project / 2025-26
Privacy systems / full-stack build
ZK Guardian
A privacy-first healthcare prototype exploring zero-knowledge consent verification for FHIR workflows without exposing patient identity on-chain.
- built with TypeScript / React Native / Expo / Node.js / Express / Circom / Solidity / Polygon Amoy / FHIR R4
- source View source ↗
notes on the build
Challenge
ZK Guardian starts with a direct question: how do you prove a clinician had valid consent to access data without publicly revealing who accessed what?
That framing keeps the privacy boundary explicit from the start instead of adding it later as a claim.
Approach
The project combines several layers:
- a mobile app for consent and audit visibility
- a Node/Express gateway for orchestration
- Circom circuits for proof generation
- Solidity contracts for on-chain audit records
- FHIR examples to keep the healthcare side grounded
The chain only sees hashes and proofs. The architecture is built so consent can be verified without exposing identity data on-chain.
Why it matters
The cryptography is tied to a concrete boundary: healthcare access, auditability, consent, and emergency handling.
Why it matters to me
It stays here because it sits at an intersection I keep returning to: serious user needs, strong privacy constraints, and architecture that has to be precise to be useful.
what mattered
- Zero-knowledge audit flow built around consent verification rather than identity disclosure.
- Mobile, gateway, contracts, circuits, and FHIR examples kept in one coherent repository.
- Explicit privacy boundary: no PII or PHI stored on-chain.
next project