Skip to main content

Protocol Mechanism

The Deeproof protocol operates as a secure bridge between trusted Web2 data sources and Web3 permissionless infrastructure. The system functions through a four-stage lifecycle.

Stage 1: The Secure Hook

The process begins entirely within the user's local environment, using the Deeproof Chrome Extension. When a user logs into a supported Identity Provider (e.g., Binance), the extension passively and securely listens for specific API responses (such as bapi/accounts/v1/private/account/get-user-base-info).

It intercepts the relevant data packets—specifically the User ID and KYC Level—verifying that the session is active and authenticated. This occurs within the browser's protected memory space; no external server is involved, and no credentials are ever transmitted.

Stage 2: The Circuit (Identity Engine)

Once the data is captured, the protocol's core "Identity Engine" activates. This is a Zero-Knowledge circuit written in Circom.

The circuit takes two types of inputs:

  1. Private Inputs: The user's specific userId from the provider, a randomly generated secret trapdoor (which acts as the user's private key for this identity), and the actual userKycLevel.
  2. Public Inputs: The required minKycLevel (e.g., Level 2 for verified).

The circuit performs a constraint check: it verifies that userKycLevel >= minKycLevel. If satisfied, it uses the Poseidon hash function to compute a cryptographic commitment:

$$IdentityCommitment = Poseidon(userId, trapdoor)$$

Stage 3: Proof Generation

Using snarkjs and the compiled WebAssembly (WASM) circuit, the browser generates a zk-SNARK proof (GROTH16). This proof cryptographically asserts two facts:

  1. "I know a valid Binance User ID and a secret trapdoor that strictly hash to this Commitment."
  2. "The user associated with this ID has a KYC level that passes the requirements."

Crucially, the proof does not reveal the userId or the trapdoor. It only reveals the mathematical validity of the statement.

Stage 4: On-Chain Settlement

The generated proof, along with the Identity Commitment, is submitted to the Deeproof Smart Contract on Mantle Sepolia.

The contract acts as the final Verifier. It checks the cryptographic proof against the protocol's Verification Key. If valid, the contract records the IdentityCommitment in an on-chain Merkle Tree (or registry). The user's wallet address is now bound to a "Verified Human" status, readable by any other smart contract in the ecosystem, all without linking the wallet to the real-world identity.