A Privacy-Preserving, Revocable, Multi-Verifier Credential System
In many digital systems, users are required to repeatedly share personal information (age, student status, nationality, etc.) with different services.
This leads to:
- Excessive data disclosure
- User tracking across platforms
- Privacy violations
- Centralized trust in verifiers
The challenge is to design a system where users can prove facts about themselves without revealing their identity or raw data, even when interacting with multiple independent verifiers.
Nexus-ZK is a cryptography-based credential system that enables:
- ✅ Selective disclosure of attributes
- ✅ Zero-knowledge predicate proofs
- ✅ Unlinkability across multiple verifiers
- ✅ Privacy-preserving credential revocation
- ✅ No global user identifiers
- ✅ Minimal trust in verifiers
The system is designed to be practical, extensible, and beginner-friendly, while still following academically sound cryptographic principles.
- Zero-Knowledge Predicate Proofs (abstracted)
- Digital Signatures (BBS-style design)
- Hash-based revocation tokens
- Verifier unlinkability via independent sessions
- Honest-but-curious threat model
┌────────────┐
│ ISSUER │ (FastAPI :8000)
│ │
│ /issue │
│ /revoke │
└─────┬──────┘
│ signed credential
│ (attributes + signature
│ + revocation token)
▼
┌────────────┐
│ HOLDER │
│ (WALLET) │
│ │
│ stores credential
│ generates proof
└─────┬──────┘
│
│ request challenge
▼
┌────────────┐
│ VERIFIER │ (FastAPI :8001)
│ │
│ /challenge │───► nonce
│ /verify │◄─── proof + nonce
└─────┬──────┘
│
▼
ACCEPT / REJECT
- Issuer issues and revokes credentials
- Holder (Wallet) controls credentials and generates proofs
- Verifiers only learn proof validity (true / false)
- Multiple verifiers operate independently, with no shared state
Nexus-ZK includes a Verifier Privacy Audit Mode, which transparently demonstrates what the verifier sees and what it never sees.
When audit mode is enabled, the verifier logs:
❌ No user identity
❌ No credential identifier
❌ No raw attribute values
✔ Only the predicate evaluated
✔ Only the final verification result
🔍 VERIFIER PRIVACY AUDIT LOG
-----------------------------------
Received credential identifier: ❌ None
Received user identity: ❌ None
Received raw attributes:
- age: ❌ hidden
- country: ❌ hidden
- student: ❌ hidden
Predicate evaluated: ✔ age_over_18
Verification result: ✔ True
-----------------------------------
This allows privacy guarantees to be demonstrated live, rather than merely claimed.
Nexus-ZK supports multiple independent verifiers, each running as a separate service with:
- Independent nonce storage
- Independent databases
- No shared identifiers or state
- The same wallet and same credential can be verified across multiple verifiers, and those verifiers cannot link sessions, even if they collude.
- This demonstrates true verifier unlinkability in a distributed setting.
nexus-zk/
│
├── README.md
├── docs/
│ ├── protocol.md
│ ├── threat_model.md
│ └── privacy_claims.md
│
├── issuer/
│ └── issuer.py
│
├── holder/
│ ├── wallet.py
│ └── proof_generator.py
│
├── wallet/
│ ├── wallet.py
│ └── wallet_cli.py
│
├── services/
│ ├── issuer_api/
│ ├── verifier_api/
│ └── verifier_b_api/
│
├── crypto/
│ └── bbs.py
│
├── benchmark/
│ └── benchmark.py
│
└── requirements.txt
1️⃣ Clone the Repository
git clone https://github.com/SDuttaCodebase/nexus-zk.git
cd nexus-zk2️⃣ Create Virtual Environment
python -m venv venvActivate it:
Windows: venv\Scripts\activate3️⃣ Install Dependencies
pip install -r requirements.txtStart Services (Run each command in a separate terminal)
uvicorn services.issuer_api.main:app --reload
uvicorn services.verifier_api.main:app --reload --port 8001
uvicorn services.verifier_b_api.main:app --reload --port 8002Issue Credential
python -m wallet.wallet_cli issueProve Predicate
python -m wallet.wallet_cli prove age_over_18The system guarantees:
- Selective disclosure of attributes
- Verifier unlinkability across sessions and services
- Replay-attack prevention via nonces
- Privacy-preserving revocation
- Issuer blindness to credential usage
Detailed analysis is available in:
- docs/protocol.md
- docs/threat_model.md
- docs/privacy_claims.md
The system can be evaluated on:
- Proof generation time
- Verification time
- Revocation lookup cost
Benchmarking support is included in the benchmark/ directory.
All measurements are averaged over 1000 iterations.
- Credential issuance: ~0.14 ms
- Proof generation: ~0.001 ms
- Verification: below millisecond resolution
- Revocation check: ~0.001 ms
The results indicate that the protocol introduces negligible overhead and is suitable for real-time verification scenarios.
- Full BBS+ signature implementation
- Cryptographic accumulators for revocation
- zk-SNARK-based predicate proofs
- Integration with decentralized identity (DID) systems
- Issue a credential using the wallet CLI
- Prove a predicate to Verifier A
- Enable audit mode to show zero data leakage
- Prove the same credential to Verifier B
- Revoke the credential and show verification failure
Nexus-ZK demonstrates that strong privacy guarantees, unlinkability, and revocation can be achieved without sacrificing usability or requiring trusted verifiers.
It serves as both a complete system prototype and a foundation for advanced cryptographic research.
Developed as part of a cryptography-focused research and hackathon project by - Sandipan Dutta.