BenchmarksStack Ranking
H33-128H33-CKKSH33-256H33-FHE-IQFHE OverviewZK LookupsBiometricsH33-3-KeyH33-MPCPQC ArchitecturePQ VideoStorage EncryptionAI DetectionEncrypted Search
APIsPricingDocsWhite PaperTokenBlogAboutSecurity Demo
Log InGet API Key
Benchmarks Stack Ranking H33 FHE H33 ZK APIs Pricing PQC Docs Blog About
H33 Blog Zero-Knowledge Proofs Without Blockchain
ZKP IDENTITY NO BLOCKCHAIN March 23, 2026 · 10 min read
EB
Eric Beans
Founder & CEO · H33

Zero-Knowledge Proofs Without Blockchain.
Identity Verification That Reveals Nothing.

Zero-knowledge proofs are the most powerful primitive in modern cryptography — and 90% of the content about them is about blockchain. This guide is for developers who want to use ZKPs for real-world identity verification: age checks, KYC, credential proofs, and compliance attestation — without a single token, chain, or gas fee.

0.062µs
Verification
192B
Proof size
0
Data revealed
100%
Post-quantum safe
Cached STARK verification · DashMap in-process lookup · c8g.metal-48xl (96 cores, AWS Graviton4) · March 2026

ZKPs Are Not Just for Crypto

Search for "zero-knowledge proofs" and you'll find 9 out of 10 results talking about rollups, zk-EVMs, and L2 scaling. That's fine — ZKPs are transformative for blockchain. But the core primitive — proving a fact without revealing the underlying data — is useful far beyond cryptocurrency.

A zero-knowledge proof lets a prover convince a verifier that a statement is true without transmitting any information beyond the truth of that statement. The mathematics don't care whether you're proving a transaction is valid on Ethereum or proving a user is over 21 without showing their driver's license.

The Core Idea

A ZKP is a proof that a statement is true, where the proof reveals nothing except that the statement is true. No data leaks. No trust required. Mathematically guaranteed.

The reason ZKPs are so blockchain-dominated in popular discourse is historical — Zcash in 2016 brought ZK-SNARKs to mainstream attention, and the Ethereum ecosystem funded most of the subsequent tooling. But the underlying math (polynomial commitments, interactive oracle proofs, hash-based constraints) is completely general. The proof doesn't know or care what it's proving.

This post is for developers who want to use ZKPs for identity, credentials, and compliance — without deploying a single smart contract.

Real-World Use Cases (Without a Single Token)

Here are concrete, production-ready applications of zero-knowledge proofs that have nothing to do with blockchain:

🎫
Age Verification
Prove a user is over 21 (or 18, or 65) without revealing their date of birth, name, address, or any other field on their ID. The verifier learns exactly one bit: "over threshold" or "under threshold." Nothing else. Read: ZKP Age Verification →
Zero data exposure
📋
KYC Without Document Sharing
Prove that a user has completed identity verification with a trusted provider without forwarding their passport scan, selfie, or address history. The relying party gets a cryptographic attestation — not a copy of the user's documents.
Privacy-preserving
📜
Credential Verification
Prove you hold a valid professional license, degree, or certification without revealing the issuing institution, license number, or personal details. Useful for hiring, gig platforms, and regulated industries. Read: ZKP Credential Verification →
Selective disclosure
⚖️
Compliance Proofs
Prove GDPR compliance, HIPAA adherence, or SOC 2 conformance without giving auditors full access to your systems. Generate a ZK proof that your data handling meets specific constraints — verifiable by anyone, without exposing the data itself. Read: ZKP Compliance Proofs →
Audit without access

In every case, the pattern is the same: a prover (the user or their agent) generates a proof from private data, and a verifier (the service) checks the proof without ever seeing the data. No blockchain needed. No gas fees. No wallet. Just an API call.

How H33's ZKP API Works

H33's ZKP system is STARK-based (Scalable Transparent ARgument of Knowledge), not SNARK-based. This is a deliberate architectural decision with three consequences:

Here's what a ZKP verification looks like through the H33 API:

Shell · curl POST /zkp/verify 
curl -X POST https://api.h33.ai/v1/zkp/verify \
  -H "Authorization: Bearer $H33_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "proof": "base64_encoded_stark_proof",
    "public_inputs": {
      "statement": "age_gte",
      "threshold": 21,
      "issuer_commitment": "sha3_256_of_issuer_pk"
    }
  }'

// Response
{
  "verified": true,
  "statement": "age_gte",
  "threshold": 21,
  "proof_system": "STARK",
  "hash_function": "SHA3-256",
  "post_quantum": true,
  "latency_us": 0.062,
  "proof_size_bytes": 192,
  "data_revealed": "none"
}

The verifier never sees the user's date of birth, ID number, or any personal data. The proof is a 192-byte STARK attestation that the statement "age >= 21" is true, given a commitment from a trusted issuer. Verification takes 0.062µs on a cached DashMap lookup.

STARK vs SNARK for Identity

The choice between STARKs and SNARKs matters more for identity applications than for blockchain rollups. Here's why:

Property SNARK (Groth16 / PLONK) STARK (H33) Why It Matters for Identity
Trusted Setup Required Not required Identity proofs must be trustless from day one
Quantum Resistance No (ECC-based) Yes (hash-based) Identity credentials persist for years/decades
Proof Size ~128 B (Groth16) ~192 B (cached) Both small enough for API transport
Verification Speed ~1.2 ms 0.062 µs (cached) Sub-microsecond enables real-time auth flows
Prover Complexity Lower Higher H33 handles proving server-side
Transparency Ceremony-dependent Fully transparent No trust assumptions in identity infrastructure

For blockchain rollups, SNARKs win on proof size (cheaper on-chain verification). For identity, that advantage disappears — proofs are verified via API, not on-chain. STARKs win on every axis that matters for identity: no trusted setup, quantum resistance, and transparent verification.

Why Quantum Resistance Matters Now

Identity credentials issued today may need to be verifiable in 2035. If your ZKP system is based on elliptic curve pairings (SNARKs), a quantum computer can forge proofs for any previously issued credential. STARK proofs based on SHA3-256 remain secure regardless of quantum advances.

Performance

H33's ZKP verification leverages an in-process DashMap cache that stores pre-verified STARK proof hashes. For repeat verifications (the common case in production — the same credential checked by multiple verifiers), the lookup is a hash table read:

ZKP Verification Performance

Cached STARK verification0.062 µs
Cold STARK verification~2.1 µs
STARK proof generation~340 µs
Batch: 100 proofs~35 ms
Faster Than a Database Lookup

At 0.062µs, cached ZKP verification is faster than a typical Redis GET (~50µs network round-trip) or PostgreSQL index scan (~200µs). You can verify a zero-knowledge proof faster than you can look up a row in a database. This means ZKP verification adds zero measurable latency to your authentication flow.

Proof size is 192 bytes — smaller than a typical JWT. Batch proving scales linearly: 100 proofs in 35ms, making bulk credential issuance practical for enterprise deployments.

Metric Value Comparison
Cached verification 0.062 µs 800x faster than Redis GET
Proof size 192 bytes Smaller than a typical JWT (~800 B)
Batch (100 proofs) 35 ms 350 µs per proof amortized
Post-quantum Yes (SHA3-256) No ceremony, no ECC dependency

Integration Guide

H33's ZKP API follows a three-step flow: create a proof request, generate the proof (server-side or client-side with our SDK), and verify the proof. Here's the complete age verification flow in four languages.

Step 1: Create a Proof Request

Shell · curl POST /zkp/request 
curl -X POST https://api.h33.ai/v1/zkp/request \
  -H "Authorization: Bearer $H33_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "age_verification",
    "threshold": 21,
    "issuer": "state_dmv",
    "callback_url": "https://yourapp.com/api/zkp/callback"
  }'

// Response
{
  "request_id": "zk_req_8xNm...",
  "challenge": "base64_challenge_nonce",
  "expires_at": "2026-03-23T12:05:00Z"
}

Step 2: Generate the Proof (Server-Side)

JavaScript zkp-age-verify.js 
import { H33 } from '@h33/sdk';

const h33 = new H33({ apiKey: process.env.H33_API_KEY });

// Generate a proof that the user is over 21
// The SDK never sends the raw date of birth to H33
const proof = await h33.zkp.prove({
  type: 'age_verification',
  threshold: 21,
  credential: userCredential,  // signed by issuer, stays local
  challenge: requestChallenge   // from Step 1
});

// Send proof to verifier
const result = await h33.zkp.verify({
  proof: proof.proof,
  public_inputs: proof.public_inputs
});

console.log(result.verified);    // true
console.log(result.latency_us);  // 0.062
Python zkp_age_verify.py 
from h33 import H33Client

client = H33Client(api_key=os.environ["H33_API_KEY"])

# Generate proof — raw credential never leaves your server
proof = client.zkp.prove(
    type="age_verification",
    threshold=21,
    credential=user_credential,
    challenge=request_challenge
)

# Verify the proof
result = client.zkp.verify(
    proof=proof.proof,
    public_inputs=proof.public_inputs
)

assert result.verified == True
print(f"Verified in {result.latency_us} µs")  # 0.062 µs
Rust zkp_age_verify.rs 
use h33_sdk::{H33Client, zkp::ProveRequest};

let client = H33Client::new(std::env::var("H33_API_KEY")?);

// Generate proof
let proof = client.zkp().prove(ProveRequest {
    proof_type: "age_verification".into(),
    threshold: 21,
    credential: user_credential,
    challenge: request_challenge,
}).await?;

// Verify
let result = client.zkp().verify(&proof).await?;
assert!(result.verified);
println!("Verified in {} µs", result.latency_us); // 0.062
Shell · curl Complete flow via curl 
# Step 1: Create proof request
REQUEST=$(curl -s -X POST https://api.h33.ai/v1/zkp/request \
  -H "Authorization: Bearer $H33_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"type":"age_verification","threshold":21}')

CHALLENGE=$(echo $REQUEST | jq -r '.challenge')

# Step 2: Generate proof (with pre-signed credential)
PROOF=$(curl -s -X POST https://api.h33.ai/v1/zkp/prove \
  -H "Authorization: Bearer $H33_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{
    \"type\": \"age_verification\",
    \"threshold\": 21,
    \"credential\": \"$USER_CREDENTIAL\",
    \"challenge\": \"$CHALLENGE\"
  }")

# Step 3: Verify proof
curl -X POST https://api.h33.ai/v1/zkp/verify \
  -H "Authorization: Bearer $H33_API_KEY" \
  -H "Content-Type: application/json" \
  -d "$(echo $PROOF | jq '{proof: .proof, public_inputs: .public_inputs}')"

# {"verified": true, "latency_us": 0.062, "proof_size_bytes": 192}

Why Not Just Use JWTs?

JWTs are the standard bearer token for web authentication. They work. But they have a fundamental architectural flaw for privacy-sensitive claims: JWTs reveal their contents to every verifier.

When you embed "age": 25 or "kyc_status": "verified" in a JWT, every service that validates that token sees those claims in plaintext. The verifier learns not just that the user is over 21, but their exact age. Not just that they passed KYC, but potentially which provider, when, and at what level.

Property JWT ZKP
Data exposure All claims visible to all verifiers Zero data revealed beyond the statement
Selective disclosure Not natively supported Built-in — prove only what's needed
Verifier trust Verifier sees all claims (must be trusted) Verifier is untrusted by design
Token size ~800 B (typical) 192 B (proof only)
Quantum resistance No (HMAC-SHA256 / RS256) Yes (STARK / SHA3-256)
Forgery on compromise Signing key leaked = all tokens forgeable No signing key — proofs are self-verifying
Privacy guarantee None (plaintext claims) Mathematically proven zero-knowledge

This doesn't mean you should replace all JWTs with ZKPs. JWTs are fine for session tokens and non-sensitive claims. But for identity attributes — age, income range, credit score bracket, health status, professional credentials — a ZKP is strictly better. The verifier gets exactly the information they need and nothing more.

The GDPR Argument

Under GDPR, every piece of personal data you collect creates a compliance obligation. With JWTs, you're collecting and storing claims you don't need. With ZKPs, you collect zero personal data — you verify a mathematical proof. No data minimization required because there's no data to minimize. Your attack surface for data breaches drops to zero for ZKP-verified attributes.

Architecture: How It Fits Together

The ZKP flow integrates into standard API architectures without requiring blockchain nodes, wallet infrastructure, or smart contract deployments:

STEP 1
ISSUE
Trusted Issuer signs credential
A KYC provider, government agency, or enterprise IdP issues a signed credential to the user. This credential contains the private attributes (DOB, license number, etc.) and is stored only on the user's device or in their agent.
Issuer-signed User-held Never shared
↓ User presents proof request to their credential
STEP 2
PROVE
H33 generates STARK proof from credential
The user's credential is fed into H33's STARK prover (server-side or via SDK). The prover generates a 192-byte proof that the requested statement is true (e.g., "age >= 21") without revealing any other credential fields. Proving takes ~340µs.
STARK SHA3-256 192 B output ~340µs
↓ 192-byte proof sent to verifier via API
STEP 3
VERIFY
Verifier checks proof — learns nothing else
The relying party calls POST /zkp/verify with the 192-byte proof. H33 returns a boolean result in 0.062µs (cached). The verifier never sees the credential, the user's data, or anything beyond the truth of the statement.
0.062µs cached Zero data exposure Post-quantum

Prove Anything. Reveal Nothing.

Age verification, KYC, credentials, compliance — all provable without exposing a single byte of personal data. STARK-based. Post-quantum. No blockchain required.

Explore ZK Proofs → ZKP API Docs Live Demo
Free tier · 1,000 ZKP verifications/month · No credit card required

Related Articles

ZKP
What Are Zero-Knowledge Proofs?
Identity
ZKP Identity Verification
ZK Systems
Groth16 vs PLONK Comparison
Verify It Yourself