ZUGZWANG

This project introduces a privacy-first, zero-knowledge–based verification framework that enables institutions to verify real-world user activity—such as physical presence, eligibility, and compliance—without ever accessing raw personal data. Built natively on Mantle’s EVM-compatible Layer-2, the system demonstrates how decentralized infrastructure can support real-world trust while preserving user sovereignty, consent, and confidentiality.

The Problem

Today’s verification systems are fundamentally over-exposing. To prove a single condition—such as being over a certain age, visiting a specific location, or completing an in-person action—users are often required to disclose full identity documents, exact GPS coordinates, timestamps, or continuous tracking data. Once shared, this data can be stored indefinitely, reused without consent, or correlated across institutions, creating severe privacy, security, and misuse risks.

Additionally, most systems lack dynamic, time-bound consent. Users cannot granularly control when, for how long, or for which purpose their data is used. Even when cryptography is applied, verification often relies on centralized servers or expensive blockchain execution that is impractical at scale.

Core Idea

Our project reframes verification around a simple principle:

Prove facts, not data.

Instead of revealing where a user was or who they are, the system allows users to prove statements such as:

• “I was inside this geofenced area during the approved time window.”

• “I met the eligibility criteria required by this institution.”

• “This verification occurred with my explicit, active consent.”

All sensitive inputs—identity attributes, GPS coordinates, timestamps—are handled as private witnesses in zero-knowledge proofs and are never written on-chain or shared with institutions.

Why Mantle

Mantle is central to making this concept viable in practice. While Ethereum L1 can theoretically verify zero-knowledge proofs, the gas cost of cryptographic pairing checks and verifier execution makes frequent, real-world verification economically impractical. Mantle’s low-cost, high-throughput EVM-compatible L2 enables:

• Affordable on-chain ZK proof verification

• Predictable execution latency for interactive applications

• Rapid iteration and deployment for real-world workflows

Mantle acts as a neutral, trust-minimized settlement layer—verifying proofs, enforcing consent, and recording outcomes—without becoming a data custodian.

System Overview

The system consists of four main components:

1. User & Verifiable Credentials (VCs)
   Users create verifiable credentials containing required attributes (e.g., age eligibility). These credentials are encrypted and stored off-chain (e.g., IPFS via Pinata), referenced only by hashes. No personal data is stored on Mantle.

2. Consent & Session Management
   Institutions issue verification requests off-chain. When a user accepts, a time-bound consent session is created. Consent parameters—such as geofence bounds and expiry—are anchored on Mantle under the user’s wallet address. Consent is explicit, revocable, and scoped.

3. Client-Side Zero-Knowledge Proof Generation
   During or at the end of a session, the user’s device generates a zero-knowledge proof locally using Circom WASM and pre-generated proving keys. Private witnesses include:

   • Latitude and longitude

   • Session timestamps

   • Credential attributes

   The circuit enforces:

   • Geofence compliance

   • Time-window validity

   • Active, unexpired consent

4. On-Chain Verification on Mantle
   The provider submits the proof to a Mantle smart contract. The contract verifies the proof and checks consent validity. Only a boolean result (true/false) is recorded on-chain. No GPS data, timestamps, or identity attributes are exposed.

Unique Technical Contributions

1. Zero-Exposure GPS Verification
All geospatial calculations—range checks, distance math, and time validation—occur inside the zero-knowledge circuit. Mantle never sees coordinates or timestamps, only cryptographic validity.

2. User-Controlled, Time-Bound Consent
Consent is enforced cryptographically, not contractually. Proofs automatically fail if consent expires or is revoked, eliminating replay attacks and unauthorized reuse.

3. Dynamic, Real-World Parameters
Unlike traditional ZK systems that prove static facts, this project proves live physical state—presence within a region at a specific time—without surveillance.

4. Mantle-Native Verification Layer
Mantle is not just a deployment target. It is the final arbiter of truth, enforcing verification outcomes at low cost and high reliability.

Use Cases

• Voting & Civic Participation
  Prove in-person participation without revealing identity or location history.

• Healthcare & Blood Donation
  Verify donor presence and eligibility while preserving medical and location privacy.

• Financial Services
  Location-aware loan or KYC checks without raw data disclosure.

• Enterprise Compliance
  Prove on-site activity for audits or access control.

Security & Privacy Guarantees

• No raw personal data on-chain

• No continuous tracking or location history

• Non-replayable, session-bound proofs

• Explicit user consent required for every verification

Mantle’s low-cost execution ensures these guarantees remain practical at scale.

Future Scope

In the future, this system can power privacy-preserving analytics and AI agents that operate on verified interactions rather than raw data. Governments or institutions could gain aggregate insights—such as participation rates or regional activity—without ever accessing individual identities or locations. Mantle would serve as the coordination and settlement layer for these interactions, enabling smart decisions without surveillance.