Built onAlgorand

Zero-Knowledge KYC for Algorand

Add DPDP-compliant KYC to your app in 3 lines of code — without ever storing, transmitting, or touching user data. User proves, app receives true/false, data stored: zero.

Read WhitepaperRead the Docs

Install the open source SDK

AlgorandAlgoPlonkUIDAIAlgoKitVibeKitDPDP Actgnark

The KYC integration stack

Integrate privacy-preserving KYC in 3 lines.

TRADITIONAL KYC50+ lines
1// User uploads Aadhaar, PAN, selfie...
2const userData = await collectDocuments()
3// Store on YOUR server (breach risk)
4await db.save({ aadhaar, pan, selfie })
5// Manually verify documents
6const result = await verifyManually(userData)
7// Handle DPDP compliance...
8await ensureCompliance(userData)
9// Manage data retention policies...
10await setRetentionPolicy(userData)
11// Handle breach notifications...
12await setupBreachProtocol()
13
14// 50 apps = 50 copies of sensitive data
15// Every server is a breach waiting to happen
✓ Zero user data touched
WITH ALGOKYC SDK3 lines
1import { AlgoKYC } from 'algokyc-sdk'
2
3<AlgoKYC appId="your_app_id" onVerified={ cred => grantAccess(cred) } />
4
5// That's it. Widget handles everything.
6// User data never leaves their device.
Cryptography

ZK Proof System — PLONK on BN254

  • Browser-Side Proof Generation: PLONK proofs generated entirely in the user's browser via snarkjs WASM. Aadhaar XML never leaves the device. 2–8 second proof time.
  • UIDAI Signature Verification: RSA-2048 signature from UIDAI is verified inside the circuit — fake or tampered XML is rejected cryptographically.
  • Per-App Nullifiers: Each app gets a unique nullifier via Poseidon(aadhaar, app_id, secret) — preventing cross-app user tracking.
View architecture →Circuit design
PLONK Proof System
No per-circuit trusted setup
BN254 Curve
~145k opcode budget on AVM
~200 byte proofs
Impossible to reverse-engineer
On-Chain State
Credential
On-Chain

Algorand-native verification

  • LogicSig Verifier: Auto-generated by AlgoPlonk from gnark circuit. Validates PLONK proof on BN254 curve with 320k opcode budget.
  • Nullifier Registry: Smart contract prevents duplicate credentials — one Aadhaar = one wallet. Sybil attacks rejected on-chain.
  • Non-Transferable Credential ASA: Algorand Standard Asset issued to verified wallet. Clawback-enabled for revocation. Cannot be sold or transferred.
View contracts →AlgoPlonk docs
Security

Conditional accountability with Shamir keys

  • Shamir 5/3 Key Split: Issuer private key split across 5 custodians (UIDAI, Ministry of Finance, KYC Provider, Algorand Foundation, Judiciary). 3 of 5 required for decryption.
  • ECIES Encrypted Blob: Encrypted identity stored in Algorand box storage. Only issuer key can decrypt. No single entity has unilateral access.
  • Court Order Flow: Legally compliant identity reveal path — 3 custodians verify court order, reconstruct key, decrypt identity. Full audit trail on-chain.
Security model →
5 Custodians
UIDAI, FinMin, KYC, Algorand, Judiciary
ECIES Encryption
Box storage — issuer key only
HSM Key Storage
FIPS 140-2 Level 3 compliant
Add credential
O(log n)
Revoke credential
O(log n)
Algorand txns per revoke
1
Revocation latency
Instant
Revocation

Sparse Merkle Tree revocation

  • O(1) Leaf Updates: Unlike regular Merkle trees that require full rebuilds, Sparse Merkle allows single-leaf updates propagating in O(log n) — no other leaves touched.
  • 1 Transaction Revocation: Revoke any credential with a single Algorand transaction. New SMT root computed, credential immediately invalid on-chain.
  • Inclusion/Exclusion Proofs: Apps verify credential validity via SMT inclusion proof. Revoked credentials fail verification instantly.
Learn more →

What you can build

Any regulated Algorand app
can use AlgoKYC

Add privacy-preserving KYC to your dApp and stay DPDP compliant.

DeFi Lending Protocols

Gate access to lending pools based on verified KYC status. Users prove they are KYC-verified Indian adults — your protocol never sees their Aadhaar or PAN.

More info

Crypto Exchanges

Fully DPDP-compliant user verification without storing identity documents. Reduce breach surface to zero while meeting regulatory requirements.

More info

Regulated Algorand dApps

Any application needing compliant KYC — from NFT marketplaces to tokenized RWAs. Integrate the AlgoKYC widget and call verifyKYC(wallet) → boolean.

More info

How it works

From Aadhaar to on-chain credential

Six steps, fully automated, zero data exposure

01
User clicks "Verify KYC"

AlgoKYC widget opens inside your app. The user is guided to download their Aadhaar Offline XML from the UIDAI portal.

02
Aadhaar XML loaded locally

User completes OTP on UIDAI portal. The downloaded ZIP is auto-detected. XML is parsed entirely in-memory — never leaves the browser tab.

03
ZK proof generated in browser

snarkjs WASM generates a PLONK proof in 2–8 seconds. The proof is ~200 bytes. UIDAI signature verified inside the circuit. Raw XML deleted from memory.

04
Proof submitted to Algorand

LogicSig verifier validates the proof on-chain. Nullifier anchored in the registry. Encrypted identity blob stored in Algorand box storage.

05
Credential ASA issued

A non-transferable Algorand Standard Asset is issued to the user's wallet. Clawback-enabled for revocation. Metadata includes tier and expiry.

06
App grants access

Widget closes. onVerified() callback fires. Your app calls verifyKYC(wallet) → true. You never saw a single byte of user identity data.

Open source

Join the AlgoKYC community

Get help, contribute, and build privacy-preserving KYC together.
The community for developers building on Algorand with zero-knowledge proofs.

Join our DiscordFollow us on XGitHub Discussions

Performance

Built for speed, privacy, and simplicity

AlgoKYC delivers production-grade ZK verification with minimal integration effort

2–8s
Browser-side proof generation time via snarkjs WASM — no server round-trip needed.
~200B
Proof size — mathematically impossible to reverse-engineer back to user identity data.
3 Lines
That's all it takes to add DPDP-compliant KYC to any Algorand application.

Add DPDP-compliant KYC
to your Algorand app

Integrate in 3 lines. Zero user data stored. Full regulatory compliance.

Read WhitepaperRead the Docs