zkEMV
the hardware wallet that's already in your pocket
Created on 22nd June 2025
•
zkEMV
the hardware wallet that's already in your pocket
The problem zkEMV solves
Sure, the new hotness is using zero-knowledge proofs to verifying the execution of the Ethereum Virtual Machine... but virtual machines are so terribly non-concrete! You probably don't even literally have one in your pocket right now, and that's just not good enough. Now, driven by a lethal combination of genuine security innovation and appreciation of lexographically-ordered puns, zkEMV enables you to control your digital identity using zero-knowledge proofs of the Europay-Mastercard-Visa payment card authentication system!
zkEMV is an identity provider on the Hyli blockchain that lets you use your payment card as a hardware wallet. It's both a RiscZero smart contract and a CLI app that interfaces with any standard PC/SC smartcard reader. There are two functions: one registers your card to establish an on-chain identity, and the other retrieves and verifies a card signature to authorize subsequent operations via Hyli's really neat proof pipelining mechanism.
This demo only works with cards that support "combined data authentication" by including an RSA public key... but a card issuer could use the same techniques to build proofs for any of their existing cards! It would be entirely technically possible for card issuers and merchants to use zkEMV to bypass the traditional payment providers (and their 3% cut) by taking payments directly on-chain from savvy users who opt-in by connecting their on-chain wallets to their in-pocket payment cards. (This isn't likely in practice -- if it ever did the PCI compliance rules would be instantly changed to prohibit it -- but the exploration of the art of the possible is what makes life worth living.)
The UX story for web3 payments has serious competition from the traditional card-based payments space. But even if zkEMV itself is unlikely to actually become the next Walmart Pay or even be your next hardware wallet, that's simply because there are much better smartcard-based ways to solve the same problem. (In fact, I hope to buidl a particularly interesting new one during EthGlobal Cannes in a few weeks... if Amazon will just ship me the right demo hardware this time!)
Challenges I ran into
-
The EMV payment protocol is, frankly, an absolutely terrible standard. The documentation is just available enough to tease you, but just poor enough to waste hours upon hours of your time just figuring out what stupid message the the stupid card is actually signing. This part ended up taking way longer than I anticipated, even though this isn't my first EMV project. (Towards the end, I really started to remember why I hadn't done anything with this for three years.)
-
EMV signatures use SHA-1... which is not one of the algorithms RiscZero has acceleration for. Also, my laptop's (immutable) OS has too new of a version of GCC to work with the CUDA SDK, so local proving is really slow at the moment.
Tracks Applied (4)
ZK Hack Berlin Winners
Boundless + Hyli
Boundless
Hyli + Boundless
Hyli
Deploy an application on the Hyli testnet
Hyli
Cheer Project
Cheering for a project means supporting a project you like with as little as 0.0025 ETH. Right now, you can Cheer using ETH on Arbitrum, Optimism and Base.