🧱zkPass Components

zkPass Service

The zkPass Service has 2 parts:

• zkPass Web Service zkPass Web Service provides the REST API for the zkPass module clients. This endpoint accepts parameters that are defined by the zkPass module and forwards them to the ZkPass Host for the actual execution of the application. The web service operates in an untrusted environment. The clients of the zkPass module communicate with the web service via the zkPass Client Library.

• zkPass Host zkPass Host operates within a Trusted Execution Environment (TEE), ensuring complete isolation and security from external threats. It interacts with the zkPass Web Service through a secure, specialized channel, receiving inputs for the zkPass module that are forwarded by the zkPass Web Service. The main function of the zkPass Host is to load the zkPass module executable module and execute it within the TEE. Additionally, the client of the zkPass module can perform end-to-end encryption with the zkPass Host to protect the privacy of user data being sent to the zkPass Service. This setup ensures that user data remains confidential and secure throughout the entire process.

zkPass Modules

The zkPass module is the heart of zkPass, creating higher-level abstractions and models that simplify integration and usage for third-party software. Its two main goals are:

• Protecting the privacy of user data

• Providing a verifiable computing environment

Pluggable Module

The zkPass module is implemented as a pluggable module, which is loaded by the zkPass Host and executed within a Trusted Execution Environment (TEE). While the data format for input and output is specific to each application, all input and output data must adhere to JWT encoding standards. This modular design ensures flexibility and security, allowing the zkPass module to operate seamlessly within the zkPass framework while maintaining the integrity and confidentiality of user data.

DVR

zkPass is designed to support multiple zkPass modules, with the current primary application being the Data Verification Request (DVR), detailed in the DVR section. DVR uses the powerful Zero Knowledge Virtual Machine as the underlying proof system. DVR ensures robust data protection and trust, making it indispensable for developers aiming to incorporate advanced privacy-preserving features into their software with an intuitive and easy-to-use interface and expressive JSON-based query language.

zkPass Client Library

The zkPass-client is an SDK client library that provides interfaces, types, and functions for interacting with zkPass modules. Currently, the zkPass-client supports the DVR module.

DVR Client

The DVR client facilitates interaction with the DVR module and offers the following functionalities:

• Issuing zkPass proofs

• Verifying zkPass proofs

• Generating tokens