ZeroKlue
Prove once, use everywhere, reveal nothing
Created on 18th January 2026
•
ZeroKlue
Prove once, use everywhere, reveal nothing
The problem ZeroKlue solves
ZeroKlue enables students and professionals to prove their organizational affiliation (university, company) without revealing personal information.
The Current Problem:
Traditional verification services like SheerID and UNiDAYS collect sensitive personal data like full name, date of birth, student ID just to confirm you're a student. This creates:
- Privacy risks from data breaches
- GDPR/compliance liability for merchants / issuers of student benefits
- Centralized databases that become honeypots for hackers, in the web3 world associating your mail and name with your wallet makes you a target
For Web3, the problem is critical:
DAOs and DeFi protocols desperately need "Proof of Humanity" for fair governance (one person, one vote) and Sybil resistance. But they cannot ask for traditional KYC without breaking their core promise of anonymity. This is an existential problem - bots are draining treasuries, and there's no privacy-preserving solution.
Our Solution:
ZeroKlue uses Zero-Knowledge Proofs to verify your Google Workspace email domain without revealing the email itself. The merchant only sees "Verified Student: TRUE" - never your name, email, or institution. Nullifiers make sure you can't use the same email to verify again.
Why Web3 Needs This:
-
DAO Governance: Optimism, Arbitrum, and other L2s give away millions in grants (RPGF). One person with 1,000 wallets can rig votes. ZeroKlue provides Sybil resistance without KYC.
-
Sybil-Resistant Airdrops: Projects want to airdrop to future builders (students), not bot farms. ZeroKlue lets them target verified university audiences.
-
DeFi Student Rates: Lending protocols want to offer student rates but can't hold PII. We solve this.
-
Token-Gated Communities: University alumni groups, company channels, hackathon participants - all verifiable without doxxing.
The Business Model (Per-Verification Revenue):
We charge protocols/DAOs per verification:
- Volume Pricing: $0.01 - $0.10 per verification
- Comparison: SheerID charges $0.50 - $2.00 per verification
Why protocols will pay:
- 10x cheaper than alternatives
- Zero data liability (no GDPR concerns)
- Works natively with smart contracts (on-chain
isVerified()
check) - No integration friction (users just "Sign in with Google")
Revenue Projections:
- 100K verifications = $10,000 revenue
- 1M verifications = $100,000 revenue (optimisti much lol but not too far fetched)
- Target: Every major DAO, DeFi protocol, and NFT project
Key Benefits:
- Students verify once, use everywhere (Soulbound NFT as portable credential)
- Merchants get verification without data liability
- DAOs get Sybil resistance without KYC
- All verification happens client-side (no backend, no database)
Challenges we ran into
So yeah, we faced a bunch of challenges and had to pivot a few times + sacrifice a few features
1. The Identity Verification Paradox
Initial Approach - OTP Verification:
We first explored traditional OTP-based email verification. This would require a backend server to send/receive OTPs, Redis for temporary storage, and an email service like Resend.
Problem: This defeats the "trustless" promise. Users would have to trust our server with their email.
The Breakthrough , JWT Verification:
We discovered that Google's OAuth tokens (JWTs) are already digitally signed. Instead of verifying emails ourselves, we verify Google's cryptographic signature inside a ZK circuit. This eliminates the need for any backend. and its a quite elegant solution imo, you should read the blogpost
https://saleel.xyz/blog/stealthnote/
Credit: Our ZK circuit is adapted from StealthNote, an MIT-licensed project that pioneered JWT verification in Noir.
2. The Setu API Dead End
The Dream: India has API Setu / DigiLocker - official government APIs that could verify student enrollment with 100% accuracy.
The Reality: Accessing API Setu requires government partnership agreements and compliance certifications that are impossible for a hackathon team to obtain in 36 hours.
Our Pivot:
We focused on Google Workspace verification (which covers most universities globally) as the permissionless path. API Setu/DigiLocker integration remains on our roadmap for when we secure the partnerships.
Obviously, now we dont have guarantees these guys are students but probablility is high and since the biggest value it has to web3 is verifiable identity, this is a good start and a sacrifice merchants would be willing to make + already being made in the web2 world. (matters even less here)
Creative solutions can be thought of to mitigate the affect of this, like maybe a reputation system,
for certain orgs.
3. The 640 Byte Bug
The Error:
Error: remainingData after partial hash exceeds maxSignedDataLength
Root Cause: The StealthNote circuit was hardcoded for JWTs up to 640 bytes. Our university's Google Workspace tokens exceeded this limit (requiring 1024 bytes) due to longer organizational metadata.
The Fix:
- We traced the issue to
maxSignedDataLength
in the Noir circuit configuration - Increased the limit from 640 to 1024 bytes
- Recompiled the circuit and regenerated the Solidity verifier
Contribution: I opened Issue #6 on the StealthNote repository to help out.
4. Gas Optimization for ZK Verification
Challenge: The HonkVerifier contract is 30KB - too large for Ethereum mainnet deployment limits.
Solution: We implemented a hybrid verification model:
- Client-side proof verification (in browser using Barretenberg WASM)
- Only a lightweight attestation stored on-chain (~50k gas)
This reduced per-user gas costs from $5-20 to approximately $0.05. honestly, thinking about it now it was stupid to try to verify on chain in the first place, but we were naive and wanted to make it as trustless as possible.
Tracks Applied (1)
Ethereum Track
ETHIndia