ZKCG enables non-ZK systems to replace trusted oracle logic with verifiable off-chain computation.
Instead of relying on a trusted backend or oracle signer, consumers (on-chain contracts or off-chain services) can accept results only if a zero-knowledge proof of correct computation and policy compliance is provided.

ZKCG is a protocol-first verification primitive — not a chain, not a zk-rollup, and not a signature oracle.
It is designed for systems that want trustless decision gating using provable off-chain logic.

Learn more below 👇

In many systems today (DeFi risk checks, compliance gating, permissioned access), off-chain computation results are submitted on-chain or to services using trusted oracles or signed responses. This creates a trust assumption:

• Contracts must trust an oracle identity
• Backends must be trusted not to lie
• Private data often must be revealed for validation

ZKCG replaces this with verifiable computation — results accepted only if a zero-knowledge proof of correct execution plus policy compliance is provided.
This eliminates the need for trust in a specific oracle signer and enables stronger guarantees for privacy and correctness.

Many systems today rely on trusted oracle services or backend signers to bring off-chain computation results on-chain or into critical decision paths.

ZKCG replaces trust in the computation provider with verifiable computation.

Instead of trusting who produced a result, consumers verify how it was produced.

ZKCG Verifier is the public, auditable verification layer of the ZKCG protocol.

• Phase 1: Halo2-based zk-SNARK verification
• Phase 2: zkVM-based verification (RISC0)

This repository is intentionally verifier-only. Anyone can independently verify proofs, audit the logic, and run verifier nodes.

Modern systems often rely on oracles or trusted services to bring off-chain results on-chain or into backend logic. ZKCG replaces those with verifiable proofs.

Here’s how a typical integration looks:

Off-chain computation
        ↓
   ZK proof generation
        ↓
   ZKCG Verifier
 (policy + proof check)
        ↓
Verified result consumed
(smart contract or service)

• The prover executes private logic off-chain and outputs a proof + public result.
• The verifier checks both correct computation and policy compliance.
• No trusted signer or back-end oracle identity is required.

Instead of:

// Trusted oracle pattern
require(msg.sender == trustedOracle);
price = oraclePrice;

You can do:

// Verifiable off-chain computation
require(verifyZKCG(proof, publicInputs));
price = publicInputs.price;

With ZKCG, the contract accepts the result only if a proof of correct computation and policy compliance is provided — no need to trust a specific oracle address.

ZKCG is built for systems that currently rely on externally computed results where:

• Trusting a specific oracle signer is undesirable
• Privacy of inputs must be preserved
• Proof of correct logic matters
• Existing systems already rely on oracles or trusted backends

Typical adopters include:

• On-chain protocols replacing oracle signatures
• Off-chain services needing strong correctness guarantees
• Compliance and eligibility systems
• Risk-based access gating

A common pattern across many systems is:

“Can this user or entity execute some action only if their private data satisfies a condition?”

Examples include:

• Credit score ≥ threshold
• Age ≥ 18
• Compliance metric below risk limit
• Private reputation above requirement

ZKCG enables these decisions to be verified without revealing private inputs and without trusting an oracle signer.

zkcg-verifier/
├── common/         # Shared types, errors, and protocol utilities (zkcg-common crate)
├── verifier/       # Core verifier logic (zkcg-verifier crate)
├── api/            # HTTP API for proof submission
├── SPEC.md         # Full protocol specification
├── CORE_FREEZE.md  # Frozen circuit parameters and commitments
├── SECURITY.md     # Security assumptions and reporting
├── LICENSE         # Apache-2.0
└── README.md       # This file

Add the crates to your project:

cargo add zkcg-verifier zkcg-common

Or manually in Cargo.toml:

[dependencies]
zkcg-verifier = "0.1.0"
zkcg-common   = "0.1.0"

• zk-halo2 — Enable Halo2 proof verification backend
• zk-vm — Enable zkVM (RISC0) verification support

Example:

zkcg-verifier = { version = "0.1.0", features = ["zk-halo2"] }

Docker is optional.

• Halo2 verification runs natively
• zkVM verification can run natively or in Docker
• Docker is recommended for reproducible environments and CI

sudo apt update
sudo apt install docker.io -y
sudo usermod -aG docker $USER
newgrp docker

Verify:

docker --version

From the repository root:

docker build -t zkcg-verifier .

Environment

• Platform: Windows (WSL2, Ubuntu)
• CPU: Intel i5 (10th Gen)
• RAM: 16 GB
• Build: Release
• Parallelism: Default (no tuning)

Use case: Interactive / near-real-time ZK policy verification

• Prove: ~306–316 ms
• Verify: ~9–10 ms
• End-to-End: ~317–351 ms

Use case: Audit-grade execution proofs

• Prove: ~13.7 seconds
• Verify: ~41–42 ns

Loans evaluated: 1000
Approvals: 128 (12.8%)

Prove total:   ~482.1 s
Verify total:  ~7.7 s
Throughput:    ~2.0 TPS

Loans evaluated: 1000
CPU threads: 8

Approvals: 130 (13.0%)

Prove total:   ~127.4 s
Verify total:  ~5.5 s
Throughput:    ~7.5 TPS

ZKCG can be integrated into DeFi protocols for privacy-preserving verifications (e.g., credit score checks without revealing scores). See this demo in the collateral_vault repository, which shows the full on-chain + off-chain pipeline:

• Off-Chain Proof Generation: Generate a ZK proof using ZKCG's prover (Halo2 or zkVM) for conditions like "credit score > threshold".
• Off-Chain Verification: Call ZKCG's API (/v1/submit-proof) to verify the proof trustlessly.
• On-Chain Settlement: If verified, anchor the new state commitment on-chain (Solana program in collateral_vault) to approve loans or unlock collateral.

Run the demo: ts-node collateral_demo.ts (requires ZKCG API running locally).

This pipeline ensures fast off-chain processing (~340ms E2E for Halo2) with on-chain immutability.

The ZKCG verifier exposes demo-only, stateless endpoints that allow anyone to try proof generation and verification without running the stack locally.

⚠️ These endpoints are for testing and demonstration only.
They do not persist protocol state and are rate-limited.

Base URL

https://zkcg-production.up.railway.app

Generate a zero-knowledge proof that a score satisfies a given threshold.

curl -X POST https://zkcg-production.up.railway.app/demo/prove \
  -H "Content-Type: application/json" \
  -d '{
    "score": 90,
    "threshold": 100
  }'

{
  "proof": "<PROOF>",
  "proof_size_bytes": 64,
  "note": "Demo-only stateless proof"
}

• proof is a base64-encoded ZK proof
• proof_size_bytes shows the compact proof size
• The proof is not stored server-side

Verify a previously generated proof against a threshold.

curl -X POST https://zkcg-production.up.railway.app/demo/verify \
  -H "Content-Type: application/json" \
  -d '{
    "proof": "<YOUR_PROOF>",
    "threshold": 100
  }'

{
  "verified": true
}

This endpoint exposes a deterministic, proof-backed compliance oracle.
It evaluates a predefined policy over supplied inputs and returns:

• The policy decision
• The reasons for failure (if any)
• A cryptographic proof that the policy was evaluated correctly

⚠️ Important
This service does not source data, perform KYC, or assess fraud.
It proves correct execution of policy logic over caller-supplied claims.

POST /v1/compliance/evaluate
Content-Type: application/json

{
  "applicant_id": "string",
  "risk_score": "number (0–100)",
  "threshold": "number (0–100)",
  "monthly_income_cents": "number (> 0)",
  "monthly_debt_cents": "number (>= 0)",
  "requested_credit_cents": "number (>= 0)"
}

All numeric values are treated as claims and are not independently verified.

The following rules are evaluated:

1. Risk Score Policy

   risk_score ≤ threshold
   

2. Debt-to-Income (DTI) Policy

   (monthly_debt / monthly_income) ≤ 45%
   

3. Credit-to-Income Policy

   (requested_credit / monthly_income) ≤ 300%
   

All calculations use fixed-point basis points (bps) for deterministic execution.

curl -sS -X POST http://127.0.0.1:8080/v1/compliance/evaluate \
  -H 'content-type: application/json' \
  -d '{
    "applicant_id":"cust_001",
    "risk_score":35,
    "threshold":50,
    "monthly_income_cents":500000,
    "monthly_debt_cents":150000,
    "requested_credit_cents":1000000
  }'

{
  "application_id": "cust_001-35",
  "decision": "approved",
  "policy_passed": true,
  "risk_band": "medium",
  "reasons": [],
  "proof_verified": true,
  "proof": "<PROOF>"
}

The returned proof attests that:

The declared policy rules were evaluated correctly over the supplied inputs and resulted in the reported outcome.

The proof guarantees:

• Deterministic policy execution
• Correct rule evaluation
• No reliance on trusted oracles

The proof does not guarantee:

• Correctness of inputs
• Identity validity
• Data freshness
• Absence of fraud

These are intentionally out of scope.

• Demo endpoints are stateless
• No protocol state is mutated
• Intended for:
  • quick testing
  • integration experiments
  • understanding the proof flow
• Production / protocol endpoints are gated separately

• End-to-end proof generation
• Compact proof size
• Deterministic verification
• Clean HTTP boundary for ZK systems

For questions, collaborations, or sponsorships, reach out:

• X (Twitter): @sujyot
• GitHub Issues: Open in this repo for verifier discussions, or in ZKCG private repo for prover/circuits.

This repository contains only public components:

• Verification logic
• Shared protocol types and errors
• API interfaces
• Frozen parameters and specifications

The following are intentionally excluded:

• Proving circuits
• Proof generation code
• zkVM guest programs

Those components are maintained in a private repository while the project is developed by a solo maintainer.

Anyone can:

• Audit the verifier
• Run a verifier node
• Independently verify published proofs

Proof generation requires access to private components — contact @MRSKYWAY for collaboration or sponsored access.

Apache-2.0

ZKCG is built and maintained by a single developer.

👉 Sponsor: https://github.com/sponsors/MRSKYWAY