Skip to content

Core Concepts

This guide explains the fundamental building blocks of the QuantZK Verifiable Decision Infrastructure protocol.

Decision Attestation

A Decision Attestation is a signed, portable, self-contained proof that a software decision followed a defined set of rules. It is the core artifact of the VDI protocol.

Structure

Decision Attestation
├── vdi_version: "1.0.0"
├── type: "decision_attestation_v1"
├── attestation_id: "vdi:att:0x..."
├── pipeline
│   ├── id, hash, name, version
│   └── (pipeline definition hash, proves structure)
├── policy
│   ├── manifest_hash (proves which constraints applied)
│   ├── constraint_count
│   └── authority (who reviewed the constraints)
├── outcome
│   ├── id (which pipeline step produced the outcome)
│   └── timestamp
├── proof
│   ├── system: "groth16"
│   ├── curve: "bn128"
│   ├── pi_a, pi_b, pi_c (the ZK proof)
│   └── public_signals
├── verification
│   ├── key (embedded verification key)
│   └── key_hash
├── circuit (governance metadata)
│   ├── circuit_id, circuit_version, circuit_hash
│   ├── compiler, compiler_version
│   └── constraints, audit_reference
├── signature
│   ├── algorithm: "Ed25519"
│   ├── kid (key ID for rotation)
│   ├── public_key
│   └── value (signature over canonical payload)
├── issued_at
└── expires_at

Key Properties

  • Self-contained, Everything needed to verify is inside the attestation (including the verification key)
  • Portable, Can be stored, transmitted, and verified anywhere
  • Offline-verifiable, No server, API, or network required
  • Tamper-evident, Ed25519 signature covers the canonical JSON representation
  • Time-bounded, Has issued_at and expires_at timestamps
  • Privacy-preserving, Private inputs never appear in the attestation; only the ZK proof and public signals

Decision Pipeline

A pipeline defines the structure of a decision process. It is a directed acyclic graph (DAG) of steps with policy constraints attached.

javascript
const pipeline = vdi.pipeline({
  name: 'Loan Approval',
  version: '2.0.0',
  steps: ['application', 'identity', 'credit', 'fairness', 'pricing', 'decision'],
  constraints: [
    { id: 'no_protected_class', vertex: 'fairness', critical: true },
    { id: 'rate_within_bounds', vertex: 'pricing', critical: false }
  ],
  authority: {
    type: 'legal_review',
    name: 'Covington & Burling LLP',
    reference: 'Opinion #2026-AI-FL-014'
  }
});

The pipeline hash is a SHA-256 of the canonical JSON representation of { name, version, steps, constraints }. This hash is included in every attestation, proving the exact pipeline definition that was executed.

Policy Constraints

Constraints are rules that must be satisfied at specific steps in the pipeline. They come from policy manifests, versioned, hashed libraries of constraints.

Built-in Manifests

ManifestRegulationConstraints
fair-lending-v1Fair Lending Act, ECOAno_protected_class, adverse_action_justified, rate_within_bounds, equal_information_requirement
eu-ai-act-art14-v1EU AI Act Article 14human_oversight_mechanism, system_understanding, anomaly_detection, intervention_capability, automation_bias_awareness
hipaa-phi-v1HIPAA Privacy Ruleminimum_necessary, authorized_purpose, audit_trail, de_identification
nist-ai-rmf-v1NIST AI 100-1govern_policies, map_context, measure_performance, manage_risk

Authority Types

Constraints have an associated authority, the entity that reviewed and approved them:

TypeDescriptionTrust Level
legal_reviewReviewed by a named law firmHighest
standards_bodyPublished by a standards organizationHigh
audit_firmReviewed by a named audit firmHigh
self_attestedNo external reviewBaseline

Zero-Knowledge Proofs

The ZK proof is the core cryptographic mechanism. QuantZK uses Groth16 proofs on the bn128 elliptic curve.

What the proof proves

Given a decision pipeline with constraints, the proof demonstrates:

  • The execution followed a valid path through the pipeline DAG
  • All policy constraints evaluated to true
  • The causal chain from inputs to outcome is valid

What the proof hides

  • The actual input values (credit score, income, etc.)
  • The model weights or algorithm logic
  • How specific constraints were evaluated
  • Any intermediate state

How it works

  1. The prover constructs a causal DAG from the pipeline definition
  2. Constraint predicates are attached to vertices in the DAG
  3. The CausalProver from zk-cp generates a Groth16 proof using snarkjs
  4. The proof, public signals, and verification key are embedded in the attestation

Verification

Verification is a 7-step process that runs entirely offline:

StepNameWhat it checks
1SchemaAll required fields present, correct types and formats
2Timestampsissued_at is not in the future; expires_at is not in the past
3Pipeline IntegrityPipeline hash is valid SHA-256 hex
4Policy IntegrityManifest hash is valid; authority type is recognized
5ZK ProofGroth16 proof mathematically verifies against verification key
6SignatureEd25519 signature over canonical payload is valid
7Key IntegrityVerification key hash matches embedded key

Step 5 (ZK Proof) is the most computationally expensive but typically completes in 20-30ms. The entire verification takes ~27ms.

Verification Receipts

A receipt is a signed attestation that verification occurred. It enables trust propagation without re-running the full verification.

Verification Receipt
├── receipt_id: "vdi:receipt:0x..."
├── attestation_id (which attestation was verified)
├── attestation_hash (SHA-256 of the attestation, binding)
├── verifier
│   ├── implementation, version
│   └── verifier_id
├── verification_profile (which checks were run)
├── profile_hash
├── result
│   ├── valid: true/false
│   └── checks: { schema: true, timestamps: true, ... }
├── verified_at
├── expires_at (24-hour default TTL)
├── parent_receipt_hash (for chaining)
├── chain_depth
└── signature (Ed25519)

Receipt Verification

Checking a receipt is fast (~2ms) because it doesn't re-run the ZK proof:

  1. Check receipt expiry
  2. Verify attestation hash binding
  3. Check verifier is in trusted set
  4. Verify receipt signature

Verification Profiles

Profiles define what "verified" means. They are standardized check configurations:

ProfileChecksAuthority Requirement
VDI_VERIFY_STRICT_V1All 7 stepslegal_review, standards_body, or audit_firm
VDI_VERIFY_STANDARD_V1All 7 stepsAny (including self_attested)
VDI_VERIFY_MINIMAL_V1Schema + timestamps + ZK proofAny

When a verifier emits a receipt, the profile is recorded so downstream consumers know exactly which checks were performed.

Trusted Verifier Sets (TVS)

A TVS is a k-of-n quorum policy for accepting receipts. It defines which verifiers are trusted and at what level.

javascript
const tvs = {
  tvs_id: 'vdi:tvs:acme-production',
  name: 'ACME Corp Production Verifier Set',
  verifiers: [
    { verifier_id: 'vdi:verifier:compliance-bot', trust_level: 'primary' },
    { verifier_id: 'vdi:verifier:risk-monitor', trust_level: 'secondary' }
  ]
};

Acceptance Policies

LevelRequirement
low1 receipt from any trusted verifier
medium1 primary receipt OR 2 secondary receipts
high2+ receipts from independent verifiers
critical2+ independent verifiers + probabilistic spot-check

Transparency Log

The transparency log is an append-only Merkle tree of receipts, modeled after Certificate Transparency (RFC 6962). It detects receipt equivocation, when a verifier issues contradictory receipts for the same attestation.

Operations

  • Append, Add a receipt to the log; returns a Signed Log Entry (SLE)
  • Inclusion Proof, Prove a receipt exists in the log
  • Equivocation Check, Detect contradictory receipts for the same attestation
  • Consistency Proof, Prove the log hasn't been tampered with

Verifier Registry

The verifier registry manages verifier identities and key lifecycle:

  • Registration, Add a new verifier with a public key
  • Key Rotation, Rotate keys with configurable grace periods
  • Revocation, Revoke a verifier (e.g., after equivocation detection)
  • Key Validation, Check if a key is valid at a given time

Circuit Governance

Every attestation includes circuit metadata for auditability:

  • circuit_id, Identifier for the circuit
  • circuit_hash, SHA-256 of the compiled WASM
  • r1cs_hash, SHA-256 of the R1CS constraint system
  • compiler / compiler_version, Reproducible builds
  • constraints, Number of constraints in the circuit
  • audit_reference, Link to external audit (if any)

This metadata allows auditors to verify that the same circuit was used consistently and that it hasn't been modified.

Verification keys are embedded in attestations. The verifier is open source.