03 / ZK · Proofs without disclosure

Prove a fact,
without revealing the data.

"The customer is over 18." "Company turnover exceeds €50M." "The subject is not on a sanctions list." Provyn ZK gives a regulator, a partner or a smart contract a cryptographically verifiable yes / no - with no copy of an ID, a financial statement, or a list. The source data never leaves your boundary.

Groth16 · Plonk~180ms proof~12ms verifyon-chain compatiblestandard elliptic curves
INPUT · private witness
NameIvan Karim
National ID784-1990-1234567-8
Date of birth1989-03-12
ResidenceDubai, UAE
Sanctions listnot found
↓ ZK-PROVE · age_check ∧ resident ∧ ¬sanctions ↓
OUTPUT · public proof
✓ Over 18 · Resident · Not sanctioned
0x3f8a12c9d7ab4e21… 04fe7b9c8e82…
verify() · 11.4 ms · Groth16 BN254
› single proof · 3 statementssize · 192 B

Regulators don't need
your data. They need facts.

When a counterparty asks you to "confirm the customer is over 18", they don't want a copy of an ID. They want a proof. A copy of the ID is a liability to them: it puts them in compliance scope too.

Zero-knowledge proofs let you prove a statement about data without revealing the data itself. Provyn ZK packages this cryptography into a set of ready-made "circuits" - standard checks like "age ≥ N", "resident ≥ N days", "balance in a range", "ID belongs to a list" - called like an ordinary REST API. A 192-byte proof, verified in 12 ms, over any transport.

The usual way

Scan of an ID by email
  • The counterparty gets all the PII, when they need one fact
  • The counterparty enters compliance scope and needs its own controls
  • The scan lives in an inbox, backups, SIEM - a leak is a matter of time
  • Cannot be revoked, cannot be deleted, cannot be verified

Hash / MAC / JWT

A token with a claim
  • Requires a shared secret or trust in the issuer
  • Cannot be verified without contacting the issuer
  • Cannot be selectively disclosed (all or nothing)
  • Not a standard for on-chain / cross-jurisdiction use cases

Provyn ZK

A short mathematical proof
  • Verified locally by the counterparty - 12 ms, offline
  • Requires no trust in Provyn (the verifier key is public)
  • Selective disclosure - only the statement that's needed
  • On-chain compatible, written to the audit log

A library of statements
for common compliance scenarios.

Circuits are mathematically verified and audited. They are invoked by an API call with a name and parameters. Entities reference records in the vault.

AGE
"Is the subject ≥ 18 / 21 / N?"
age ≥ N, where age = today − dob
revealed: true / false
Alcohol retail, 18+ services, financial products. The proof reveals neither the age nor the date of birth.
RESIDENCY
"Is the customer resident ≥ 183 days?"
∑(days_in_region) ≥ 183
revealed: true / false
Bank KYC, tax status, access to resident-only instruments. Without revealing travel history.
RANGE
"Income within X…Y?"
X ≤ income ≤ Y
revealed: bucket_id
Scoring, mortgages, subsidies. The bank learns "fits the program", not the salary.
MEMBERSHIP
"Is the ID in a public registry?"
merkle_proof(id, root) = ok
revealed: true / false
Company registries, sanctions lists, professional bodies. The proof is built by the client; the root is public.
EXCLUSION
"Is the ID absent from a blocklist?"
¬merkle_proof(id, sanctions)
revealed: clean
Antifraud, AML compliance. The counterparty gets a "clean" guarantee without the list or the identity.
EQUALITY
"Two IDs - the same person?"
hash(a.subject_id) = hash(b.subject_id)
revealed: true / false
Exchange between infrastructures without a shared ID. "This customer of ours is the same as yours" - without revealing personal identifiers.
FINANCIAL
"Is company turnover ≥ €50M?"
∑(signed_invoices) ≥ 5·10⁷
revealed: threshold_met
Tenders, counterparty checks, bank limits. An auditor signs - the circuit checks the threshold.
CONSENT
"Did the subject sign consent X?"
verify(signature, doc_hash, pk)
revealed: valid
GDPR consents, marketing, biometric processing. The regulator sees the fact, not the signature or the document.
CUSTOM
"Your own statement"
Circom / Noir DSL
revealed: any public field
We write the circuit for your case. Usually 2-4 weeks from spec to a production circuit with a security review.

Prover, verifier and the subject.
No trust required between them.

Each sees exactly as much as they should - and nothing more. Mathematics, not contracts.

SUBJECT (customer)
owns the data
  • stores in the vault: ID, date of birth, residence
  • authorizes proof generation via the consent API
  • not required to show a copy of a document
  • not required to trust the counterparty
PROVER (your service)
builds the proof
  • pulls the private witness from the vault under the subject's token
  • runs the circuit with the verifier's parameters
  • returns a proof (192 B) + public inputs
  • never forwards anything "in the clear"
VERIFIER (bank / regulator)
verifies locally
  • a public verifier key from Provyn
  • receives the proof + public inputs
  • verify() - 12 ms, offline, with no call to us
  • never sees the source PII

192 bytes
and two public numbers.

This is what's sent to the verifier. This is all they receive from you. In the dashboard - the same object plus audit metadata.

CURL · generate proof
curl -X POST https://api.provyn.cloud/v1/zk/prove \
 -H "Authorization: Bearer $PROVYN_KEY" \
 -d '{
   "circuit": "age_over",
   "subject_ref": "tok_01HXZP…",
   "public": { "threshold": 18 }
 }'
RESPONSE · application/json
circuitage_over
public.threshold18
public.resulttrue
issued_at2026-04-22T14:22:08Z
schemegroth16_bn254
size192 B
prove_time176 ms
verify_time11.4 ms
proof · 0x1a2b3c4d5e6f7081 92a3b4c5d6e7f809 1a2b3c4d5e6f7081 92a3b4c5d6e7f809 1a2b3c4d5e6f7081 92a3b4c5d6e7f809
Verifier · demo widget
verifier.provyn.cloud / offline-bundle · digitally signed
Proof (BN254 G1/G2) 0x1a2b3c4d5e6f7081 92a3b4c5d6e7f809 1a2b3c4d5e6f7081 92a3b4c5d6e7f809 1a2b3c4d5e6f7081
Public inputs circuit=age_over · threshold=18 · result=true
$ provyn-verify --vkey age_over.vkey proof.bin
[✓] proof format          ok
[✓] pairing check         ok
[✓] public input binding  ok
PROOF VALID
verified locally in 11.4 ms
no outbound traffic

Ready-made circuits,
each with a security review.

We don't ask you to write circom. Ready circuits with clear parameters - like calling an SDK function. Every version is signed, logged, and backward-compatible.

age_over
v1.4.0 · audited
Prove the subject is ≥ N by the date of birth in the vault.
constraints · 2,140
prove · 168ms
verify · 11.2ms
range_check
v2.0.1 · audited
Prove a number is in [A, B], optionally revealing bucket_id.
constraints · 1,820
prove · 142ms
verify · 10.6ms
merkle_inclusion
v3.1.0 · audited
Prove an element is in a tree (public root), depth up to 32.
constraints · 8,920
prove · 310ms
verify · 13.8ms
merkle_exclusion
v1.2.0 · audited
Prove an element is not in a sorted tree.
constraints · 12,400
prove · 390ms
verify · 13.9ms
eddsa_verify
v1.1.0 · audited
Prove the validity of a subject's EdDSA signature over a document.
constraints · 4,200
prove · 196ms
verify · 11.9ms
residency_days
v1.0.2 · beta
Sum of days present in a jurisdiction over a window ≥ N (by signed check-ins).
constraints · 6,700
prove · 240ms
verify · 12.4ms
identity_link
v1.0.0 · beta
Prove that two tokenized subject_ids refer to the same person.
constraints · 3,100
prove · 184ms
verify · 11.8ms
financial_threshold
v0.9.1 · beta
Sum of auditor-signed invoices ≥ a threshold, without revealing the invoices.
constraints · 14,200
prove · 420ms
verify · 14.8ms
custom.*
bespoke
We write a circuit for your case. Security review, audit, signed release version.
timeline · 2-4 wks
audit · included

Four places
where ZK already changes the process.

Not "someday in Web3" but now - inside fintech, marketplaces and healthtech.

Marketplace · 18+

Age gate for alcohol and restricted goods

The customer verifies their age once through a national eID in the vault. On every order the marketplace receives a proof age_over(18) = true - without a date of birth. The courier never sees an ID in the app. The regulator sees nothing in the logs but the fact of a check.

Bank · sanctions screening

OFAC / sanctions check without transfer

A correspondent bank requires proof the customer is not on a sanctions list. Handing over a name is a leak plus a cross-border transfer. Instead: a proof merkle_exclusion(id, sanctions_root). The public root is maintained by the regulator. On the counterparty's side - 13 ms verify and a checkmark in the compliance report.

Healthtech · insurers

An insurer and diagnoses

An insurer must not see a diagnosis - it's a special category of PII. But it needs to know: "is the case covered by the policy". The clinic builds a proof diagnosis_in_coverage(policy_terms). The insurer gets covered = true/false. No one learns the person is ill.

Public tender

Proof of turnover and accreditation

A tender platform requires "turnover ≥ €50M" and "professional-body membership". Instead of submitting financial statements and certificates - two proofs: financial_threshold (auditor-signed) + merkle_inclusion(registry). The platform sees the company qualifies; it never sees the financials.

Cryptography
over standard curves.

No exotic stack. BN254 / BLS12-381, Groth16 / Plonk, Circom 2. Everything that has been audited inside and out.

SchemeGroth16 (BN254) · Plonk (BN254) · Halo2 (BN254) - your choice
CurvesBN254 · BLS12-381 · secp256k1 (for on-chain)
DSLCircom 2 · Noir · halo2-lib
Proof size192 B (Groth16) · ~450 B (Plonk)
Prove time140-420 ms on a typical circuit (16-vCPU prover pod)
Verify time10-14 ms · offline · with no call to Provyn
Trusted setupPerpetual Powers of Tau (phase 1) + per-circuit phase 2 ceremony
On-chainEthereum · Polygon · Base · Arbitrum
SDKJS (browser-prover · WASM 4MB) · Python · Go · Rust
Ceremony logPublic ceremony log, signed, reproducible
ComplianceCryptography - standard, audited elliptic curves; PII - handled at the vault layer
browser · client-side verification
// the verifier is pure JS/WASM, // runs offline, any origin import { verify } from '@provyn/zk-verify'; const ok = await verify({ circuit: 'age_over', vkey: AGE_OVER_VKEY, // published by Provyn proof, // from /v1/zk/prove publicInputs: { threshold: 18, result: true }, }); if (ok) grantAccess(); else logCompliance('zk-invalid');

Common questions from legal and CISO.

If your question isn't here, email sales@provyn.cloud.

Who guarantees I can't forge a proof?

Cryptography. The verifier checks pairing relations on the BN254 elliptic curve - with no call to Provyn. If the prover doesn't know the real private inputs, they cannot construct a valid pair (A, B); the probability of forgery is 2⁻¹²⁸ (practically zero). It's the same maths that secures Ethereum snark-rollups.

Does a regulator need to understand ZK to accept it?

Ideally, no. The verifier is a plain binary with a clear output: PROOF VALID. We ship it with a digital signature, documentation and an independent audit report. In practice, a fact with a checkmark in a compliance report is all the counterparty needs.

Does this work across jurisdictions and national crypto standards?

Yes. The verifier checks pairing equations locally with no network calls, so the same proof verifies identically in the EU, GCC, APAC or LATAM. For deployments with a formal national-cryptography requirement, we wrap the proof in an additional signature layer using a locally approved algorithm, so a "national signature → inner ZK proof" chain satisfies the formal requirement.

Isn't the trusted setup a single point of failure?

The per-circuit phase-2 ceremony is a multi-party MPC involving Provyn, the client and independent auditors. As long as at least one participant honestly deleted their toxic contribution, the setup is sound. Ceremony logs are published. Plonk uses a universal phase-1 (Perpetual Powers of Tau, 120+ participants) - so new circuits need no separate ceremony at all.

What if a circuit has a bug? You could prove something false.

That's why every library circuit passes an internal audit + external review (Zellic / OpenZeppelin). Custom circuits are the same, review included in the price. Formal verification on the critical paths (range checks, merkle-depth bounds).

Does this run in the customer's browser?

Yes. @provyn/zk-prover is a WASM package (~4 MB), proving in the browser in 1-3 s. For mobile - native modules for iOS/Android. Chrome, Safari, Firefox - all current, all WebAssembly-compatible.

How much does it cost?

By number of generated proofs and number of circuits. Library circuits from a few cents per proof at typical volumes. A custom circuit is a one-off build plus operation. PoC - a free tier of 10k proofs/month.

Let's find the fact
you'll stop mailing as an ID scan.

30 minutes with a cryptographer. We take your typical compliance scenario (age, sanctions, turnover), show the right circuit and the verifier output on real data.

sales@provyn.cloudMulti-region · EU / GCC / APAC / LATAM
Book a demo · ZK Validation
Your data is protected
We reply within one business day. Your data is processed in accordance with GDPR.
PROVYN
© 2026 Provyn · Fan Labs Inc. · PII infrastructure