Trust Layer V1 - ZKScore Documentation

Overview

The ZKScore Trust Layer V1 is a comprehensive decentralized attestation and verification system that enables developers to build trust-enabled applications. It combines on-chain attestations, flexible policy evaluation, and cryptographic verification to create a new paradigm for trust in Web3.

Attestations

Cryptographically signed claims about identities, behaviors, and achievements

Policies

Flexible rules for evaluating trust and determining access

Attesters

Trusted entities that issue attestations and build reputation

Trust Modules

Pluggable logic for custom trust evaluation

Architecture

The Trust Layer consists of four main components working together:

Attestations

Attestations are cryptographically signed statements that provide verifiable claims about identities, behaviors, skills, or achievements. They form the foundation of the Trust Layer.

What are Attestations?

An attestation is a structured data record that contains:

Attester: The entity issuing the attestation
Subject: The entity receiving the attestation
Schema: The data structure defining the attestation
Data: The actual claim data
Expiration: Optional time limit
Revocation: Can be revoked by the attester

Example Attestation

{
  "attester": "0x1234...",
  "subject": "0x5678...",
  "schema": "defi_experience_v1",
  "data": {
    "protocols_used": ["Uniswap", "Aave", "Compound"],
    "total_volume": "1000000",
    "experience_months": 24,
    "risk_level": "medium"
  },
  "expires_at": "2025-12-31T23:59:59Z",
  "issued_at": "2024-01-15T10:30:00Z"
}

Types of Attestations

1. Identity Attestations

Verify personal or organizational identity:

KYC/AML compliance
Professional credentials
Organization membership
Geographic location

2. Behavioral Attestations

Track on-chain behavior:

DeFi protocol usage
Trading patterns
Governance participation
NFT collection activity

3. Skill Attestations

Certify abilities and knowledge:

Technical certifications
Code contributions
Project leadership
Community contributions

4. Achievement Attestations

Recognize accomplishments:

Protocol milestones
Community achievements
Competition wins
Special recognitions

Creating Attestations

Via API

const attestation = await client.createAttestation({
  schemaId: 'defi_experience_v1',
  recipient: '0x5678...',
  data: {
    protocols_used: ['Uniswap', 'Aave'],
    total_volume: '500000',
    experience_months: 12
  },
  expiresAt: new Date('2025-12-31')
});

Via Smart Contract

// Create attestation directly on-chain
ITrustRegistry(trustRegistry).createAttestation(
  schemaId,
  recipient,
  data,
  expirationTime
);

Policies

Policies are flexible rules that define how attestations should be evaluated to determine trust levels, access rights, or other decisions in your application.

What are Policies?

A policy is a set of conditions that can be evaluated against a user’s attestations to make decisions. Policies are composable, versioned, and can be customized for different use cases.

Policy Structure

{
  "id": "defi_access_policy_v1",
  "name": "DeFi Access Policy",
  "description": "Grants access to DeFi protocols based on experience",
  "version": "1.0.0",
  "conditions": [
    {
      "type": "attestation_exists",
      "schema": "defi_experience_v1",
      "required": true
    },
    {
      "type": "data_condition",
      "field": "experience_months",
      "operator": "gte",
      "value": 6
    },
    {
      "type": "data_condition", 
      "field": "risk_level",
      "operator": "in",
      "value": ["low", "medium"]
    }
  ],
  "decision": {
    "type": "allow",
    "metadata": {
      "access_level": "standard",
      "max_amount": "100000"
    }
  }
}

Policy Types

1. Access Control Policies

Control who can access features or resources:

DeFi protocol access
Premium feature gates
Community membership
Voting rights

2. Risk Assessment Policies

Evaluate risk levels for lending or trading:

Credit scoring
Collateral requirements
Trading limits
Insurance eligibility

3. Reputation Policies

Calculate reputation scores:

Trust score components
Achievement weighting
Decay mechanisms
Threshold calculations

4. Compliance Policies

Ensure regulatory compliance:

KYC requirements
Geographic restrictions
Age verification
Professional licensing

Creating and Evaluating Policies

Create a Policy

const policy = await client.createPolicy({
  name: "DeFi Access Policy",
  description: "Standard DeFi access requirements",
  conditions: [
    {
      type: "attestation_exists",
      schema: "defi_experience_v1",
      required: true
    },
    {
      type: "data_condition",
      field: "experience_months", 
      operator: "gte",
      value: 6
    }
  ],
  decision: {
    type: "allow",
    metadata: { access_level: "standard" }
  }
});

Evaluate a Policy

const result = await client.evaluatePolicy({
  policyId: "defi_access_policy_v1",
  subject: "0x5678...",
  context: {
    requested_amount: "50000",
    protocol: "aave"
  }
});

if (result.passed) {
  console.log("Access granted:", result.metadata);
} else {
  console.log("Access denied:", result.reasons);
}

Attesters

Attesters are trusted entities that issue attestations in the ZKScore Trust Layer. They play a crucial role in building trust and reputation in the ecosystem.

Becoming an Attester

The Trust Layer V1 uses a whitelist model where attesters must be approved by the ZKScore team or governance. This ensures quality and prevents spam.

Attester Requirements

Organization Identity: Clear organizational identity and purpose
Technical Capability: Ability to integrate with ZKScore APIs
Trustworthiness: Established reputation or credentials
Use Case: Valid business case for issuing attestations
Staking: Optional SCORE token staking for high-value attestations

Application Process

Submit Application: Complete attester application form
Technical Review: API integration and technical capability review
Business Review: Use case and business model evaluation
Approval: Team approval and API key generation
Onboarding: Technical integration and testing

Attester Tiers

Tier	Requirements	Capabilities	Staking
Team	Internal ZKScore team	Full access, all features	None
Partner	Strategic partners	High limits, priority support	10,000 SCORE
Verified	Established organizations	Standard limits	1,000 SCORE
Community	Community attesters	Basic limits	100 SCORE

Attester Responsibilities

1. Data Quality

Ensure attestation data is accurate and verifiable
Implement data validation and quality checks
Maintain data freshness and relevance

2. Security

Secure API key management
Implement proper authentication
Monitor for suspicious activity

3. Compliance

Follow relevant regulations and guidelines
Implement privacy controls
Maintain audit trails

4. User Experience

Provide clear attestation schemas
Offer user-friendly interfaces
Respond to user inquiries

Attester Tools

API Integration

// Initialize attester client
const attesterClient = new ZKScoreAttester({
  apiKey: 'att_...',
  organizationId: 'org_123'
});

// Create attestation schema
const schema = await attesterClient.createSchema({
  name: 'defi_experience_v1',
  fields: [
    { name: 'protocols_used', type: 'string[]', required: true },
    { name: 'total_volume', type: 'string', required: true },
    { name: 'experience_months', type: 'number', required: true },
    { name: 'risk_level', type: 'string', enum: ['low', 'medium', 'high'] }
  ]
});

Dashboard Access

Real-time attestation statistics
User feedback and ratings
Revenue and token rewards
Performance metrics

Trust Modules

Trust Modules are pluggable components that define how attestations should be processed and evaluated. They enable custom trust logic for different use cases.

Built-in Modules

1. DeFi Module

Evaluates DeFi protocol usage and experience:

Protocol diversity scoring
Volume and activity metrics
Risk assessment
Yield farming participation

2. NFT Module

Assesses NFT trading and collection activity:

Collection diversity
Trading volume and frequency
Creator support
Community participation

3. Governance Module

Measures governance participation:

Voting frequency
Proposal creation
Delegation activity
Community engagement

Evaluates social and community contributions:

Content creation
Community moderation
Event participation
Referral activity

Custom Modules

You can create custom trust modules for specific use cases:

// Custom module for gaming achievements
const gamingModule = {
  id: 'gaming_achievements_v1',
  name: 'Gaming Achievement Module',
  version: '1.0.0',
  evaluate: (attestations, context) => {
    const gamingAttestations = attestations.filter(
      a => a.schema.startsWith('gaming_')
    );
    
    let score = 0;
    gamingAttestations.forEach(attestation => {
      switch (attestation.schema) {
        case 'gaming_level_100':
          score += 100;
          break;
        case 'gaming_achievement_rare':
          score += 50;
          break;
        case 'gaming_community_leader':
          score += 75;
          break;
      }
    });
    
    return {
      score,
      metadata: {
        total_achievements: gamingAttestations.length,
        max_score: 1000
      }
    };
  }
};

Integration Patterns

1. Trust-Gated Applications

Build applications that require trust verification:

// Check user trust before allowing access
const checkAccess = async (userAddress, requiredLevel) => {
  const trustScore = await client.getTrustScore(userAddress);
  const attestations = await client.getAttestations(userAddress);
  
  // Evaluate against policy
  const policyResult = await client.evaluatePolicy({
    policyId: 'app_access_policy',
    subject: userAddress,
    context: { required_level: requiredLevel }
  });
  
  return policyResult.passed;
};

// Use in your application
app.get('/premium-feature', async (req, res) => {
  const hasAccess = await checkAccess(req.user.address, 'premium');
  
  if (!hasAccess) {
    return res.status(403).json({ 
      error: 'Insufficient trust level for premium features' 
    });
  }
  
  // Grant access to premium feature
  res.json({ data: premiumData });
});

2. Reputation-Based Lending

Implement lending based on trust scores:

// Calculate loan terms based on trust
const calculateLoanTerms = async (borrowerAddress, requestedAmount) => {
  const trustScore = await client.getTrustScore(borrowerAddress);
  const defiAttestations = await client.getAttestations(borrowerAddress, {
    schema: 'defi_experience_v1'
  });
  
  let interestRate = 0.12; // Base rate 12%
  let maxAmount = requestedAmount;
  
  // Adjust based on trust score
  if (trustScore.total > 800) {
    interestRate = 0.08; // 8% for high trust
    maxAmount = requestedAmount * 2; // Double the limit
  } else if (trustScore.total > 500) {
    interestRate = 0.10; // 10% for medium trust
    maxAmount = requestedAmount * 1.5; // 1.5x the limit
  }
  
  // Adjust based on DeFi experience
  if (defiAttestations.length > 0) {
    const experience = defiAttestations[0].data.experience_months;
    if (experience > 24) {
      interestRate *= 0.9; // 10% discount for experience
    }
  }
  
  return {
    approved: maxAmount >= requestedAmount,
    interestRate,
    maxAmount,
    term: '12 months'
  };
};

3. DAO Governance

Implement reputation-weighted voting:

// Calculate voting power based on trust
const calculateVotingPower = async (voterAddress) => {
  const trustScore = await client.getTrustScore(voterAddress);
  const governanceAttestations = await client.getAttestations(voterAddress, {
    schema: 'governance_participation_v1'
  });
  
  let basePower = 1;
  
  // Trust score multiplier
  if (trustScore.total > 800) basePower = 3;
  else if (trustScore.total > 600) basePower = 2;
  else if (trustScore.total > 400) basePower = 1.5;
  
  // Governance participation bonus
  const participationBonus = Math.min(governanceAttestations.length * 0.2, 1.0);
  
  return Math.floor(basePower * (1 + participationBonus));
};

Security Considerations

1. Attestation Integrity

All attestations are cryptographically signed
Immutable on-chain storage
Revocation mechanisms for invalid attestations

2. Privacy Protection

Zero-knowledge proofs for selective disclosure
Optional anonymity for sensitive attestations
Data minimization principles

3. Sybil Resistance

Attester whitelisting prevents spam
Staking requirements for high-value attestations
Reputation decay mechanisms

4. Governance

Decentralized policy updates
Community-driven attester approval
Transparent decision-making processes

Getting Started

1. Understand the Concepts

Read through this guide to understand how attestations, policies, and trust modules work together.

2. Get API Access

Apply for an API key and set up your development environment.

3. Create Your First Attestation

Use the API to create and issue your first attestation.

4. Build a Policy

Define rules for how attestations should be evaluated.

5. Integrate with Your Application

Add trust verification to your existing application.

Getting Started

Core Concepts

Guides

Use Cases

Integrations

Advanced

Reference

​Overview

Attestations

Policies

Attesters

Trust Modules

​Architecture

​Attestations

​What are Attestations?

​Example Attestation

​Types of Attestations

​1. Identity Attestations

​2. Behavioral Attestations

​3. Skill Attestations

​4. Achievement Attestations

​Creating Attestations

​Via API

​Via Smart Contract

​Policies

​What are Policies?

​Policy Structure

​Policy Types

​1. Access Control Policies

​2. Risk Assessment Policies

​3. Reputation Policies

​4. Compliance Policies

​Creating and Evaluating Policies

​Create a Policy

​Evaluate a Policy

​Attesters

​Becoming an Attester

​Attester Requirements

​Application Process

​Attester Tiers

​Attester Responsibilities

​1. Data Quality

​2. Security

​3. Compliance

​4. User Experience

​Attester Tools

​API Integration

​Dashboard Access

​Trust Modules

​Built-in Modules

​1. DeFi Module

​2. NFT Module

​3. Governance Module

​4. Social Module

​Custom Modules

​Integration Patterns

​1. Trust-Gated Applications

​2. Reputation-Based Lending

​3. DAO Governance

​Security Considerations

​1. Attestation Integrity

​2. Privacy Protection

​3. Sybil Resistance

​4. Governance

​Getting Started

​1. Understand the Concepts

​2. Get API Access

​3. Create Your First Attestation

​4. Build a Policy

​5. Integrate with Your Application

​Related Documentation

Overview

Architecture

Attestations

What are Attestations?

Example Attestation

Types of Attestations

1. Identity Attestations

2. Behavioral Attestations

3. Skill Attestations

4. Achievement Attestations

Creating Attestations

Via API

Via Smart Contract

Policies

What are Policies?

Policy Structure

Policy Types

1. Access Control Policies

2. Risk Assessment Policies

3. Reputation Policies

4. Compliance Policies

Creating and Evaluating Policies

Create a Policy

Evaluate a Policy

Attesters

Becoming an Attester

Attester Requirements

Application Process

Attester Tiers

Attester Responsibilities

1. Data Quality

2. Security

3. Compliance

4. User Experience

Attester Tools

API Integration

Dashboard Access

Trust Modules

Built-in Modules

1. DeFi Module

2. NFT Module

3. Governance Module

4. Social Module

Custom Modules

Integration Patterns

1. Trust-Gated Applications

2. Reputation-Based Lending

3. DAO Governance

Security Considerations

1. Attestation Integrity

2. Privacy Protection

3. Sybil Resistance

4. Governance

Getting Started

1. Understand the Concepts

2. Get API Access

3. Create Your First Attestation

4. Build a Policy

5. Integrate with Your Application

Related Documentation