Match the proof commitment
The submitted proof is hashed and compared with the commitment on the user's ENS record.
Built for ETHGlobal · Open Agents zk memory auth
Two agents should not see the same memory just because they share the same store.
A stateless gateway in front of mem0. Noir proof verifies who you are, ENS records say what you can read.
01 / Problem
Memory access is still a database filter.
Trust the operator, or verify the proof. Pick one.
That works for toy assistants. It breaks anywhere role, namespace, expiry, or revocation must be independently verifiable.
nurse agent admin agent
shared mem0 store clinical billing restricted
operator code decides trust required
02 / Demo narrative
Same hospital memory. Different answers.
Every row is an ENS subname. Every decision comes from on-chain records — not application code.
| Principal | Medication schedule | Psych evaluation | Q3 margin by department |
|---|---|---|---|
| Nurse nurse.zkmemory-hospital.eth clinical / max confidential | allowed | denied | denied |
| Resident resident.zkmemory-hospital.eth clinical / max confidential | allowed | denied | denied |
| Hospital admin admin.zkmemory-hospital.eth all / max restricted | allowed | allowed | allowed |
03 / How it works
Four gates before a single memory result.
The gateway is stateless. The policy lives in ENS, the proof is generated in the browser, mem0 only sees a filtered request.
Pin Google's signing key
The gateway rejects proofs unless the JWT key matches the pinned Google JWKS modulus.
Verify with Barretenberg
The Noir proof is verified off-chain with Barretenberg before any mem0 request is built.
Bind to a fresh nonce
Every request carries a wallet signature over a fresh nonce, bound to the subname's addr record.
The proof binds the identity. The wallet binds the request. You need both, every call.
04 / On-chain substrate
ENS is the access control surface.
No policy database. Every access decision is re-derivable from on-chain records with a Sepolia RPC. ZkmaResolver implements IExtendedResolver wildcard resolution.
zkma:role: <value> zkma:namespaces: <value> zkma:max-tag: <value> zkma:expiry: <value> zkma:revoked: <value> zkma:proof-commitment: <value> zkma:email-hash: <value> zkma:partners: <value>
v0.1: email is a public circuit input. v0.2 moves it behind a Poseidon commitment — only domain membership is revealed.
05 / ENS fit
Not ENS-as-login. ENS as policy substrate.
The subname is the identity. The text records are the policy. Both are public, both are revocable, both work with standard ENS tooling.
Revocation is a single text record write. No session invalidation, no token rotation.