⚠️Blast API (blastapi.io) ends Oct 31. Migrate to Dwellir and skip Alchemy's expensive compute units.
Switch Today →
Skip to main content

Zero-Knowledge Soulbound Tokens (zkSBTs)

Manta Atlantic’s zkSBT framework lets issuers attest to real-world identity or compliance checks without ever exposing the underlying documents on-chain.

Why zkSBTs Matter

  • Private attestations – zkSBT proofs encode that requirements (KYC, accreditation, residency) have been met while leaking no raw attributes.
  • Programmable lifecycle – Issuers can define expiry, revocation conditions, and delegation policies enforced by runtime modules.
  • Adoption at scale – Over 1.16 million zkSBTs have been minted for 1.5+ million Web3 users, demonstrating production readiness.

Architecture

  1. Schema registry – Issuers register credential schemas that define statement circuits and commitment formats.
  2. Witness generation – Sensitive data stays off-chain; issuers compute witnesses locally and generate Groth16 proofs compatible with Atlantic’s circuits.
  3. zkSBT pallet – Proofs are submitted as extrinsics, minting non-transferable tokens bound to a user’s zkAddress commitment.
  4. Selective disclosure – Holders derive viewing access with Prove Keys so verifiers can validate claims without deanonymizing accounts.

Issuance Workflow

  1. Register issuer keys – Broadcast an extrinsic to enrol your issuer DID and publishing key.
  2. Publish schema – Commit schema metadata (description, constraint hash, revocation type).
  3. Generate proof – Use the trusted setup artifacts to compute a zk proof tied to the recipient’s zkAddress commitment.
  4. Submit sbt_mintPrivate – Call the RPC (or runtime extrinsic) with the proof, note, and expiry metadata.
  5. Distribute Prove Keys – Share verification keys with relying parties via secure out-of-band channels.

Revocation & Compliance

  • Revocation lists – Issuers can revoke credentials by publishing nullifiers; verifiers check revocation registries during proof verification.
  • Expiry logic – zkSBTs include timestamps so expired credentials fail verification automatically.
  • Audit trails – Regulators can audit aggregate issuance and revocation counts without linking to individual identities.

Integration Checklist

  • Sync the latest proving and verification keys from the official repositories.
  • Monitor revocation registries via state_getStorage to invalidate stale credentials quickly.
  • Store credential metadata in encrypted vaults; only commitments and nullifiers hit the chain.
  • Automate issuance with CI pipelines so every new compliance approval emits a zkSBT mint.

Next: implement the workflow end-to-end in Programmable Identities.