Create encrypted zk-Prof(ile) Pictures with privacy-first photos for the undoxxed by Arubaito
zkprof is an early-stage TypeScript project in the AI payments / x402 ecosystem, focused on dox, pfp, privacy, privacy-protection. It currently has 2 GitHub stars and 0 forks, and sits alongside related tools like zkprof, awesome-ora, SubEtha.
Privacy-first encrypted profile photos with zero-knowledge proofs on Solana.
zkProf is a privacy-focused platform that lets you create encrypted profile photos that only you can decrypt and share. Think of it as taking a profile picture that's locked in a digital vault—no one can see it unless you explicitly grant them access.
Take Encrypted Photos: Capture a profile photo through your webcam or phone. The photo is immediately encrypted using advanced cryptography, ensuring no one—not even zkProf—can view it without your permission.
Prove It's Encrypted (Without Revealing Your Keys): Using zero-knowledge proof technology (ZK-SNARKs), zkProf creates mathematical proof that your photo was properly encrypted, without ever revealing your encryption keys. This proof is recorded on the Solana blockchain as a permanent, tamper-proof memo transaction.
Control Who Sees Your Photo: You decide which third-party platforms (dating apps, social networks, professional platforms) can access your encrypted photo. Access requires:
Decrypt and Preview: You can always decrypt and view your own photos through a protected preview system with anti-screenshot safeguards.
Manage Sharing Permissions: Grant or revoke access to platforms at any time through the "Manage Sharing" page.
While your photo content is fully protected by encryption, using zkProf does create a public on-chain record. Here's what's visible vs. protected:
Protected (Private):
Publicly Visible on Solana Blockchain:
This means someone could see that your wallet created zkPFPs and when, but never what the photos contain. If you require complete anonymity of even the creation activity, consider using a dedicated wallet for zkProf.
zkProf is an open-source platform for zero-knowledge encrypted profile photos with third-party API access. This section covers installation, architecture, and integration for developers who want to fork, deploy, or integrate with zkProf.
zkpfp:{commitment}:{timestamp}) serves as immutable blockchain proofFrontend:
Backend:
Blockchain:
Cryptography:
git clone <your-repo-url>
cd zkprof
npm install
CRITICAL: ZK-SNARK artifacts must be generated locally before the application can function. These artifacts cannot be generated in the browser.
cd scripts
chmod +x setup-zk-artifacts.sh
./setup-zk-artifacts.sh
This script will:
circuits/zkpfp.circom circuitpublic/zk-artifacts/Expected artifacts:
public/zk-artifacts/zkpfp.wasm (~2MB)public/zk-artifacts/zkpfp_final.zkey (~3MB)public/zk-artifacts/verification_key.json (~1KB)See docs/ZK_SETUP_GUIDE.md for detailed instructions and troubleshooting.
Database Schema:
Run the migrations in supabase/migrations/ in order:
# If using Supabase CLI
supabase db reset
# Or apply migrations manually through Supabase dashboard
Key tables:
encrypted_photos: Stores encrypted image URLs, commitments, ZK proofsnft_mints: Records minted NFT addresses and metadataplatform_registrations: Third-party platform API keys and credit balancesaccess_grants: User A → Platform access permissionsaccess_sessions: Viewer sessions with NDA signatures and time limitsplatform_credit_transactions: Platform payment trackingnda_templates: NDA template storageStorage Buckets:
Create a public storage bucket named encrypted-pfps in Supabase Storage.
Edge Functions:
Deploy edge functions from supabase/functions/:
supabase functions deploy register-platform
supabase functions deploy platform-balance
supabase functions deploy grant-access
supabase functions deploy revoke-access
supabase functions deploy get-sol-price
Create a .env file in the project root:
# Supabase
VITE_SUPABASE_URL=https://your-project.supabase.co
VITE_SUPABASE_ANON_KEY=your-anon-key
VITE_SUPABASE_PROJECT_ID=your-project-id
# Solana RPC (CRITICAL: must match your wallet network)
VITE_SOLANA_RPC_ENDPOINT=https://your-rpc-endpoint.com
# Use mainnet endpoint for production, devnet for testing
# Recommended: Helius, QuickNode, or similar private RPC
# Edge Function Secrets (set in Supabase dashboard)
SUPABASE_SERVICE_ROLE_KEY=your-service-role-key
MORALIS_API_KEY=your-moralis-key
SOLANA_RPC_ENDPOINT=your-rpc-endpoint
Important Notes:
VITE_SOLANA_RPC_ENDPOINT must use VITE_ prefix to be accessible in browserVITE_ variables require rebuild to take effect (Vite bakes them at build time)npm run dev
Application will be available at http://localhost:8080
encrypted_photoszkpfp:{commitment}:{timestamp}/register-platform edge functionaccess_sessionszkProf provides a complete API for third-party platforms (dating apps, social networks, professional platforms) to access user-encrypted photos through an NDA-gated, payment-based system.
Business Model:
Payment Methods:
Access Requirements:
All edge functions are deployed at: https://chfqfdxpccxfmonhitjd.supabase.co/functions/v1/
Endpoint: POST /register-platform
Request:
{
"platform_name": "YourPlatform",
"platform_domain": "yourplatform.com",
"contact_email": "[email protected]"
}
Response:
{
"success": true,
"platform_id": "uuid",
"api_key": "generated-api-key"
}
Note: Store api_key securely. It cannot be retrieved later. Platforms must top up credits before making API calls.
Platforms must maintain prepaid credit balance to make API calls. Credits are purchased using x402 payment protocol on Solana.
Payment Process:
credit_balance_usd in platform_registrations tableplatform_credit_transactions tablePricing:
Endpoint: POST /platform-balance
Headers:
X-API-Key: your-api-key
Response:
{
"platform_id": "uuid",
"credit_balance_usd": 100.00
}
User A must explicitly grant platform access to their zkPFP before any viewers can see it.
Endpoint: POST /grant-access
Endpoint: POST /grant-access
Request:
{
"blob_id": "zkpfp-blob-id",
"platform_id": "your-platform-id",
"wallet_public_key": "user-wallet-pubkey",
"signature": "base64-encoded-signature"
}
Signature Message Format:
Grant access to zkPFP {blob_id} for platform {platform_id}
Response:
{
"success": true,
"grant_id": "uuid"
}
Endpoint: POST /revoke-access
Request:
{
"blob_id": "zkpfp-blob-id",
"platform_id": "your-platform-id",
"wallet_public_key": "user-wallet-pubkey",
"signature": "base64-encoded-signature"
}
Signature Message Format:
Revoke access to zkPFP {blob_id} for platform {platform_id}
Circuit: circuits/zkpfp.circom
Inputs:
encryptionKeyBytes[32]: AES-256 encryption key as byte arraywalletPublicKeyBytes[32]: Solana wallet public key as byte arrayOutputs:
commitment: Poseidon hash of (encryptionKey + walletPublicKey)Constraints: ~260 (Poseidon hash operations)
Proving System: Groth16
Key Coupling: Verification key MUST be exported from the same .zkey used for proof generation. Mismatched keys cause silent verification failures.
npm run build
dist/ folder to:Important: Update environment variables in hosting platform. Changes to VITE_ variables require rebuild.
Deploy via Supabase CLI:
supabase functions deploy
Or deploy individual functions:
supabase functions deploy <function-name>
ZK Artifacts Required: Application will NOT work without locally-generated ZK artifacts in public/zk-artifacts/
Network Matching: Wallet network and VITE_SOLANA_RPC_ENDPOINT MUST be on same network (mainnet or devnet)
Key Coupling: When regenerating ZK proving keys, MUST re-export verification key and redeploy both
Legacy Proof Incompatibility: Old zkPFPs created before key updates become permanently unverifiable
Cache Busting: Verification key fetches include timestamp query param to avoid stale caches
Wallet-Based Auth: No traditional email/password auth. All authorization via Solana wallet signatures
Encryption Determinism: Encryption keys derived deterministically from wallet public key enables recovery
Build-Time Env Vars: VITE_ environment variables baked at build time, require rebuild when changed
This is an open-source project. Contributions welcome via pull requests.
MIT License - See LICENSE file for details
Built by Arubaito
Powered by:
Open Source AI trading agent that operates autonomously across 1000+ markets - Polymarket, Kalshi, Binance, Hyperliquid, Solana DEXs, 5 EVM chains. Scans for edge, executes instantly, manages risk while you sleep. Agent commerce protocol for machine-to-machine payments. Self-hosted. Built on Claude.
DePIN for Vintage Hardware — Proof-of-Antiquity blockchain where old machines outmine new ones. AI-powered hardware fingerprinting, 15+ CPU architectures, Solana bridge (wRTC). $0 VC.
Drop-in OpenAI Python client with transparent x402 payment support.
Client SDK for the Vybe x402 API. Pay-per-call USDC over HTTP and prepaid-credit WebSocket streaming for Vybe's Solana analytics API. Built for AI agents.
Autonomous AI BD Agent for SolCex Exchange: 24/7 Cross-Chain Token Scoring & Payments 2026
Drop-in OpenAI Typescript client with transparent x402 payment support.