1 of 35

Human ID

Introduction

Private Identity Verification

Human ID is a privacy-preserving identity protocol developed by Holonym Foundation for the framework. Human ID uses zero knowledge proofs to allow for proving facts about oneself without revealing the whole identity, enabling organizations and smart contracts to verify their users without storing any sensitive information.

Motivation

Identity verification is often required for legal or practical reasons such as KYC, fraud prevention, proof-of-age, and Sybil resistance. However, verifying identity while also preserving privacy has historically been difficult. This problem is even more prominent in web3, where data is stored on a public ledger. Not only is obtaining privacy on a blockcchain difficult, but the adverse affects of losing privacy are greater: "doxxing" a user's wallet address once reveals all of the address' past and future activity.

The Issue of Regulatory Compliance & Non-Consensual Data Sharing

While Zero Knowledge Proofs are helpful, they aren't enough...

Zero-knowledge KYC prevents data honeypots and massive surveillance. However, on its own, it isn't sufficient for cases where regulators or law enforcement need to investigate users suspected of criminal activity.

As a result, maintaining honeypots has become a necessary compliance practice: organizations store sensitive data that is frequently breached, just to make sure it remains available for investigations.

Solving The Dilemma: Proof of Clean Hands With Human Network

While ZK proofs (ZKP) aren't trivial, ZKPs with compliance are even more complex. Holonym has built Human Network, an AVS on EigenLayer that allows provable threshold encryption, to unlock ZKPs with programmable privacy for selective and consensual disclosure. The network allows developers to hard-code policies that require pre-existing conditions to occur before a third party can decrypt user data. Users can verify and encrypt their data to the Network's key to create ZKPs which can be "decrypted" by pre-approved parties only when a smart contract is triggered.

While this function can be used to gate any sort of data behind programmable policies, it is especially useful for provable encryption of identity.

Human ID packages this functionality into a very easy to use solution called that serves as a general-purpose tool for meeting compliance requirements.

Once a user has a proof-of-clean-hands SBT (soul bound token), we know the data is encrypted to an observer that can only decrypt a small amount of data per day, making surveillance or honeypots impossible while enabling compliance with law enforcement and regulators.

For more information, see the architecture:

Or usage:

Need Support?

If you need support with using the Human ID application, please follow the instructions on this page

If you need support when verifying your identity using Human ID, please follow the steps below:

Review or search the contents of this site, especially our .
Click on the support icon in the bottom right corner of this page — or in the Human ID app — to get in contact with a support agent.

Thank you!

For Users

FAQs

You got questions? We got answers!

What is human.tech?

human.tech is a technology platform that enhances the security, transparency, and compliance of digital interactions through advanced cryptographic techniques and decentralized networks.

How does human.tech's technology work?

human.tech leverages blockchain technology to create secure, immutable records of transactions and digital identities to ensure data integrity and privacy.

What are human.tech's main products?

Human ID: A private digital identity solution that verifies users without storing or seeing sensitive information. Data stays on user devices, and only proofs of identity and compliance are submitted.
Human Network: Provides decentralized primitives for a better web. It enables privacy-preserving KYC with AML, and supports account login and recovery based on passwords and privacy-preserving biometrics.

How does Human ID ensure data security?

Human ID uses advanced cryptographic techniques to protect data from unauthorized access and tampering, ensuring only authorized parties can access sensitive information.

What measures does Human ID take to protect user privacy?

Human ID technology keeps data on user devices, submitting only proofs of compliance and identity. This approach ensures that sensitive information is never exposed or stored centrally.

What is ZK KYC? How is it different from KYC?

When most people hear KYC, they think “loss of privacy”, “centralization”, and “getting doxxed”. Holonym uses “Zero Knowledge” KYC that prevents any identity authority or third party (including us) from linking your credentials with your wallet address.

This means that even if a third party KYC provider snoops on your data, there is no way to know which person you are on-chain.\

How does Human ID help with regulatory compliance?

Human ID automates compliance processes through real-time transaction monitoring and smart contracts, reducing administrative burdens and ensuring adherence to regulatory standards.

What specific regulatory standards does Human ID support?

Human ID supports various regulatory standards by providing privacy-preserving KYC and AML capabilities, facilitating easier compliance with financial regulations.

What should I do if my wallet was hacked?

We’re sorry to hear about your situation. Unfortunately, we cannot change your wallet address, as we do not support proof revocation. You will need to wait until your verification expires in one year before you can verify again. You may proceed with a refund then.

Where can I find the proof contracts?

You can find a complete list of ZK-SBT contracts supported by Holonym here: Just go to and search the contract address to see more information.

I minted my ZK SBT to the wrong address! Can I transfer it?

It is not possible to transfer SBTs at this time because it breaks Sybil Defense with the current implementation.

How does Human ID guarantee privacy for me?

Human ID is designed to minimize any chance of data leakage. For any form of document-based verification, some agent has to assess a document and check it against a large centralized database. Almost all KYC providers in Web3 keep a centralized database that can be linked to an individual wallet address (see FTX disclosure). Holonym allows users to prove on-chain facts about themselves while making it highly difficult, near impossible, to link a real world document to an on-chain identity. Not even we can link your data to your wallet.

How is this possible?

During verification, all data is sent over an encrypted channel to a third party credential issuer.

How many points do I earn for verifying my identity?

You’ll earn 16 points for KYC verification and 1.5 points for verifying your phone number.

Is there a specific age limit for completing ID verification with Human ID?

Yes, you need to be at least 18 years old.

My ID verification always fails. Can I submit my ID through a ticket and have it verified there?

Unfortunately, manual review of IDs isn't supported; the process relies on automation.

Can I obtain a Human Passport stamp by verifying my phone number?

Yes, phone verification is now supported.

What type of documents can I use to verify my identity for proof of uniqueness?

You can verify with any of the following standard un-expired and valid physical documents that match your identity:

passport
driver's license

Are there any countries that aren't supported for verification?

Yes, the unsupported countries are North Korea, Iran, Syria, and Cuba.

Verification complete! What’s next?

Continue to the minting page:

Connect your wallet: .
Select Phone Verification or KYC/Government ID Verification.

Are there any verification guidelines I can use to avoid common issues?

To ensure a smooth verification process, please follow these steps:

• Clear Photos – Avoid blurriness by holding your phone still while capturing your ID and selfie. • Scan Both Sides – If using a driver's license, upload both front and back (no duplicates). • Unaltered Documents – Russian internal passports must have a visible, unedited machine-readable area. • Valid ID – Ensure your document is not expired. • Selfie Match – Your selfie must clearly match the photo on your ID. • Use a Physical Document – Do not take a picture of an ID displayed on a screen. • Age Requirement – You must be 18+ years old to verify.

⚠️ Unsupported Countries: North Korea, Iran, Syria, and Cuba. ⚠️ Unsupported IDs: Nigeria's NIN and Bangladesh's resident permit.

Can I verify again but with a different wallet?

No, each user can verify only one wallet per identity. If the system detects multiple verification attempts with different wallets, they will all fail. If you encountered an 'already registered' error, do not attempt verification again. For now, your only option is to request a refund and wait until the first verification expires after a year before trying again.

How can I proceed with verification after making a payment?

If your payment was successful, you can go ahead and verify directly on the website.

Note: do not make another payment if you were not redirected to the verification page the first time. If you're having trouble and can't continue, open a support ticket for assistance.

What to do if my verification was unsuccessful?

If verification was unsuccessful, you can request a refund by following the refund steps outlined in our FAQs.

Can I retry verification if my first attempt failed?

After receiving your refund, you can try again, but we recommend using a different ID than the one you previously used.

How can I verify my identity?

You can verify your identity using standard unexpired and valid physical documents such as a passport, driver's license, national ID, or residence card. Unsupported documents include student IDs, Nigeria's NINS, and Bangladesh's resident permit IDs.

You can review the supported countries and documents with the following link: •

Is verification a one-time fee, or will I need to re-verify later?

Verification is valid for one year. After that, you’ll need to pay again to verify your identity.

Do I need to verify and mint SBT again if I’ve already minted it on the old app?

No, you don’t need to verify again as long as your previous verification is still valid.

What are the SBT Contract addresses?

Here are the SBT contract addresses:

• For V3: 0x2AA822e264F8cc31A2b9C22f39e5551241e94DfB • For Legacy ID: 0x7A81f2f88b0eE30eE0927c9F672487689C6dD7Ce • For Legacy Phone: 0xe337aD5aA1Cb84e12a7Aab85aEd1Ab6cb44C4a8e

I minted my ZK SBT to the wrong address! Can I transfer it?

SBTs (Soulbound Tokens) are intentionally non-transferable, making them a key part of our Sybil Defense system. To verify a different wallet, you must wait for the current verification proof to expire, which happens one year after minting.

Can I try verifying again with a different ID?

Each paid verification allows for one attempt. If it fails, you can request a refund and try again, but you'll need to submit a new payment and restart the process.

Do I get a full refund if my verification failed?

If your verification fails, you can request a full refund.

How do I request a refund?

Follow these steps to request a refund:

Step 1 (Optional): Watch a step-by-step refund walkthrough on YouTube:

Step 2: Go to the Refund Page:

Step 3: Look for the "Eligible for Refund" tag next to your card.

Step 4: Click the "Eligible for Refund" label and follow the instructions to complete the process.

What to do if I received the "Failed" message?

This means your verification attempt was unsuccessful. This is not a system bug, as the process is managed by the provider and subject to their approval. Verification failures can happen for various reasons, and unfortunately, we do not have the exact reason for each unsuccessful attempt. If you wish to try again, please use a different ID than the one you previously used.

Should I add my country code when entering phone number for verification?

Do NOT include the country code when entering your phone number. Select your country from the provided list instead.

I have troubles receiving OTP, what should I do?

Follow this OTP Troubleshooting Guide:

Do NOT include the country code when entering your phone number. Select your country from the provided list instead.
Restart your phone to refresh the connection with your network provider.

I received "Loading Credentials" error, what should I do?

If you received a "Loading Credentials" error, follow these steps:

Allow up to 30 minutes for the provider to complete your ID verification.
DO NOT close, refresh, or exit the page during this process.

What to do if I received the "Failed to Fetch or V3SybilResistance.r1cs" error while minting SBT?

If you receive a "Failed to Fetch or V3SybilResistance.r1cs" error during the minting process, try the following solutions:

• Use a Different Browser or Device Copy the minting page link and open it in another browser or device.

• Uninstall Internet Download Manager (IDM) IDM can interfere with the minting process, so removing it may resolve the issue.

If the issue persists, try clearing your cache or using incognito mode.

Why am I getting an "Already Registered" error?

If you receive an "Already Registered" message, it means you have already completed verification with the same wallet or with different wallet.

Each user can verify only once and submit a valid proof one single time. Any further attempts will result in errors. This rule ensures Holonym's sybil resistance.

What should I do if I'm facing issues with the payment page?

If you're having trouble with the payment page, try clearing your browser's cache and restarting it, then attempt again. You can also try using a different browser.

What should I do if verification still fails after two attempts?

• If you've failed twice, we don’t recommend trying again unless you have a different ID and are willing to restart the entire process.

• Even if you try again with a different ID, successful verification is not guaranteed, as it is still subject to the provider's approval.

How to unlock more Discord channels and roles?

💡 Roles and Permissions: Some channels require specific roles to access. Make sure you have the right roles to unlock more content.

For Token-Gated Roles: Go to the ✅│verify-holo channel and connect your wallet to Collab.Land.

Verifying Identity with Human ID

Using Human ID to privately prove your identity

The Human ID verification process consists of two key stages:

Issuance of Credentials – Obtaining credentials through identity verification.
Proving Facts About Credentials – Demonstrating specific details without revealing unnecessary personal information.

Issuance

On the , users scan a QR code to begin the verification process by photographing the required identity documents.

Proving

In the proof section, users select a wallet address to link their verified proof. Once the user has a Human ID, they can generate proofs of unique personhood, with more proof types planned for the future. To do so, visit , where they will receive a soulbound token confirming whether their address belongs to a unique person.

Convenience vs. Privacy If users trust the KYC provider not to track their wallet, they can immediately prove facts about their credentials. However, for those seeking a cryptographic guarantee that the KYC provider cannot track them, waiting—potentially for days or even weeks—enhances privacy. This follows the same principle as Tornado Cash or ZCash, where longer wait times improve anonymity.

Verifying ePassport

You need to have NFC-enabled passport to complete this verification

You can verify your ePassport using Holonym's Private Passport Verifier to increase Sybil resistance score. Verification is free.

To perform the ePassport verification using your NFC passport, follow the steps below:

Navigate to https://silksecure.net/holonym/diff-wallet.
Click the "ePassport" card.
Follow the steps to download the Private Passport Verifier mobile app.
Open the Private Passport Verifier app. Follow the steps to enter your information. Then scan your NFC passport.
After scanning, you will be redirected to .
At this page, a zero-knowledge proof is generated. This zero knowledge proof conceals your private information while proving that you are a unique person.
Enter your wallet address. Click submit. When you click submit, your address will receive a soul-bound token (SBT) attesting to your uniqueness.

Note that you can only receive one SBT per NFC passport.

Using Human ID with NEAR

In order to use Human ID with NEAR Protocol, follow the steps below:

Visit https://silksecure.net/holonym/diff-wallet if you have an already-funded wallet you would like to use to pay fees on Aurora, Ethereum, Optimism, Avalanche, or Fantom.
Visit https://silksecure.net/holonym/silk if you do not already have a funded wallet on these chains or want to use the Human Wallet for other reasons.
Follow the steps to get the proof of unique government ID or phone.
When you prove, enter your NEAR account ID that you want the uniqueness proof to be publicly linked to.

Now you're done! You've obtained the uniqueness proof for the NEAR SBT. You can use it with sites like to prove that you are a unique person!

For higher privacy, you can connect and pay with a wallet address different than the one you want the proof-of-uniqueness to be linked to. You may also delay between paying and proving to prevent timing information from linking your ID to your wallet address. If you do so, even in case of a malicious KYC provider your address with the uniqueness proof can't be linked to your identity.

Using Human ID with Stellar

In order to use Human ID with Stellar, follow the steps below:

Visit https://silksecure.net/holonym/diff-wallet with an already-funded wallet you would like to use to pay fees on Aurora, Ethereum, Optimism, or Avalanche.
Follow the steps to get the proof of unique government ID or phone.
When you prove, enter your Stellar address that you want the uniqueness proof to be publicly linked to.

Now you're done! You've obtained the uniqueness proof for the Stellar SBT.

Getting Refunded

If you verification was unsuccessful, please follow the steps below to begin the refund process:

Step 1: Watch the Video Guide (Optional)

To make the process easier, you can watch this helpful video guide that walks you through the refund steps: Watch the Video Guide

Step 2: Visit the Refund Link

Click on the following link to initiate the refund process:

Step 3: Find the "Eligible for Refund" Label

Once you're on the page, locate the "Eligible for Refund" label next to your cards.

Step 4: Click on the Refund Label

Click on the "Eligible for Refund" label to access the refund page.

Step 5: Complete the Refund Process

Follow the on-screen instructions to finalize your refund.

We hope this guide, along with the video, helps you complete your refund process smoothly. Let us know if you have any questions!

For Developers

Integrating Human ID

What you can do with Human ID and how to start

While Holonym can be used off-chain it is by far most commonly used on-chain. We use the term Soul-Bound Token (SBT) to refer to an on-chain record linked to a user's address. To use Holonym, you simply must direct the user to get their SBT, then you can read the SBT from from our API in one line of code, or from the blockchain itself.

1. Send a user to Holonym to get an SBT

Option A: Via Link or Redirect

You may send the user to

credentialType is one of:

gov-id (for government ID credentials).
clean-hands (for sanctions checks).
phone (for phone number credentials).

ePassport

Users can also verify for free using an NFC-enabled government ID document. Please see for user instructions.

Note that the ePassport SBT is distinct from the gov-id SBT. A user can get both an ePassport SBT and a gov-id (KYC) SBT.

Option B: Via Human ID SDK

To directly embed Human ID into your website, you can import the and call

where credentialType is either 'kyc' (for government ID credentials), 'clean-hands', 'phone' (for phone number credentials) or 'biometrics'. This will prompt the user to complete the SBT minting flow.

2. Read a user's SBT

Option A: Holonym API

To check whether a user has a certain SBT, you can query the Holonym API. The JavaScript example shows how to call the Holonym API (which calls the SBT smart contract) to get whether the user is unique for the given action ID. (Use the default action ID of 123456789.)

Option B (DEPRECATED): On chain

You can call the SBT contract directly. The Solidity example gives anyone 1 gwei who has proven they're from the US. (See more examples in the .)

You may have noticed one person can claim the gwei many times in the Solidity example! This an example; please do not implement a US stimulus program from it.

Note: by default, proofs can only be done once-per-ID to prevent Sybil attacks & bribery. You don't want somebody to sell their US residency proof to others. This means a user can only verify one of their addresses as being a US resident.

Example: Sybil Resistance

1. Send users to Holonym to get government ID uniqueness SBTs

Send users to the following URL.

Users will complete verification and get an SBT at the address of their choosing.

2. Read users' uniqueness SBTs

The below JS example checks whether an address belongs to a unique person.

The smart contract in Solidity gives a privacy-preserving airdrop once-per-person to only unique people.

Note: we highly recommend using the default actionID of 123456789. If you would like to explore custom actionIDs, please see . Otherwise, feel free to ignore the concept of an actionID and just use 123456789as shown in the example.

Custom Sybil Resistance

Political, social, and economic systems often need Sybil resistance. Sybil resistance is anything of the form:

1 person => 1 x

e.g.,

1 person => 1 vote (democracy)
1 person => 1 stimulus check

Dry Runs

(Coming soon)

Human ID has dry run flows. These allow developers to (a) complete verification flows and (b) get mock SBTs on testnet while they are integrating Human ID into their dapp.

Get mock SBT

Option A: With Human Wallet SDK

...

Option B: With Redirect

...

Read mock SBT

Use the Holonym API to query the . For the network option, specify "base-sepolia" instead of "optimism".

Sign Protocol Attestations

How to read Holonym attestations on Sign Protocol

Holonym issues an Sign Protocol attestation for every SBT it sends. The following is an example of how to query and validate Holonym attestations.

Query

See the for how to construct queries.

This query gets the first page of attestations issued by Holonym.

Query parameters used:

Clean Hands Attestations

How to read Clean Hands attestations

Human ID issues its Clean Hands attestation to users who prove that they are not on any sanctions lists (see all the lists here: ).

Off-chain with Sign Protocol

Use Sign Protocol's scan API to see whether a user has a valid Clean Hands attestation.

Stellar

How to read Human ID SBTs on Stellar

Users can opt to receive SBTs on Stellar. See Using Human ID with Stellar for user-facing instructions.

Off-chain

Use the Stellar SDK to simulate a read transaction to get the user's SBT.

On-chain (Soroban)

1. Fetch the wasm for the Human ID SBT contract.

2. Incorporate into your Soroban contract.

This example contract has a get_sbt function that simply wraps the function from the SBT contract.

Check out the full .

For the list of circuit IDs, see .

For Node Operators

Run an Observer

If you want to run an observer, please reach out to the Human ID team.

Overview

The observer is a component of the Clean Hands Stack for programmable privacy, used for GDPR-compliant storage of encrypted user data with the DecryptBabyJubJub method for KYC.

The observer is a primary component in the Clean Hands stack with . To interact with the observer, a user generates a ZKP they have passed sanctions checks, and this ZKP outputs the ciphertext of the user's personal identifiable information (PII) and the user's associated blockchain address. The Observer's role in this system is to verify ZKPs, issue attestations to users with valid ZKPs, and to store the public outputs of these ZKPs so that the ciphertext can be decrypted if Human Network permits.

Architecture

Overview

How Holonym works

Actors and actions in Holonym

At a high level, the Holonym system can be understood in terms of the following actors and actions.

Actors

User. Someone who receives credentials and prove facts about themselves, often for the purpose of fulfilling requirements set by an organization.
Issuer. A party that issues credentials to users. In the process of issuing credentials, an issuer may use 3rd party identity providers to verify users' identities.
Consumer. A party that modifies its users' access or actions based on the facts its users have proven about themselves using. For example, an organization may require its users to reside in a certain country in order to vote on certain proposals.

Actions

Issuer issues a credential to a user. In the user flow, this step is called "issuance".
User proves facts about themselves using their credentials. In the user flow, this step is called "proving".
Consumer allows a user to access something or to perform an action, depending on what the user has proven.

Flow of Data

Architecture

The Human ID protocol consists of the following components:

Client (website or mobile app)
Issuers (either using the Human ID credential format or custom formats such as ICAO9303 for NFC passports issued by the government)
Hub smart contracts (1 per chain)
Relayer

The flow of data is outlined in the action sequence described in the section. The following describes the flow of data in more detail. The diagram illustrates the issuance+storage (designated by 1.*) and proving (designated by 2.*) steps. An organization can grant access to users based on the results stored in the proof contract.

1.1. User verifies themself to an issuer

1.2. The issuer signs credentials

1.3. The user generates a proof that credentials were sigend with particular attributes

1.5. User encrypts their credentials client-side. The encryption key is generated from the user's signature.

1.6. User stores their encrypted credentials in the Human Wallet

2.1. User generates a proof and (e.g., a proof that they are a US resident) and submits it to the verifier

2.2. The verifier attests to it and returns it to either the user or the relayer, depending on how the attestation is to be consumed

2.3. The attestation is given to the recipient: either the Hub smart contract or an offchain consumer

Flow of Data: KYC Proof of Personhood

Human ID's Proof of Personhood via KYC consists of the following components:

User agent (UI)
Human ID server
ID verification provider
Verifier

The flow of data is outlined in the following sequence diagram. Please refer to notes for detailed explanations for relevant parts.

Issuance and Proving

Sections 1 and 2 in the sequence diagram constitute issuance. This is where the user's private credentials are issued.

Section 3 is proving, where the user proves facts about their issued credentials.

Notes on handling of user data by IDV Providers

Following data are requested by IDV providers as photo or/and video stream during the verification process.

Selfie (photo, video stream)
One of the following documents
- Passport
- Driver License

Currently, following IDV providers are supported.

Veriff has clearly outlined in its

a list of compliances (i.e: GDPR)
regarding data collection, retention and deletion
- a list of

Onfido has its

a list of
regarding data

Facetec has two privacy policies ( and )

SDK privacy policy seems more relevant for usage for ID verification. Its documentation on privacy is sparse compared to the other 2 providers.

In article #2, it mentions that any data sent to its server is encrypted, siloed and is never stored with any additional personally identifiable information (PII).
In article #6, it provides detailed info on its compliance to GDPR for EU residents.

Notes on client-side encryption of IDV session result

IDV provider returns the session result to user.

With Human Wallet:

The result is encrypted on client-side using a derivative of the PRF.

With other wallets:

The result is encrypted with key derived with hash(userSignature(aConstantMessage)) to generate ciphertext.

Notes on ciphertext and storage of userCredentials

Only the encrypted ciphertext which is non PII is stored in Human ID database as below.

View to see the data included in user credentials.

Notes on verifier and SBT issuance

The user submits a zero knowledge proof of uniqueness () to the verifier server. The verifier verifies the ZKP, and upon verification, issues a soulbound token to the user. The circuit ID, issuer address, expiry, and actionNullifier, the ZK proof are embedded in the Soul-bound token.

Where Data Is(n't) Stored

Credential storage

Credentials are stored by the Human Wallet self-custodial wallet so that other than the user who owns them, nobody can access them.

When the user scans government IDs, the data is not stored in Holonym servers. For modern NFC-based ID and Aadhaar verification, a ZKP is created without Holonym ever seeing the data. For older types of government ID verification that do not involve ePassport NFC reading, the user data briefly passes through Holonym servers so that Holonym can sign the credentials, attesting to their authenticity, to return to the user. Data is immediately deleted from Holonym servers and from the KYC provider's servers after the signature is generated. Even if the user does legacy credential verification and does not trust a KYC provider, the protocol gives additional privacy guaranteed: Each user's ID is anonymized in what we call the Privacy Pool, i.e. an anonymity set. The Privacy Pool exists to break the link between a user's identity and a user's crypto address. This creates a level of privacy where even if Holonym, an issuer, or anyone tries to surreptitiously collect user data, they still cannot identify user wallets.

Proof storage

Proofs can be submitted on-chain or off-chain. Proofs, such as "I am a unique person" should not contain sensitive information. The Holonym website and app only permit proofs that do not give sensitive data, regardless of whether they're on- or off-chain.

VOLE-based ZK

What it enables

We implemented an () VOLE-based prover to enable fast identity proofs that otherwise aren't practical to do with privacy. Privacy requires all proofs to be done on consumer hardware without expensive servers. Yet most interesting proofs such as NFC-enabled passports and email proofs require expensive RSA, SHA256, or Keccak256 operations. The prover can take the existing circuits in circom, where these primitives have already been implemented and audited. We have utilized this to allow mobile browsers to perform proof of passport in seconds without running out of memory.

On-Chain Proofs

To put the proofs on-chain, a Verifier and Relayer are used. The Verifier attests to the proof being complete (since the proof size is too large to cheaply be put on-chain ) and the Relayer posts the attestations on-chain to the Hub contract. We plan to progressively decentralize this Verifier by achieving consensus amongst a permissionless set of verifiers.

Hub Contract

Before a user can submit a proof on-chain, the Hub ensures

An allowed verifier, either a server, network, or smart contract, has verified a VOLE-based ZKP
This verifier has posted any necessary data off-chain so others can check its steps in verifying the proof
Any nullifier revealed by the ZKP has not been spent

Once a proof is on-chain, the Hub sends a non-transferable ERC721 representing a SBT. The Hub also allows reading the relevant metadata pertaining to the SBT, i.e. the public values of the corresponding proof, via the method getSBT.

Attention The Hub does not check any custom logic on the public values of the proof beyond the following two standard public input values: nullifier and expiry. While it checks the nullifier has not been used before and the expiry has, it cannot check custom logic. For example, some proofs require that you check the credential's issuer given in the public outputs is actually a trusted issuer of credentials. To do so, you must call getSBTand check the public value corresponding to the issuer address is valid.

For more information, you may look at the

Clean Hands Architecture

Human ID's Proof of Clean Hands establishes that a user

has completed KYC,
has verified that they are not on any sanctions or PEP lists,
has encrypted their identifying data to Human Network, and
has selected a smart contract that determines the conditions under which their data can be decrypted.

Components

The Clean Hands system is made possible by the following:

Credential issuer.
Zero knowledge circuit.
Observer node.
Smart contract(s).

The novelty of the Clean Hands system is in its encryption and decryption. Each user encrypts their data to Human Network and proves encryption. When they encrypt, they select a smart contract that determines who is allowed to decrypt. The user's ciphertext is sent to an "observer" node. An entity granted access to the user's ciphertext by the observer node and granted decryption rights by the smart contract can decrypt the user's ciphertext.

Flow

There are five steps in the Clean Hands flow.

1. Credential issuance

The user verifies their identity and that they are not on any sanctions or PEP lists. Human ID's credential issuer issues a signature to the user attesting to the veracity of the user's identity data and sanctions list status.

2. Proof generation

The user generates a zero knowledge proof. This proof uses the credentials and signature issued by the credential issuer. The proof establishes that the user has completed KYC and sanctions list checks and that they have encrypted their name and date of birth to Human Network. At this step, the user also signs, using the ephemeral private key used in encryption, the address of a smart contract. This smart contract determines who can decrypt the user's data.

3. Attestation issuance

The user sends the proof to an observer node. The observer verifies the proof, stores the proof's public outputs so that the user's ciphertext can be retrieved at a later date by authorized entities, and issues an on-chain attestation to the user. This attestation attests to the fact that the user has completed all of these first 3 steps.

4. On-chain activity

With the attestation, the user is now able to interact with smart contracts that require proof of clean hands, for example, which allows verified users to transaction privately.

5. Decryption

If necessary, the ciphertext from the user’s zero knowledge proof is decrypted. The entity that wants to decrypt must request the user's ciphertext from the observer. They must also be granted decryption rights from the smart contract associated with the ciphertext. With the ciphertext and decryption rights, the decrypter requests decryption from Human Network.

Lists checked for Proof of Clean Hands

US / OFAC Capta List (CAP)
US / OFAC Non-SDN Chinese Military-Industrial Complex Companies List (CMIC)
US / BIS Denied Persons List (DPL)
US / DOS ITAR Debarred (DTC)

How it Works

Modularity of the Stack

Holonym creates modular infrastructure for privacy, flexibility, and security.

Holonym applies modularity to the identity verification stack. This fixes a trilemma of security, flexibility, and privacy in identity verification. It has historically been difficult to combine the benefits of centralization (e.g., rigor and ease of use) with decentralization (e.g., flexibility, privacy, and composability). Holonym introduces four layers of identity verification to enable "best of both worlds" approaches.

Issuance layer
Privacy layer
Audit layer
ReLayer

Issuance layer

Unlike blockchains which benefit from being decentralized, some use cases of identity benefit from being centralized. The most common form of rigorous identification is government ID, as centralized as possible. Governments have successfully disbursed over $1 trillion in annual benefits with a relatively low amount of benefit fraud through identity theft. They have been able to conduct large-scale elections using identity to prevent fraudulent votes. These have been possible due to extensive personal information governments are privy to.

Privacy layer

While there is clearly utility (e.g., social security, secure voting processes) in having an institution like a government privy to personal information, the other risks of centralization should be mitigated. Thus, we introduce a privacy layer to separate the issuer from all other aspects of the protocol. This way, an issuer's power is only limited to verifying once; it cannot track subsequent actions of a user.

The privacy is obtained by a global Merkle tree of all credentials. For more information, see

Audit Layer

Regulators often need to investigate activities when something goes wrong. Not having identity data available for regulators is illegal in most countries and can have penalties exceeding $100M. Currently, companies record all user activity to have an audit record for regulators, as there has been no other way to comply. In current systems, absent of a way to selectively enforce data privacy, every user is monitored regardless of whether or not they are being investigated.

However, in Holonym, the user can be required to encrypt their own audit trail to the data audit layer. The audit layer should have two functions: data availability and permissioned access, which can in turn be two separate layers. Permissioned access involves a smart contract that ensures that nobody can unscrupulously spy on user activity without proper consent or a court order. It enforces that only certain actors under certain conditions can decrypt the data, allowing for provable privacy for honest users while retaining regulatory oversight for bad actors. These conditions are enforced via a smart contract rather than trusting a third party to maintain privacy.

ReLayer

The relayer layer is the way in which zero-knowledge proofs are sent. Sending and receiving reveal IP addresses and/or wallet addresses if gas is needed. Currently, Holonym uses a relayer to submit transactions and hide the address they came from. It is important that this layer remains flexible so that a relayer node can be replaced by a relayer network, and mixnets can be employed to hide IP addresses.

Issuer

Anybody can make an issuer, as this protocol is decentralized at the base layer. Of course, issuers of credentials should be trusted, despite the fact that anybody can create an issuer. Furthermore, Holonym Foundation operates the frontend and can integrate the issuer into the frontend, so we recommend reaching out in the discord to talk to us and the community before making a custom issuer.

Hub

The contract where everything happenson-chain

Before a user can submit a proof on-chain, the Hub ensures

An allowed verifier, either a server or smart contract, has verified a VOLE-based ZKP
This verifier has posted any necessary data off-chain so others can check its steps in verifying the proof
Any nullifier revealed by the ZKP has not been spent

FAQs

You got questions? We got answers!

What is human.tech?

human.tech is a technology platform that enhances the security, transparency, and compliance of digital interactions through advanced cryptographic techniques and decentralized networks.

How does human.tech's technology work?

human.tech leverages blockchain technology to create secure, immutable records of transactions and digital identities to ensure data integrity and privacy.

What are human.tech's main products?

Human ID: A private digital identity solution that verifies users without storing or seeing sensitive information. Data stays on user devices, and only proofs of identity and compliance are submitted.
Human Network: Provides decentralized primitives for a better web. It enables privacy-preserving KYC with AML, and supports account login and recovery based on passwords and privacy-preserving biometrics.

How does Human ID ensure data security?

Human ID uses advanced cryptographic techniques to protect data from unauthorized access and tampering, ensuring only authorized parties can access sensitive information.

What measures does Human ID take to protect user privacy?

Human ID technology keeps data on user devices, submitting only proofs of compliance and identity. This approach ensures that sensitive information is never exposed or stored centrally.

What is ZK KYC? How is it different from KYC?

This means that even if a third party KYC provider snoops on your data, there is no way to know which person you are on-chain.\

How does Human ID help with regulatory compliance?

Human ID automates compliance processes through real-time transaction monitoring and smart contracts, reducing administrative burdens and ensuring adherence to regulatory standards.

What specific regulatory standards does Human ID support?

Human ID supports various regulatory standards by providing privacy-preserving KYC and AML capabilities, facilitating easier compliance with financial regulations.

What should I do if my wallet was hacked?

Where can I find the proof contracts?

You can find a complete list of ZK-SBT contracts supported by Holonym here: Just go to and search the contract address to see more information.

I minted my ZK SBT to the wrong address! Can I transfer it?

It is not possible to transfer SBTs at this time because it breaks Sybil Defense with the current implementation.

How does Human ID guarantee privacy for me?

How is this possible?

During verification, all data is sent over an encrypted channel to a third party credential issuer.

How many points do I earn for verifying my identity?

You’ll earn 16 points for KYC verification and 1.5 points for verifying your phone number.

Is there a specific age limit for completing ID verification with Human ID?

Yes, you need to be at least 18 years old.

My ID verification always fails. Can I submit my ID through a ticket and have it verified there?

Unfortunately, manual review of IDs isn't supported; the process relies on automation.

Can I obtain a Human Passport stamp by verifying my phone number?

Yes, phone verification is now supported.

What type of documents can I use to verify my identity for proof of uniqueness?

You can verify with any of the following standard un-expired and valid physical documents that match your identity:

passport
driver's license

Are there any countries that aren't supported for verification?

Yes, the unsupported countries are North Korea, Iran, Syria, and Cuba.

Verification complete! What’s next?

Continue to the minting page:

Connect your wallet: .
Select Phone Verification or KYC/Government ID Verification.

Are there any verification guidelines I can use to avoid common issues?

To ensure a smooth verification process, please follow these steps:

⚠️ Unsupported Countries: North Korea, Iran, Syria, and Cuba. ⚠️ Unsupported IDs: Nigeria's NIN and Bangladesh's resident permit.

Can I verify again but with a different wallet?

How can I proceed with verification after making a payment?

If your payment was successful, you can go ahead and verify directly on the website.

Note: do not make another payment if you were not redirected to the verification page the first time. If you're having trouble and can't continue, open a support ticket for assistance.

What to do if my verification was unsuccessful?

If verification was unsuccessful, you can request a refund by following the refund steps outlined in our FAQs.

Can I retry verification if my first attempt failed?

After receiving your refund, you can try again, but we recommend using a different ID than the one you previously used.

How can I verify my identity?

You can review the supported countries and documents with the following link: •

Is verification a one-time fee, or will I need to re-verify later?

Verification is valid for one year. After that, you’ll need to pay again to verify your identity.

Do I need to verify and mint SBT again if I’ve already minted it on the old app?

No, you don’t need to verify again as long as your previous verification is still valid.

What are the SBT Contract addresses?

Here are the SBT contract addresses:

• For V3: 0x2AA822e264F8cc31A2b9C22f39e5551241e94DfB • For Legacy ID: 0x7A81f2f88b0eE30eE0927c9F672487689C6dD7Ce • For Legacy Phone: 0xe337aD5aA1Cb84e12a7Aab85aEd1Ab6cb44C4a8e

I minted my ZK SBT to the wrong address! Can I transfer it?

Can I try verifying again with a different ID?

Each paid verification allows for one attempt. If it fails, you can request a refund and try again, but you'll need to submit a new payment and restart the process.

Do I get a full refund if my verification failed?

If your verification fails, you can request a full refund.

How do I request a refund?

Follow these steps to request a refund:

Step 1 (Optional): Watch a step-by-step refund walkthrough on YouTube:

Step 2: Go to the Refund Page:

Step 3: Look for the "Eligible for Refund" tag next to your card.

Step 4: Click the "Eligible for Refund" label and follow the instructions to complete the process.

What to do if I received the "Failed" message?

Should I add my country code when entering phone number for verification?

Do NOT include the country code when entering your phone number. Select your country from the provided list instead.

I have troubles receiving OTP, what should I do?

Follow this OTP Troubleshooting Guide:

Do NOT include the country code when entering your phone number. Select your country from the provided list instead.
Restart your phone to refresh the connection with your network provider.

I received "Loading Credentials" error, what should I do?

If you received a "Loading Credentials" error, follow these steps:

Allow up to 30 minutes for the provider to complete your ID verification.
DO NOT close, refresh, or exit the page during this process.

What to do if I received the "Failed to Fetch or V3SybilResistance.r1cs" error while minting SBT?

If you receive a "Failed to Fetch or V3SybilResistance.r1cs" error during the minting process, try the following solutions:

• Use a Different Browser or Device Copy the minting page link and open it in another browser or device.

• Uninstall Internet Download Manager (IDM) IDM can interfere with the minting process, so removing it may resolve the issue.

If the issue persists, try clearing your cache or using incognito mode.

Why am I getting an "Already Registered" error?

If you receive an "Already Registered" message, it means you have already completed verification with the same wallet or with different wallet.

Each user can verify only once and submit a valid proof one single time. Any further attempts will result in errors. This rule ensures Holonym's sybil resistance.

What should I do if I'm facing issues with the payment page?

If you're having trouble with the payment page, try clearing your browser's cache and restarting it, then attempt again. You can also try using a different browser.

What should I do if verification still fails after two attempts?

• If you've failed twice, we don’t recommend trying again unless you have a different ID and are willing to restart the entire process.

• Even if you try again with a different ID, successful verification is not guaranteed, as it is still subject to the provider's approval.

How to unlock more Discord channels and roles?

💡 Roles and Permissions: Some channels require specific roles to access. Make sure you have the right roles to unlock more content.

For Token-Gated Roles: Go to the ✅│verify-holo channel and connect your wallet to Collab.Land.