Security Model

ZK ONE is designed with a multi-layered security architecture that protects identity data, verification flows, and user autonomy at every stage.

┌───────────────────────────┐
│         Client UI         │
│(Next.js + Shadcn Frontend)│
└───────────────┬───────────┘


┌───────────────────────────┐
│ Local Security Layer      │
│ - Hashing                 │
│ - zk-proof generation     │
│ - Encryption (optional)   │
└───────────────┬───────────┘


┌───────────────────────────┐
│ Smart Contract Layer      │
│ (Lisk L2 Verification)    │
│ - Hash storage            │
│ - Proof verification      │
│ - Access control          │
└───────────────┬───────────┘


┌───────────────────────────┐
│ Decentralized Data Layer  │
│ - Immutable records       │
│ - On-chain logs           │
└───────────────────────────┘

Omega ensures that sensitive information is never exposed, even during verification.

  • Uses zk-proofs to validate identity or data

  • Verifiers learn only the result, not the content

  • No plaintext documents ever leave the client

client → zk-proof → smart contract → verification result

Immutable Data Layer

All hashes and verification metadata are stored on the Lisk Layer 2 network.

  • Tamper-proof data

  • Immutable audit trail

  • Guaranteed data integrity

Immutable fields include:

  • identityHash

  • dataHash

  • verificationTimestamp

Access Control Framework

Every sensitive resource is protected by a granular access system.

Mechanism

resource → permissions → authorized addresses

Capabilities

  • Grant / revoke access dynamically

  • Per-document permissions

  • Revocable at any time

Example resources: passport, driversLicense, financialRecord

User Sovereignty

Omega follows a user-first ownership model:

  • No centralized storage

  • No admin override

  • Users control:

    • what they upload

    • who can verify

    • how long access lasts

You own your data. Omega only verifies it.

Security Prompts & UX Safeguards

Integrated UX guardrails protect users from high-risk mistakes.

  • 2FA prompts

  • Warnings before granting access

  • Secure connection checks

  • Privacy tips built into the flow

Client-Side Protection

All sensitive operations run locally:

  • Document hashing

  • zk-proof generation

  • Encryption (when applicable)

No sensitive data is transmitted to the server or stored off-chain.

PreviousCore FuturesNextAPI

Last updated