Decentralized Identity

Decentralized Identity Infrastructure

Identity you own.
Signatures that outlast
quantum computers.

Elabify brings self-sovereign identity to institutions and individuals — secured by NIST-standardised post-quantum cryptography and zero-knowledge proofs, anchored on any EVM blockchain.

See how it works → Explore use cases
ML-DSA (FIPS 204) ML-KEM (FIPS 203) zk-STARK proofs W3C DID / VC Thales Luna HSM Entrust nShield EVM anchoring
The problem

Digital identity is broken — and getting more fragile

Today’s identity systems rely on centralised databases, elliptic-curve signatures vulnerable to future quantum computers, and trust hierarchies you didn’t choose.

Elabify replaces this with a stack where you hold your own keys, your credentials are verified with zero-knowledge proofs (revealing nothing you don’t choose to share), and every cryptographic operation can use a FIPS 140-3 certified HSM (MPC coming soon!).

  • 1
    Generate your DID A decentralised identifier is derived from your own ML-DSA public key. Your private key never leaves the hardware.
  • 2
    Receive credentials Issuers can sign claims about you — age, nationality, credit rating, KYC status — with their ML-DSA key. Each claim is committed to a Merkle tree.
  • 3
    Prove selectively Identity holders generate a zk-STARK proof revealing only the attributes they wish to share with a verifier. The verifier learns “over 18” without seeing your date of birth.
  • 4
    Verify on-chain The Merkle root and issuer DID are anchored on any EVM chain including Ethereum and Hyperledger Besu. Verification and revocation checks happen in milliseconds — free, no gas.
ISSUER (e.g. HSBC, HMRC, University)
ML-DSA key in HSM · signs credential CKM_ML_DSA_KEY_PAIR_GEN
CREDENTIAL
W3C Verifiable Credential
Claims → Sparse Merkle Tree (RPO-256) DilithiumSignature2024
HOLDER (wallet)
Selective disclosure · zk-STARK proof
Reveals: over18=true · Hides: DOB, passport FRI-STARK · RPO-256
VERIFIER (smart contract / institution)
Checks proof vs on-chain Merkle root
Revocation: eth_call → isRevoked() EVM · any chain · zero gas for reads
ON-CHAIN (Ethereum / Polygon / L2)
IdentityRegistry.sol · DID → pubkey mapping
RevocationRegistry.sol · Merkle root store MetaMask · ethers.js · any EVM
Post-quantum cryptography

Built for a world
with quantum computers

Every algorithm in the Elabify stack was chosen because it survives Shor’s algorithm. These are NIST-finalised standards running in production HSMs today — not experiments.

🔏

ML-DSA

Lattice-based digital signatures. Signs credentials and DID documents. Replaces ECDSA completely.

FIPS 204 · NIST
🔐

ML-KEM

Key encapsulation for secure credential delivery. Replaces ECDH and RSA-OAEP key exchange.

FIPS 203 · NIST
🌿

zk-STARKs

Zero-knowledge proofs with no trusted setup. Post-quantum: security relies only on hash collision resistance.

FRI · RPO-256
🏦

HSM-anchored

Issuer private keys never leave FIPS 140-3 Level 3 hardware. Thales Luna and Entrust nShield natively support all algorithms.

Production ready
Why this matters now

“Harvest Now, Decrypt Later” attacks are already happening. Adversaries record today’s encrypted traffic to decrypt once quantum computers arrive. Identity credentials signed with classical ECDSA today will be forgeable by 2030–2035. Elabify lets you migrate now — before the deadline, not after.

Use cases

From individuals to
global institutions

🌐

Cross-border KYC

A customer verified by HSBC London proves identity to HSBC Hong Kong with a single zk-STARK proof. No re-KYC. No data sharing. Instant verification.

Banking Compliance GDPR
🪙

Tokenised deposits

On-chain assets gated by verified identity. Holders prove accredited investor status or jurisdiction eligibility without revealing personal data to a smart contract.

DeFi RWA Permissioned
💱

Stablecoin compliance

Issuers gate mint and transfer to wallets holding valid jurisdiction credentials. MiCA and MAS compliance built in at the protocol level.

Stablecoins MiCA MAS
🤖

AI agent authorisation

Autonomous agents carry verifiable credentials proving their operator, authorised scope, and compliance status. Every action is cryptographically attributable.

Agentic AI Audit trail Liability
🎓

Academic credentials

Universities issue tamper-proof degree certificates as verifiable credentials. Employers verify in seconds without calling the institution.

Education HR Portability
⚕️

Healthcare access

Patients share specific health attributes with providers — vaccination status, prescription authorisation — without exposing their full medical record.

HIPAA NHS Privacy
Technical flow

Four steps from issuance to on-chain verification

01

Key generation

ML-DSA keypair created inside HSM. Public key forms the DID. Private key never exported.

02

Credential issuance

Issuer signs a W3C VC with their HSM key. Claims committed to an RPO-256 Sparse Merkle Tree.

03

ZK proof generation

Holder generates a FRI-STARK proof of selected claims. Verifier learns nothing beyond what was chosen.

04

On-chain verification

Smart contract checks proof against anchored Merkle root. Revocation status queried — no gas for reads.

Hardware security

Production HSMs, today

Both major enterprise HSM vendors ship native post-quantum support in their latest firmware. No custom modules needed.

Thales Luna HSM v7.9+

ML-DSA and ML-KEM natively integrated into firmware. FIPS 140-3 Level 3 certified. Available now via standard PKCS#11.

ML-DSA (FIPS 204) ML-KEM (FIPS 203) SLH-DSA LMS/HSS

Entrust nShield v13.8+

NIST CAVP validated for ML-DSA, ML-KEM and SLH-DSA. FPGA-accelerated signing. FIPS 140-3 Level 3 submitted.

ML-DSA (CAVP) ML-KEM (CAVP) SLH-DSA (CAVP) FPGA accel.

The quantum clock
is already ticking

Start your migration today. Elabify works alongside your existing identity infrastructure — no rip-and-replace required.

Try the live demo → Get in touch