GhostProof Agent(Final)

GhostProof Main Page
User Portal 1
User Portal 2
Bank Portal

Inspiration

Globally, millions of adults remain unbanked. They are not untrustworthy — they are invisible. Amina fled abuse and cannot share her address. Chen delivers food 12 hours a day but has no payslips. Maria sells vegetables without a government ID. Today's credit system demands invasive personal data as the price of entry. Those who refuse — or cannot — surrender their privacy are locked out. Even those who share everything face algorithmic discrimination through proxy variables like "late-night mobile usage" penalizing night-shift workers. We asked: can creditworthiness be proven without revealing identity?

What We Learned

Zero-Knowledge Proofs (ZKPs) are cryptographically practical today. A user can prove "mobile account age > 12 months" without exposing the actual number or carrier.
AI explainability is essential for trust. Banks will not adopt a "black box" credit score; they need human-readable justification.
Ethics must be hardcoded, not promised. Prohibited features (gender, race, zip code) must be blocked at the Edge Function level.
Accountability without surveillance is possible via a two-layer ZKP architecture with an embedded 8-digit identity code that only the original data provider can decode under court order.

How We Built It

Layer	Technology	Purpose
Frontend	React + TypeScript + Tailwind CSS + shadcn/ui (Lovable-generated)	User dashboard, bank portal, ethics dashboard
Backend & Database	Supabase (PostgreSQL, Auth, Edge Functions, RLS)	User authentication, attestation records, loan applications, revocation registry
AI	Lovable AI Gateway (Google Gemini 3 Flash)	Conversational ZKP explainer, AI-generated credit reports, fairness auditor
ZKP Framework	Simulated in demo; architecture ready for Circom + SnarkJS	First-layer provider ZKPs, second-layer aggregated GhostProof
Deployment	Vercel / Lovable Cloud	Public access

Workflow:

User obtains first-layer ZKP credentials from data providers (bank, mobile operator, utility). Each contains an 8-digit identity code known only to the issuer.
User manually inputs credentials into GhostProof Agent. The agent verifies locally and stores only boolean "condition met" flags.
After completing four required attestations (mobile tenure, payment history, income range, residence stability), the agent generates a second-layer aggregated ZKP.
User shares the second-layer ZKP with a bank. The bank verifies and receives only a confidence score and suggested loan amount.
All first- and second-layer ZKPs are stored (encrypted) until loan repayment, preventing duplicate applications via the identity code.
In case of default, a court order allows the bank to request decode from the original provider — GhostProof never holds decryption keys.

Challenges We Faced

Time constraint (1.5 days): We prioritized a fully functional end-to-end workflow over implementing live ZKP circuits. The architecture is designed so that real Circom proofs can be swapped in without changing business logic.
Balancing privacy and accountability: We designed the 8-digit identity code system so that GhostProof never sees raw identity, yet legitimate legal recourse exists.
Making ZKP understandable: We built an AI conversational agent that translates complex cryptography into plain language for users and generates human-readable credit reports for banks.
Preventing infinite borrowing: The identity code ensures one real-world person can only hold one active loan at a time, closing a major loophole in anonymous credit systems.

Why This Matters

GhostProof Agent replaces "Who are you?" with "What have you done?" It is not a smarter loan machine — it is a fairer foundation for financial infrastructure. Trust without trespass.