Last updated 2 weeks ago
Proving vaccination status currently requires revealing full medical records, exposing sensitive health data like dates, locations, and other vaccinations unnecessarily.
zkVaccine enables users to prove "fully vaccinated for [disease]" using ZK proofs without revealing their complete vaccination history or personal health information.
Please provide your proposal title
zkVaccine: Privacy-Preserving Vaccination Proof on Midnight
Please specify how many months you expect your project to last
3
Please indicate if your proposal has been auto-translated
No
Original Language
en
What is the problem you want to solve?
Proving vaccination status currently requires revealing full medical records, exposing sensitive health data like dates, locations, and other vaccinations unnecessarily.
Does your project have any dependencies on other organizations, technical or otherwise?
No
Describe any dependencies or write 'No dependencies'
No dependencies
Will your project's outputs be fully open source?
Yes
Please provide here more information on the open source status of your project outputs
All project outputs will be released under the MIT License, ensuring maximum accessibility and reusability. The complete source code, including Compact smart contracts, TypeScript integration code, demo UI, tests, and documentation will be publicly available on GitHub from day one of development. This aligns with the Midnight Foundation's goal of building a library of functional reference examples for the developer community.
Please choose the most relevant theme and tag related to the outcomes of your proposal
Healthcare
What is useful about your DApp within one of the specified industry or enterprise verticals?
zkVaccine addresses a critical privacy gap in health verification that became globally apparent during the COVID-19 pandemic. When vaccination proof became a requirement for travel, employment, and venue access, millions of people were forced to reveal their complete vaccination records. This included their full name and date of birth, all vaccination dates and locations, healthcare provider information, and other unrelated vaccinations they had received throughout their lives.
Traditional vaccination certificates, whether paper cards, QR codes, or health apps, expose far more information than necessary. A venue checking COVID-19 vaccination status doesn't need to know about your childhood immunizations, yet current systems reveal everything. This creates unnecessary privacy risks and places the burden of data protection on verifiers who never needed that information in the first place.
Midnight's privacy features solve this problem elegantly. Through selective disclosure, users can prove "I am fully vaccinated against COVID-19" without revealing when they were vaccinated, where, which vaccine brand, or any other health information. Zero-knowledge verification gives verifiers cryptographic certainty of vaccination status without accessing the underlying medical data. Most importantly, user-controlled privacy means the individual decides what to prove and to whom, maintaining sovereignty over their health data.
The real-world applications are extensive. Airlines and border control can verify vaccination requirements without storing passenger health records. Employers in healthcare or education can verify compliance without accessing full medical histories. Large gatherings can implement health policies without becoming custodians of sensitive data. Schools can verify student immunization requirements while protecting family privacy.
The COVID-19 experience demonstrated global demand for privacy-preserving health verification. zkVaccine provides a working template that health authorities, employers, and developers can study and adapt. It showcases how Midnight's programmable privacy can solve real compliance challenges while respecting individual privacy rights, making it an ideal reference implementation for the Health vertical.
What exactly will you build? List the Compact contract(s) and key functions/proofs, the demo UI flow, Lace (Midnight) wallet integration, and your basic test plan.
1.Compact contracts
I will develop two Compact contracts that form the core of the vaccination verification system.
The first contract, VaccinationRegistry.compact, manages vaccination attestations. It includes an issueAttestation function that allows authorized issuers to create vaccination attestations containing private data such as vaccine type, date, and batch number, along with a public commitment. The revokeAttestation function enables issuers to invalidate attestations if needed. Administrative functions for adding and removing authorized issuers complete this contract.
The second contract, VaccinationProof.compact, handles ZK proof generation for selective disclosure. The proveVaccinatedFor function proves a user is vaccinated for a specific disease without revealing other data. The proveFullyVaccinated function proves the user has received the required number of doses. The proveVaccinatedAfter function proves vaccination occurred after a certain date, useful for "recent vaccination" requirements. Finally, verifyProof handles on-chain verification of submitted ZK proofs.
2.Key Zero-Knowledge Proofs
The system implements several proof types. The disease-specific proof demonstrates "Vaccinated for COVID-19" while keeping other vaccinations, dates, and locations private. The dose count proof shows "Received 2+ doses of COVID-19 vaccine" without revealing exact counts, dates, or vaccine brands. The recency proof establishes "Vaccinated within last 12 months" while the exact date, location, and provider remain hidden. The validity proof confirms "Attestation is valid and not revoked" with all underlying data protected.
3.Demo User Interface
The demo application will have three distinct interfaces serving different roles in the verification ecosystem.
The Issuer Portal simulates a health authority. Users can log in as authorized issuers, create vaccination attestations for users, view and revoke previously issued attestations, and monitor issuance statistics through a dashboard.
The User Wallet Interface connects with the Lace (Midnight) wallet. Users can view their received vaccination attestations with private data visible only to themselves. They can generate ZK proofs for specific verification requests, select exactly what to prove such as disease type, dose requirements, or recency, and share proofs with verifiers.
The Verifier Portal serves employers, venues, or border control. Verifiers can request vaccination proof with specific criteria, receive and verify ZK proofs, and see clear verification results showing VALID or INVALID without any access to underlying health data.
4.Wallet Integration
The application fully integrates with the Lace wallet for Midnight. This includes wallet connection for user authentication, transaction signing when receiving attestations, proof generation triggered from the wallet context, and secure storage of private attestation data in the wallet's local state.
5.Testing Approach
The test plan covers multiple layers. Unit tests verify individual Compact functions using the Midnight testing framework. Integration tests validate contract interaction flows through a TypeScript test suite. Proof verification tests cover both valid and invalid proof scenarios through automated test cases. UI tests ensure user flows work correctly through a manual testing checklist. Edge case testing addresses scenarios like revoked attestations, expired proofs, and unauthorized issuer attempts.
Specific test scenarios include the complete flow from issuing attestation through proof generation to successful verification. Additional scenarios test that revoking an attestation causes subsequent proof generation to fail, that unauthorized issuer attempts are rejected, that proofs for wrong disease types fail verification, and that the system correctly handles users with multiple attestations.
How will other developers learn from and reuse your repo? Describe repo structure, README contents, docs/tutorials, test instructions, and extension points. Which developer personas benefit, and how will you gauge impact (forks, stars, issues, remixes)?
Which Part of the Developer Journey This Improves?
zkVaccine specifically targets developers at the "first real project" stage of their Midnight journey. After completing the Midnight Developer Academy and building simple examples like the Counter dApp, developers often struggle to bridge the gap to building meaningful applications. They face questions like: How do I structure a multi-party application? How do I properly separate public and private state? How do I integrate wallet authentication into a real UI? How do I test ZK proofs effectively?
zkVaccine fills this gap by providing a complete, intermediate-complexity reference that demonstrates patterns not covered in basic tutorials. The three-party architecture of Issuer, User, and Verifier is a fundamental pattern for credential and attestation systems. By studying zkVaccine, developers can accelerate past weeks of trial-and-error learning and move directly to building their own applications with confidence.
The project also improves the "adaptation and extension" phase. Developers who want to build identity verification, professional credentials, or any attestation system can fork zkVaccine and modify it rather than starting from scratch. Clear extension points and documented customization paths make this adaptation straightforward.
How It Makes Building on Midnight Easier and More Productive?
zkVaccine reduces friction in several concrete ways. Developers no longer need to figure out multi-party state management from first principles because they can study working code. The wallet integration patterns are copy-paste ready for new projects. The test suite provides templates for testing ZK applications, which is notoriously difficult for newcomers. The documentation explains not just what the code does, but why architectural decisions were made, helping developers apply similar reasoning to their own projects.
By providing this intermediate stepping stone, zkVaccine shortens the path from "completed the Academy" to "shipped my first real dApp" by an estimated 40-80 hours per developer.
Repository Structure
The repository follows a clear, logical structure that developers can navigate easily. The root contains the main README.md and LICENSE file. A docs folder holds architecture documentation, privacy model explanations, tutorials, API references, and deployment guides. The contracts folder contains the Compact source files and shared type definitions. The src folder organizes code by role with separate directories for issuer, user, and verifier interfaces, plus shared libraries and wallet integration code. Tests are organized into unit tests, integration tests, and fixtures. Scripts handle deployment and demo setup. An examples folder provides minimal implementations showing basic proof generation, custom verifier logic, and multi-disease extensions.
README Contents
The README.md provides everything developers need to understand and use the project. It opens with a project overview explaining what zkVaccine does and why privacy matters for vaccination verification. A quick start section gets developers running in under 10 minutes. An architecture diagram visually represents the issuer to user to verifier flow. The privacy model explanation describes how selective disclosure works in this context.
Installation requirements cover Node.js, Midnight CLI, and Lace wallet setup. Local development instructions explain how to run the full demo. Contract documentation provides function signatures with usage examples. Testing instructions show how to run the test suite. An extension guide explains how to adapt zkVaccine for other use cases. Contributing guidelines describe how others can improve the project. License information covers MIT License details.
Supporting Documentation
_ ARCHITECTURE.md provides a detailed explanation of the three-party model covering Issuer, User, and Verifier roles, and how data flows privately between them.
_ PRIVACY_MODEL.md serves as an educational document. It explains what data is public versus private on-chain, how ZK proofs enable selective disclosure, why this approach is superior to traditional certificates, and the threat model with security considerations.
_ TUTORIAL.md offers a step-by-step guide for developers. It helps them understand the codebase structure, modify contracts for different verification requirements, add new proof types, and customize the UI for specific use cases.
Extension Points
Developers can extend the project in several ways. Adding new disease types involves extending the diseaseType enum in the contract, enabling support for diseases like Malaria or Yellow Fever for travel requirements. Custom proof logic can be added by extending VaccinationProof.compact, such as proving "Vaccinated AND boosted within 6 months." Additional issuer types can be added by modifying issuer authorization to support hospital networks or pharmacy chains. UI customization is straightforward by forking and modifying React components for brand-specific verifier portals. Integration APIs export TypeScript functions that enable backend integration with existing applications.
Target Developer Personas
Health tech developers building vaccination or health credential systems will find privacy-preserving architecture patterns they can apply directly. Identity and credential developers working on any attestation system covering education, employment, or licensing can adapt the three-party model. Midnight newcomers learning the platform benefit from a complete, well-documented reference application. Enterprise architects evaluating Midnight for health sector applications get working proof-of-concept code they can demonstrate to stakeholders.
Measuring Impact
I will track project impact through several metrics over the six months following completion. GitHub stars target 25 or more, with forks targeting 10 or more. Issues and discussions should generate 15 or more meaningful interactions. Documentation views will be tracked via GitHub insights.
Beyond metrics, I will announce the project in Midnight Discord and Cardano community channels. I will create a demo video walkthrough for the Midnight community. The project will be submitted to the midnight-awesome-dapps repository. I will write a blog post explaining the privacy model for non-technical audiences.
Please describe your proposed solution and how it addresses the problem
zkVaccine is a privacy-preserving vaccination verification system built on Midnight that enables users to prove their vaccination status without revealing sensitive health information. The solution implements a three-party architecture using Compact smart contracts and zero-knowledge proofs.
The solution leverages Midnight's unique capabilities in several ways.
Smart contracts written in Compact define the attestation structure, proof logic, and verification rules. Compact's TypeScript-like syntax makes the code accessible while its constraints enable ZK proof generation.
The local proof server generates ZK proofs based on user-supplied private data and contract rules. It runs locally, ensuring private data never leaves the user's device.
The contract structure separates public state, which includes attestation commitments and issuer registry, from private state containing vaccination details. This separation enables granular control over what is revealed.
The Midnight version of Lace wallet manages user identity, private attestation storage, and transaction signing, providing a familiar user experience.
Traditional vaccination verification exposes the full vaccination record to anyone requesting proof. The verifier becomes a data custodian with associated breach risks and regulatory compliance burdens. Users have no control over their information.
zkVaccine changes this fundamentally. Only relevant status is proven while everything else remains private. Verifiers receive no sensitive data, so there is nothing to breach. Privacy is built into the design itself, and users decide exactly what to share.
Please define the positive impact your project will have on Midnight ecosystem
zkVaccine provides a concrete, relatable example of why programmable privacy matters. The COVID-19 pandemic created universal awareness of vaccination verification challenges. By showing how Midnight solves this problem elegantly, the project helps potential adopters understand Midnight's value proposition immediately.
Health is one of Midnight's key target verticals. zkVaccine provides a working code template for health credential applications, documented patterns for handling sensitive medical data, and a foundation that can be extended to other health use cases such as prescriptions, test results, and insurance verification.
The project serves as a comprehensive learning resource. It offers a complete example of Compact contract development, demonstrates the three-party architecture pattern that is reusable across many domains, shows integration patterns for Lace wallet, and illustrates testing strategies for ZK applications.
Developers will learn Midnight through a practical, relatable example. The project proves Midnight can handle health sector requirements. Patterns are reusable for identity, credentials, and certifications. The project will generate community discussion and contributions around health privacy.
The project establishes best practices for structuring multi-party privacy applications on Midnight, documenting ZK proof designs for non-cryptographers, testing privacy-preserving applications, and integrating with the Lace wallet ecosystem.
Healthcare organizations evaluating blockchain solutions often dismiss public chains due to privacy concerns. zkVaccine demonstrates how Midnight addresses these concerns, potentially opening doors for enterprise health sector adoption.
What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?
I bring 5 years of professional TypeScript and JavaScript experience used extensively in production projects. My blockchain development background includes completing the Plutus Pioneer Program with smart contract development experience on both Cardano and Ethereum. For Midnight specifically, I have completed the Midnight Developer Academy covering the full curriculum. My 5 years of AWS cloud architecture experience informs secure, scalable system design. Overall, I have 7 years of professional software engineering experience spanning full-stack development across multiple projects.
Within the Catalyst ecosystem, I have served as a Community Reviewer since Fund 9, giving me deep understanding of what makes proposals successful and how reviewers evaluate projects. As a Milestone Reviewer since Fund 11, I have experience evaluating project deliverables and understanding what constitutes acceptable proof of achievement.
The core technologies required are all available and documented. The Midnight Compact compiler is production-ready. The Lace wallet Midnight version is available for testnet. The Midnight testnet is operational and stable. OpenZeppelin Compact libraries are available as references.
The project scope is deliberately designed to be achievable in 3 months. It involves two focused Compact contracts rather than an entire platform. The demo UI is functional but not production-polished. Feature boundaries are clear, focusing on vaccination verification only. Existing patterns from projects like Proofshare and KYC Midnight provide guidance.
Several strategies address potential risks. For the Compact learning curve, I have completed the Academy and will attempt simpler patterns first. For testnet instability, buffer time is built into the schedule and local testing comes first. To prevent scope creep, a fixed feature set is defined with extensions documented for future development. For documentation overhead, documentation will be written alongside code rather than after.
Please provide a cost breakdown of the proposed work and resources
Development labor accounts for $5,600 or 80% of the budget, covering smart contract development, UI development, testing, and integration work. Documentation and tutorials receive $700 or 10%, covering technical writing, diagrams, and video production. Infrastructure and tools receive $350 or 5% for cloud hosting for the demo and development tools. Community and promotion receives $350 or 5% for demo video production and community engagement.
The labor breakdown allocates 100 hours to Milestone 1 for contracts and testing at an effective rate of $25 per hour, totaling $2,500. Milestone 2 receives 100 hours for UI and integration work at the same rate for $2,500. Milestone 3 receives 80 hours for documentation and close-out at $25 per hour for $2,000. The total is 280 hours of work.
The effective rate of $25 per hour is competitive for blockchain development work, particularly considering the specialized Midnight and Compact development skills required, the full-stack delivery covering contracts, UI, documentation, and testing, and the open-source contribution providing long-term community value. This rate reflects the project's nature as a community contribution and reference implementation rather than commercial consulting work.
How does the cost of the project represent value for the Midnight ecosystem?
Comprehensive Deliverable for Modest Investment
For $7,000 USDM, the Midnight ecosystem receives two production-quality Compact contracts, a three-component demo UI with wallet integration, an extensive test suite, a comprehensive documentation package, a tutorial for developer education, and a community-facing demo video. Comparable reference applications in other ecosystems often cost $20,000 to $50,000 or more when developed commercially.
High Reusability Multiplier
The three-party pattern of Issuer to User to Verifier implemented in zkVaccine is applicable across numerous domains. Educational credential systems could prove degree completion without revealing GPA. Professional licensing could prove valid license status without revealing details. Employment verification could prove current employment without revealing salary. Age verification could prove being over 18 or 21 without revealing birthdate. Background checks could prove clean records without revealing history.
Each developer who adapts zkVaccine for their use case multiplies the value of this initial investment.
Developer Onboarding Acceleration
New Midnight developers often struggle with understanding Compact contract patterns, implementing wallet integration correctly, structuring privacy-preserving applications, and testing ZK applications. zkVaccine provides working answers to all these challenges, potentially saving each new developer 40 to 80 hours of trial and error. If even 10 developers benefit, that represents 400 to 800 developer hours saved, far exceeding the project cost.
Health Sector Showcase
Health is a strategic vertical for Midnight. Having a polished, well-documented health sector reference application validates Midnight for health tech evaluators, provides concrete talking points for business development, and demonstrates regulatory compliance capabilities.
Cost Efficiency
Several factors enhance cost efficiency. A solo developer means lower overhead with no coordination costs. An experienced builder delivers faster with fewer revisions. An Academy graduate reduces learning time charged to the project budget. Open source licensing provides perpetual value to the community.
Risk-Adjusted Value
The project's modest scope and the developer's relevant experience minimize delivery risk. The Midnight Foundation receives high probability of successful completion, clear and measurable deliverables, accountability through the milestone structure, and a permanent ecosystem asset.
zkVaccine offers exceptional value for money by delivering a complete, reusable, and well-documented reference application that addresses a universally understood privacy challenge. The investment creates lasting value through developer education, code reusability, and health sector validation, all at a competitive cost point that respects the Midnight Foundation's resources.
I confirm that the proposal clearly provides a basic prototype reference application for one of the areas of interest.
Yes
I confirm that the proposal clearly defines which part of the developer journey it improves and how it makes building on Midnight easier and more productive.
Yes
I confirm that the proposal explicitly states the chosen permissive open-source license (e.g., MIT, Apache 2.0) and commits to a public code repository.
Yes
I confirm that the team provides evidence of their technical ability and experience in creating developer tools or high-quality technical content (e.g., GitHub, portfolio).
Yes
I confirm that a plan for creating and maintaining clear, comprehensive documentation is a core part of the proposal's scope.
Yes
I confirm that the budget and timeline (3 months) are realistic for delivering the proposed tool or resource.
Yes
I Agree
Yes
Manh Nguyen - Solo Developer (Full-Stack)
I will handle all aspects of the project including smart contract development in Compact, TypeScript integration code, demo UI development, Lace wallet integration, testing and quality assurance, documentation and tutorials, and community engagement and project promotion.
My 7 years of professional software engineering includes extensive experience writing technical documentation and creating educational content for development teams. As a team lead for 4 years, I regularly produced architecture documents, onboarding guides, and technical specifications that helped junior developers understand complex systems. This experience directly translates to creating high-quality documentation for zkVaccine.
I have 5 years designing AWS cloud infrastructure and 5 years working with TypeScript and JavaScript in production environments. My GitHub profile at https://github.com/danny-nguyen-2702 demonstrates my coding standards and documentation practices across multiple repositories.
My blockchain development experience includes completing the Plutus Pioneer Program, the Cardano Blockchain Course, and most relevantly, the Midnight Developer Academy. The Academy completion demonstrates my proficiency with Compact smart contract development, ZK proof concepts, Lace wallet integration, and Midnight testnet deployment. This is not theoretical knowledge but hands-on experience building and deploying Midnight applications.
Within the Catalyst ecosystem, I have served as a Community Reviewer since Fund 9, evaluating hundreds of proposals and understanding what makes technical projects successful. As a Milestone Reviewer since Fund 11, I have assessed project deliverables and understand exactly what constitutes acceptable proof of achievement. This experience means I know how to structure deliverables that meet community expectations and how to document progress clearly.
Verifiable Links: