This document is gated

You need a Zene identity to view this content.
Registration takes ~15 seconds.
Sign-in runs on an immutable Arweave page.
Your Google identity never leaves your browser.
Sign out
Zene

Privacy-Preserving
Sign Up & Recovery

Using immutable Arweave pages and Chainlink CRE confidential compute. No server ever sees your Google identity.

Chainlink Convergence · Privacy Track

Registration Flow

1Passkey (Face ID)Device
WebAuthn credential created. PRF extension derives cryptographic salt from biometric.
salt = HKDF(PRF(passkey), "zene-salt-v1")
2Redirect to ArweaveImmutable
Salt passed via URL fragment (never to any server). Page is immutable, auditable by anyone.
3Google Sign-In → Auth CodeArweave
Google Identity Services runs on Arweave page. Auth code obtained (not token).
4CRE: Confidential Token ExchangeChainlink DON
Auth code + salt → Chainlink DON. Each node in TEE independently exchanges code for Google sub via Confidential HTTP. Nodes reach consensus.
5CRE: Compute HashTEE
Identity hash computed inside encrypted memory. Google sub never leaves the TEEs.
hash = keccak256(salt + googleSub)
6On-Chain RegistrationAvalanche
CRE writes hash to ZeneRegistry via EVM Client. Google identity never touches the chain.
ZeneRegistry.register(hash, address)

Daily Sign-In = Just Face ID

Arweave + CRE only for registration & recovery.

FACE ID → CHAIN → DONE

Passkey → On-Chain Resolve → Signed In

Sub-second. No server. No Google. No seed phrase.

Registration

Passkey + Google via Arweave + CRE. Runs once. Creates on-chain identity.

Recovery

Lost device? Same flow: Google via Arweave + CRE → same hash → same identity.

Zene

Status & Links

Arweave sign-in page live & wired into SDK

ZeneRegistry deployed on Avalanche Fuji

CRE workflow coded & simulation passing

Passkey + Google + on-chain demo working

CRE deploy pending Chainlink team approval

GitHub ↗

Built solo · 2026 · Privacy Track

1/4