zkSecurity, a team of experts in advanced cryptographic solutions, have completed and released Mina Attestations (formerly Private Credentials API) in response to the RFP: Mina Attestations Standard. This powerful TypeScript library implements private attestations, allowing users to selectively disclose personal information using zero-knowledge proofs while maintaining privacy and security.
Hacken Security Audit
Before its release, Mina Attestations underwent a thorough audit by Hacken, a trusted blockchain security auditor. The audit encompassed the attestation library, its cryptographic foundations, and the implementation on Pallad. All security-relevant issues identified as critical, high, medium, and low severity have been addressed. Security auditing is now complete, ensuring the library is ready for production use. See the full report and findings here. There is also a 1-month bug bounty for Mina Attestations live on Hackenproof, starting this week.
What Are Private Attestations?
Private attestations involve three key parties in a secure flow:
- Issuer: Makes statements about users and provides credentials (like a government issuing a passport)
- User: Owns credentials and creates selective presentations that reveal only necessary information
- Verifier: Requests specific information contained in credentials (like a crypto exchange verifying you’re not from a restricted country)
In cryptographic terms, credentials are signed data, while presentations are zero-knowledge proofs about those credentials. This system allows users to prove facts about themselves without revealing unnecessary personal details.
Key Features
Mina Attestations delivers a comprehensive toolkit for implementing private attestation flows:
- Full support for issuing credentials and handling presentations (requesting, creating, verifying)
- Import real-world credentials (passports, emails) by wrapping them in zero-knowledge proofs
- User-friendly selective disclosure logic using the embedded Operation DSL
- Designed for wallet integration, with the Pallad wallet integration available and audited (and “Mina Credential” on Auro Wallet ready for testing)
- Strong cryptographic guarantees for ownership, privacy, unforgeability, unlinkability, and context-binding
The library supports two types of credentials:
- Native Credentials: authorized by Mina signatures for maximum efficiency
- Imported Credentials: authorized by zero-knowledge proofs, enabling integration with existing systems. Currently available imported credentials include:
- ECDSA credential (Ethereum-style signatures)
- ZkPass credential for web interaction validation (age, nationality, KYC, etc)
Get Started Today
The Mina Attestations library is now audited and available on npm for all modern JavaScript runtimes.
Watch the demo to see private attestations in action! Join the #credential-and-id-builder channel on Discord to connect with the community and stay updated on the latest developments. You can also explore the GitHub repository to dive into the technical details and start building with Mina Attestations today.
Whether you’re developing identity solutions, privacy-preserving applications, or exploring new ways to handle sensitive data, Mina Attestations provides another piece of key cryptographic infrastructure for the private, provable internet.
About Mina Protocol
Mina is the world’s lightest blockchain, powered by participants. Rather than apply brute computing force, Mina uses advanced cryptography and recursive zk-SNARKs to design an entire blockchain that is about 22kb, the size of a couple of tweets. It is the first layer-1 to enable efficient implementation and easy programmability of zero knowledge smart contracts (zkApps). With its unique privacy features and ability to connect to any website, Mina is building a private gateway between the real world and crypto—and the secure, democratic future we all deserve.
