DIDs are public correlation vectors. A DID anchored on Ethereum or Solana is a persistent identifier. Every transaction, attestation, or credential presentation links back to it, creating a comprehensive activity graph.
zero-knowledge-privacy-identity-and-compliance
Blog
Why Decentralized Identifiers (DIDs) Are Pointless Without ZK Proofs
A public DID registry that lists your credentials is a privacy anti-pattern. This analysis argues that zero-knowledge attestations are the only mechanism that fulfills the original promise of self-sovereign identity.
introduction
THE IDENTITY MISMATCH
The Public Ledger Privacy Trap
Decentralized Identifiers (DIDs) on public blockchains create a permanent, linkable record of user activity, defeating their privacy purpose without zero-knowledge proofs.
W3C standards are privacy-blind. The W3C Verifiable Credentials data model defines data formats, not privacy guarantees. Publishing a credential hash or selective disclosure on-chain without ZKPs leaks metadata.
Private credentials require private verification. Systems like Iden3's zk-proof circuits or Polygon ID allow credential validity proofs without revealing the credential or holder's DID. This is the only viable model.
Evidence: The Ethereum Attestation Service (EAS) stores all schema and attestation data on-chain. Without ZK rollups like Aztec, this creates a permanent public registry of personal linkages.
thesis-statement
THE IDENTITY PARADOX
Core Thesis: DIDs Without ZK Are an Oxymoron
Decentralized Identifiers (DIDs) fail their core purpose without Zero-Knowledge Proofs, as they expose the very data they aim to protect.
DIDs leak by default. A DID on a public ledger like Ethereum or Solana is a permanent, transparent record of all your attestations and interactions. This creates a global correlation database for anyone to analyze, defeating privacy.
ZKPs enable selective disclosure. Protocols like Sismo and Polygon ID use ZK to prove credential validity (e.g., citizenship, KYC) without revealing the underlying data. This separates identity verification from data exposure.
Without ZK, DIDs are worse than Web2. A centralized database at least has a perimeter. A public DID graph has none, enabling unprecedented surveillance by advertisers, governments, or malicious actors.
Evidence: The Worldcoin model highlights the flaw—storing biometric hashes on-chain creates immutable, linkable identifiers, a permanent privacy liability that ZK-native designs avoid.
key-trends
FROM CREDENTIALS TO CONTEXT
The ZK Identity Landscape: Who's Building What
Decentralized Identifiers (DIDs) are just pointers; without ZK proofs, they expose more than they protect.
01
The Problem: DIDs Leak Your Graph
A DID on-chain is a persistent, public identifier. Every transaction, vote, or attestation linked to it builds a permanent, analyzable identity graph. This defeats the purpose of privacy and enables sophisticated on-chain tracking and profiling.
- Public Ledger Exposure: Every credential verification is a public transaction.
- Correlation Risk: Pseudonymity is broken across dApps and chains.
- No Selective Disclosure: You must reveal the entire credential to prove one claim.
100%
Public
0
Context Hidden
02
The Solution: ZK-Credential Protocols
Zero-Knowledge proofs allow you to prove statements about credentials (e.g., 'I am over 18', 'I am KYC'd by Project X') without revealing the credential itself or your DID. This separates identity from transaction context.
- Minimal Disclosure: Prove specific claims from signed attestations.
- Unlinkability: Proofs are one-time-use, preventing graph correlation.
- Composability: ZK proofs become verifiable inputs for DeFi, governance, and access control.
~1-2s
Proof Gen
0
Data Leaked
03
Entity: Polygon ID
A full-stack identity framework using Iden3 protocol and Circom ZK circuits. Issues verifiable credentials that can be used to generate ZK proofs for on-chain verification. Focused on reusable identity for dApps.
- On-Chain Verifiers: Smart contracts can verify ZK proofs of identity claims.
- Issuer Node Infrastructure: For enterprises and protocols to issue credentials.
- Integration Path: Used by Dish Network for credential-based access.
<$0.01
Verify Cost
Iden3
Core Protocol
04
Entity: Sismo
Specializes in ZK attestations—non-transferable badges (ZK Badges) that prove membership or reputation aggregated from multiple sources (e.g., Ethereum, GitHub). Data stays off-chain; only the proof is used.
- Data Aggregation: Creates a unified 'portable reputation' from fragmented web2/web3 data.
- Stealth & Sovereignty: Users generate proofs locally; no central data vault.
- Use Case: Governance (proof-of-personhood, DAO delegation), access gating.
ZK Badges
Primitive
Off-Chain Data
Source
05
Entity: Worldcoin & Proof of Personhood
Uses biometric hardware (Orb) to issue a global, unique ZK-proof-based identity (World ID). The core innovation: proving humanness and uniqueness without revealing which human. A DID system where the identifier is a ZK proof.
- Global Sybil Resistance: Aims for one-person-one-vote in digital governance.
- Privacy-Preserving: The biometric is discarded; only the ZK credential remains.
- Scalability Challenge: Relies on physical hardware distribution for initial issuance.
~5M+
Users
ZK-SNARKs
Proof System
06
The Killer App: Private On-Chain Compliance
The convergence point for ZK identity. Users can prove compliance (KYC, accreditation, citizenship) to a regulated DeFi pool or institution without exposing their personal data to the public chain or the counterparty.
- Institutional Gateway: Enables TradFi liquidity to enter DeFi with regulatory cover.
- User Sovereignty: The compliance credential is reusable but non-correlatable.
- Projects Exploring: Manta Network, Aztec, and Polygon ID with specific financial primitives.
$10B+
TVL Potential
ZK + DID
Stack
WHY RAW DIDs ARE A LIABILITY
DID vs. ZK Attestation: A Privacy & Utility Matrix
Compares the fundamental capabilities of a raw Decentralized Identifier (DID) document versus one enhanced with Zero-Knowledge (ZK) attestations, highlighting the privacy and utility deficits of the former.
| Feature / Metric | Raw DID (e.g., W3C DID Core) | ZK-Attested DID (e.g., Sismo, Polygon ID) | Decision Implication |
|---|---|---|---|
On-Chain Privacy Footprint | All linked Verifiable Credentials (VCs) are publicly queryable | Only the ZK proof of credential validity is published; underlying data remains private | Raw DIDs leak your entire credential graph. ZK DIDs minimize on-chain data exposure. |
Selective Disclosure Granularity | You must present an entire credential. You can prove specific claims (e.g., age > 18) without revealing your birthdate. | ||
Sybil-Resistance Proof | Requires public linkage of high-value credentials (e.g., passport) | Can generate a proof of unique humanity or reputation from private credentials | Raw DIDs force privacy-for-security trade-offs. ZK DIDs enable private Sybil resistance. |
Cross-DApp Replay & Correlation Risk | High. Same DID/VCs are reused, creating a persistent identity graph. | Low. Can generate unique, session-specific proofs for each application. | Raw DIDs are tracking beacons. ZK DIDs enable pseudonymous, unlinkable interactions. |
Composability with DeFi/Governance | Limited. Public credential exposure creates MEV and targeting risks. | Native. Enables private proof-of-personhood for airdrops, private voting (e.g., Aztec), and undercollateralized lending. | Raw DIDs are unfit for high-value on-chain activity. ZK DIDs unlock private finance and governance primitives. |
Regulatory Compliance (e.g., Travel Rule) | Problematic. Public ledger exposes all counterparty PII. | Feasible. Can provide ZK proofs of regulatory compliance to a licensed verifier off-chain. | Raw DIDs conflict with data minimization principles. ZK DIDs align with privacy-by-design regulations like GDPR. |
Typical Attestation Cost & Finality | ~$0.50 - $5, 12 sec - 5 min | ~$0.10 - $2.50 (proof gen off-chain), 12 sec - 5 min | ZK adds negligible on-chain cost. The privacy ROI is orders of magnitude higher. |
deep-dive
THE VERIFIABLE SELF
The Technical Inevitability of ZK for Identity
Decentralized Identifiers (DIDs) are a data standard, but zero-knowledge proofs are the computational engine that makes them usable.
DIDs are just pointers. A Decentralized Identifier (DID) on a blockchain like Ethereum or Solana is a public key. It links to a DID Document, a static JSON file listing your credentials. This creates a publicly linkable identity graph, defeating the purpose of privacy-centric identity systems.
ZKPs enable selective disclosure. Zero-knowledge proofs, as implemented by protocols like Sismo and Polygon ID, transform static DIDs. They allow a user to prove credential attributes (e.g., 'over 18', 'KYC'd by Civic') without revealing the credential itself or the DID. The proof is the credential.
Without ZK, DIDs regress to Web2. A DID that must broadcast its entire attestation history for verification is a publicly auditable dossier. This is worse than a traditional database, as it's immutable and globally accessible. Projects like Worldcoin demonstrate the necessity of ZK for proving humanness without biometric exposure.
Evidence: The W3C Verifiable Credentials data model, the standard for DIDs, explicitly defines a 'Zero-Knowledge Proof' proof format. The technical specification mandates ZK for privacy, making it a core dependency, not an optional add-on.
counter-argument
THE MISPLACED PRIORITY
Steelman: "But We Need Public Revocation!"
Public revocation lists are a legacy security model that undermines privacy and scalability, making DIDs pointless without ZK proofs.
Public revocation lists leak data. A global, on-chain list of invalidated credentials reveals user activity patterns and affiliation changes, creating a permanent privacy leak that contradicts the core promise of self-sovereign identity.
ZK proofs enable private revocation. Systems like Iden3's credential revocation or Sismo's zero-knowledge attestations allow a user to prove a credential is valid without revealing its identifier, eliminating the need for a public deny-list entirely.
The scalability argument is a red herring. Maintaining and checking a global revocation registry, as proposed by W3C's StatusList2021, creates a centralized bottleneck and on-chain overhead that ZK-based selective disclosure avoids.
Evidence: The Ethereum Attestation Service (EAS) schema registry shows most attestations are for non-revokable, static data; complex, stateful credentials requiring revocation are a niche that ZK proofs like those from RISC Zero or Succinct are built to handle privately.
protocol-spotlight
THE VERIFIABLE SELF
Protocol Spotlight: ZK Identity in Practice
DIDs are just pointers; ZKPs are the muscle that makes them useful without compromising the user.
01
The Problem: Sybil-Resistance is a Privacy Nightmare
Legacy solutions like Proof-of-Humanity or social graphs force you to expose your connections. A DID without ZK is a public declaration of attackable surface area.
- Key Benefit: Prove uniqueness without revealing who you are.
- Key Benefit: Enable 1-click airdrop claims without doxxing your entire wallet history to the world.
0
Personal Data Leaked
100%
Sybil-Proof
02
The Solution: Programmable Credentials with Sismo & Polygon ID
These protocols turn static attestations into dynamic, composable ZK badges. Your KYC from one app becomes a reusable, private proof for DeFi elsewhere.
- Key Benefit: Selective disclosure (e.g., prove you're >18, not your exact DOB).
- Key Benefit: Gasless verification via off-chain proof generation, enabling mainstream UX.
<$0.01
Verification Cost
~2s
Proof Gen
03
The Killer App: Private Reputation for On-Chain Credit
Lending protocols like Aave and Compound need collateral. ZK identity enables undercollateralized loans based on private, provable repayment history.
- Key Benefit: Unlock $10B+ in latent credit markets without requiring overcollateralization.
- Key Benefit: Build a portable credit score that no single institution can freeze or censor.
10x
Capital Efficiency
0
Public Debt History
04
The Infrastructure: Why zkSNARKs Beat zkSTARKs for This
Identity proofs are small, recursive, and need cheap verification. zkSNARKs (via Groth16, Plonk) offer smaller proofs and faster verification than zkSTARKs, critical for wallet integration.
- Key Benefit: ~10KB proof size enables mobile and social recovery wallet integration.
- Key Benefit: Sub-second verification on L2s like zkSync and Starknet makes it feel like Web2.
10KB
Proof Size
<1s
Verify Time
05
The Reality Check: Most 'DID' Projects Are Just Databases
If a system asks for your wallet to 'verify' and then stores that link, it's a centralized database with extra steps. True ZK identity requires client-side proof generation.
- Key Benefit: Architectures like Worldcoin's Orb + ZKP are the only path to global scale without surveillance.
- Key Benefit: Eliminates the protocol as a single point of failure and a honeypot for data breaches.
100%
Client-Side
0
Liability
06
The Future: Autonomous Agents with Verifiable Personhood
AI agents will need to prove they are human-aligned or have specific credentials to interact with DeFi and DAOs. ZK-DIDs are the only way to do this without creating a centralized agent registry.
- Key Benefit: Enable trustless delegation of on-chain actions to bots.
- Key Benefit: Create DAO voting systems where influence is based on private, proven contribution, not token wealth.
24/7
Agent Operation
ZK-Proof
Of Personhood
takeaways
DID REALITY CHECK
TL;DR for CTOs & Architects
DIDs without ZKPs are just expensive, leaky databases. Here's the technical breakdown.
01
The Privacy Lie of Public DIDs
A DID on a public ledger like Ethereum or Solana is a permanent, linkable identifier. Every attestation or action creates a public graph of your identity, defeating the purpose.\n- Correlation Risk: All on-chain activity is trivially linked to your DID.\n- Data Leak: Verifiable Credentials (VCs) often contain metadata that leaks even if the claim is hidden.
100%
Linkable
0
Real Privacy
02
The Verifier's Dilemma & Compliance Overhead
Without ZKPs, a verifier (e.g., a DeFi protocol checking KYC) must receive and process your full credential data. This creates liability and operational bloat.\n- Data Liability: The verifier becomes a data controller under regulations like GDPR.\n- Trust Assumption: You must trust the verifier's security not to leak your sensitive PII.
High
Compliance Cost
Centralized
Trust Point
03
The ZKP Solution: Selective Disclosure as a Primitve
Zero-Knowledge Proofs (using circuits from Circom, Halo2, or Noir) transform DIDs from identifiers to permission systems. You prove properties (e.g., "I am over 18") without revealing the underlying data.\n- Minimal Disclosure: Prove only the necessary predicate (age > X, citizenship = Y).\n- Unlinkable Sessions: Each proof is cryptographically unique, preventing activity correlation across sessions.
~1-2s
Proof Gen
0 KB
PII Leaked
04
Architectural Shift: From Registry to Verifier Network
With ZK-DIDs, the core infrastructure changes. The blockchain (e.g., Ethereum) becomes a public verifier of proofs, not a store of credentials. Projects like Sismo, zkPass, and Polygon ID are building this layer.\n- State Minimization: On-chain storage is for proof verification state, not user data.\n- Interoperability: A ZK proof from one issuer can be used across any compliant verifier, enabling composability.
10x
Scalability
Composable
Design
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall