
• Setting up the initial GitHub repository structure and CI environment.

Milestone 2: Off-Chain Proof System & Trust Triangle UI

Total Cost: $3,500 Focus: Frontend Development, React UI, Proof Generation Logic.

This milestone shifts focus to the Full-Stack developer for the user interface and integration.

UI/UX & Full-Stack Development - $2,025

Hours: ~45 hours

Tasks:

• Building the Polished React frontend for the full Trust Triangle (Issuer, Holder, Verifier portals).
• Implementing the proof generation module in TypeScript.
• Creating the Mock Issuer logic to handle signed_credential.json.
• Designing the UX for the selective disclosure selection flow.

ZK/Smart Contract Engineering - $825

Hours: ~15 hours

Tasks:

Assisting with the integration of the ZK-circuits into the TypeScript/WASM frontend environment.

Ensuring the off-chain proof generator matches the on-chain contract constraints.

Project Management & QA - $650

Hours: ~14 hours

Tasks:

• Writing Integration tests for proof generator ↔ contract.
• Validating the UI flows for intuitive user experience.

Milestone 3: Lace Wallet Integration, E2E Testing & Developer Toolkit

Total Cost: $3,000 Focus: Wallet Integration, Testing, Documentation, Release.

This milestone is a collaborative push to finalize the product and educational materials.

ZK/Smart Contract Engineering - $1,100

Hours: ~20 hours

Tasks:

• Configuring the CI/CD pipeline (GitHub Actions).
• Final security review of the cryptographic implementation.
• Technical review of the CONTRACT_SPEC.md and Developer Guides.

UI/UX & Full-Stack Development (Oussama Saoudi) - $1,125

Hours: ~25 hours

Tasks:

• Integrating the Lace Midnight wallet (connection, signing, submission).
• Implementing the on-chain result listener in the UI.
• Producing the final demo video and Quickstart guides.

Project Management & QA - $775

Hours: ~16.5 hours

Tasks:

• Executing the full End-to-End (E2E) test suite covering user flows.
• Final code cleanup and applying the Apache 2.0 License.
• Submitting the Final Project Completion Report.

Summary of Resource Allocation

• ZK/Backend: ~80 hours | $4,400 | Core Logic, Security, Architecture
• Full-Stack: ~70 hours | $3,150 | Frontend, Wallet Integration, UX
• PM & QA: ~52 hours | $2,450 | Testing, Documentation, Delivery

TOTAL | ~202 hours | $10,000

[Final Pitch] Value for Money

How does the cost of the project represent value for the Midnight ecosystem?

We request 10,000 USDM to deliver an MVP that acts as a force multiplier for the ecosystem. This budget represents exceptional value for 4 key reasons:

1- Accelerating Developer Adoption: Our primary product is knowledge. By open-sourcing the "Trust Triangle" architecture (Issuer/Holder/Verifier), we save future Midnight developers hundreds of hours of R&D.

Value: A new developer can fork our repo and have a working Identity module in 10 minutes, rather than spending weeks figuring out ZK-circuits and wallet integration from scratch. If we save just 10 developers one week of work (valued at ~$1,000/week), the project pays for itself immediately.

2- Solving a Critical Vertical (Identity & Governance): Identity is the "missing layer" for DeFi, Voting, and Tokenization.

The Value: By providing a ready-to-use Identity architecture, we unlock high-value use cases for Midnight in the MENA region and beyond. We aren't just building a demo; we are building a foundational primitive that other dApps can plug into for compliance (KYC) and governance.

3- High-Skill Labor Efficiency: This budget covers 250+ hours of specialized engineering (ZK-circuit design, Compact smart contracts, React/Wallet integration) at a highly competitive effective rate of ~$40/hr.

The Value: Standard rates for ZK/Smart Contract engineers often exceed $100/hr. We are delivering a full-stack architecture simulation by including a Mock Government Issuer and Mock Bank Verifier for the price of a basic prototype. This maximizes the impact of the Midnight Foundation's treasury.

4- Pathway to Commercialization: (Startup Launchpad) This grant funds the MVP (Minimum Viable Product) for a dedicated Tunisian startup, CarthageX Labs.

The Value: Unlike hobby projects that may be abandoned, we are committed to building a sustainable business on top of this technology. Funding this Reference DApp effectively seeds a new commercial entity in the Midnight ecosystem, ensuring long-term maintenance, real-world government pilots, and continued user acquisition well beyond the 3-month grant period.

[Self-Assessment] Self-Assessment Checklist

I confirm that the proposal clearly provides a basic prototype reference application for one of the areas of interest.

Yes

I confirm that the proposal clearly defines which part of the developer journey it improves and how it makes building on Midnight easier and more productive.

Yes

I confirm that the proposal explicitly states the chosen permissive open-source license (e.g., MIT, Apache 2.0) and commits to a public code repository.

Yes

I confirm that the team provides evidence of their technical ability and experience in creating developer tools or high-quality technical content (e.g., GitHub, portfolio).

Yes

I confirm that a plan for creating and maintaining clear, comprehensive documentation is a core part of the proposal's scope.

Yes

I confirm that the budget and timeline (3 months) are realistic for delivering the proposed tool or resource.

Yes

[Required Acknowledgements] Consent & Confirmation

I Agree

Yes