v6 · per-prover ZK range proof

Credential Freshness — live ZK demo

Prove your KYC credential is within a dApp's freshness window, without revealing the identity commitment or the exact issuance time. Groth16 proof generation runs in your browser; verification runs on HashKey testnet.

1. Scenario

A demo credential was seeded on HashKey testnet when scripts/seed-freshness-demo.ts ran. Only the freshness-window slider is active in this mode — the credential's issuance time is fixed and on-chain.

issuanceTime (on-chain): 2026-03-18 · 49 days ago

group: KYC Verified

seeded leaf index: 7

tree root (on-chain): 0x52241b…383f31

dApp freshness windowrequire within 90 days

2. Generate the ZK proof

3. Verify on HashKey testnet · KYC Verified

Composer: 0xff790d…725fbb · Registry: 0xd251ec…753938

What you just saw

A real Groth16 proof generated in your browser using the compiled credential_freshness.circom circuit (depth-16 Poseidon Merkle + 64-bit range check, 4,665 wires).
The verifier contract is the auto-generated FreshnessVerifier.sol from snarkjs.
The circuit enforces issuanceTime ≥ earliestAcceptable. If the credential is older, the proof refuses to generate. That's the privacy-preserving expiry check — a per-prover ZK range proof, not a group-window approximation.