To address the limitations of the client-based proof system architecture, we introduce zkPass Service, a service-based proof system operating as a Proof-as-a-Service platform.

The defining characteristic of zkPass is the offloading of ZKP computations to a server operating within a Trusted Execution Environment (TEE). Users only need to initiate a service request through the zkpass-client SDK library, which then delegates the heavy computational tasks to the server side.

It should be noted that this server-centric approach has its downside. Most notably, the user's sensitive input data is no longer confined to their device but is instead processed in a centralized server. This shift necessitates a degree of trust to ensure the confidentiality of the user's input. To alleviate this concern, we run the zkPass server within a Trusted Execution Environment (TEE). This secure and isolated environment aims to provide an additional layer of protection, safeguarding the privacy of user's data while allowing for the efficient execution of ZKP computations. In other words, zkPass can still protect data confidentiality through the trusted privacy model.