PART - 2 - ARCHITECTURE AND TECHNICAL DESIGN

M

Qubits of DPK

March 27, 2026

Core Metaplay

7️⃣ System Architecture

The Five Layers

plain text
QUBITS OF DPK
1Client Layer
2  └─ React dApp (Frontend) + Smart Wallet (ERC-4337)
345Execution Layer (L2)
6  └─ zkSync Era (zkEVM Rollup) + Paymaster Contract
789Contract Layer
10  └─ ContentRegistry.sol + GovernanceDAO.sol
111213Storage Layer
14  └─ IPFS (fast retrieval) + Arweave (permanent backup)
151617Settlement & Indexing Layer
18  └─ Ethereum L1 (final settlement) + The Graph Substreams (search/query)

What Each Layer Does

Client Layer The interface users see. Built in React. Powered by smart wallets — users log in with Google, never touch crypto directly. Paymaster sponsors gas so users never pay fees.
Execution Layer Where all the smart contract logic runs. zkSync Era processes transactions fast and cheap, then posts a compressed zk proof to Ethereum L1 for final security settlement.
Contract Layer Two main smart contracts:
  • ContentRegistry.sol — records all content metadata (who uploaded what, when, CID)
  • GovernanceDAO.sol — handles all voting and governance decisions
Storage Layer
  • IPFS stores the actual course content with a content hash (CID) for integrity
  • Arweave permanently backs up the same CID — even if IPFS nodes drop it, Arweave never will
Settlement & Indexing Layer
  • Ethereum L1 is the final court of truth — all zk proofs are settled here
  • The Graph indexes all events into a queryable GraphQL endpoint for fast search

Content Publishing Flow (Step by Step)

  1. #
    Creator uploads course via the dApp
  2. #
    Paymaster contract sponsors the gas — creator pays nothing
  3. #
    File is stored on IPFS and gets a Content Identifier (CID)
  4. #
    Same CID is simultaneously pinned to Arweave for permanent backup
  5. #
    CID is recorded in ContentRegistry.sol on zkSync Era
  6. #
    A zk proof of the batch is posted to Ethereum L1 for settlement
  7. #
    The Graph indexes the ContentPublished event
  8. #
    Content is now searchable via GraphQL — sub-second queries

8️⃣ ️ Privacy-Preserving Skill Verification

Why Regular NFTs Fail as Certificates

Soulbound Tokens as the Solution

SBTs are ERC-5114 compliant tokens that are:
  • Bound permanently to one wallet (the learner's smart wallet)
  • Non-transferable — the transfer() function is disabled
  • Revocable — the issuing institution can call revoke() if fraud is detected

The zk-SNARK Credential Circuit — With Full Layman Explanation

This is the most technically sophisticated part of the paper. Here's how it works, step by step.

The Goal

Prove "I passed this course" without revealing your score, your identity, or any private data.

The Inputs

Private Inputs (only you know these — never leave your device):
  • s — your actual assessment score (e.g., 87)
  • id — your learner identifier
  • σ_issuer — the institution's digital signature on your result
  • r — a blinding factor (a random number used to hide your data in the commitment)
Public Inputs (everyone can see these — stored on-chain):
  • com — a Pedersen commitment (a cryptographic "sealed envelope" containing your data)
  • τ — the passing threshold (e.g., 60)
  • pk_issuer — the institution's public key (used to verify their signature)

The Three Mathematical Assertions the Circuit Checks

plain text
QUBITS OF DPK
1Assertion 1:   s ≥ τ
2               Your score must be ≥ the passing threshold.
3
4Assertion 2:   Verify(pk_issuer, σ_issuer, id∥s) = 1
5               The institution's signature on your (identity + score) must be valid.
6
7Assertion 3:   com = Pedersen(id, s; r)
8               The sealed envelope must correctly contain your identity and score,
9               locked with the blinding factor r.

Layman Explanation of Each Assertion

Assertion 1 — Did you pass?
The circuit checks: is your score ≥ the minimum required? Simple enough. But critically — it checks this without ever showing your score to anyone.
Assertion 2 — Did a real institution sign this?
The circuit checks: did the actual institution (with the known public key) sign your result? This prevents you from making up a fake certificate. The institution's digital signature is the equivalent of a university's official stamp — mathematically unforgeable.
Assertion 3 — Is your "sealed envelope" honest?
The Pedersen commitment (com) is like a sealed envelope containing your identity and score. The circuit checks that the envelope genuinely contains what you claim — using the blinding factor r as a kind of wax seal. Without r, nobody can open the envelope. But they can verify it's sealed correctly.
 Full Analogy: Imagine you took an exam. You put your marksheet in a sealed envelope, sign across the seal, and hand it to an institution. The institution verifies the seal is unbroken and your signature matches. They know the envelope is genuine without opening it. That's exactly what the zk-SNARK does — mathematically.

What Gets Stored On-Chain

Only three things: (com, π, pk_issuer) — the sealed envelope, the proof it was verified, and the institution's public key. No name. No score. No personal data.

Why This is Efficient

Verification happens in O(1) gas — exactly three pairing operations (mathematical checks). Fast and cheap, regardless of how complex the underlying proof is.

Properties Guaranteed

9️⃣ Decentralized Governance — Identity-Gated Quadratic Voting (IGQV)

Why Previous Governance Models Failed

Token-weighted voting (1 token = 1 vote): Rich users accumulate tokens → they control all decisions. This is plutocratic capture.
Pure Quadratic Voting (without identity): Quadratic voting makes votes expensive — but there's a fatal flaw.
If an adversary has a budget B, they create n Sybil (fake) accounts. Each account gets B/n credits and casts √(B/n) votes. Total votes across all accounts = n × √(B/n) = √(nB) votes.
The fix: Combine quadratic voting with identity gating — you can only vote if you hold a verified, non-transferable SBT identity credential. Creating fake identities has a real-world cost.

The IGQV Algorithm — Step by Step

plain text
QUBITS OF DPK
1INPUT:  Proposal ID, Set of voters, Maximum credit budget per identity (C_max)
2OUTPUT: Approved or Rejected
3
4Step 1: Initialize vote counters → FOR = 0, AGAINST = 0
5
6Step 2: For each voter in the voter set:
7   a. Check on-chain: does this voter hold a valid Identity SBT?
8   b. If NO → skip this voter (they are a Sybil or unverified)
9   c. If YES → receive their credit allocation (c_v ≤ C_max) and their choice (For/Against)
10   d. Calculate votes = floor(√c_v)     ← THE QUADRATIC PART
11   e. Add votes to FOR or AGAINST counter
12   f. Deduct c_v from their credit balance on-chain (can't vote twice)
13
14Step 3: If FOR > AGAINST → Approved, execute proposal
15        Otherwise → Rejected

Layman Walk-Through

You want to vote on a proposal. Before you can vote, the system checks: do you have a verified identity SBT? If yes, you get credits based on your participation history. You choose how many votes to cast — but each extra vote costs you quadratically more credits. If you want 3 votes, you pay 9 credits. If you want 5 votes, you pay 25 credits.

The Formal Theorem — IGQV Vote Bound and Cost Deterrence

The Theorem (as stated in the paper)

Under IGQV, with per-identity credit cap C_max and vote function v(c) = ⌊√c⌋, an adversary controlling n verified identities can cast at most n × ⌊√C_max⌋ votes.

What This Means in Plain English

The maximum votes any adversary can cast = (number of fake identities) × (√max credits per identity)
So if C_max = 100 credits per identity:
  • 1 identity → max 10 votes
  • 10 identities → max 100 votes
  • 100 identities → max 1000 votes
It scales linearly with the number of identities — not quadratically.

The Key Insight — Why This Still Works

The theorem admits that IGQV doesn't fully eliminate vote amplification from multiple identities. But here's the critical point:
Getting each verified identity costs real money (denoted κ in the paper — the external identity acquisition cost).
 Analogy — Voter ID Laws: Requiring a real government ID to vote doesn't make it impossible to vote multiple times (someone could get multiple IDs via fraud). But it makes each fraudulent vote extremely expensive and risky. That cost is the deterrent.

Proof Summary

For each verified identity i, IGQV enforces c_i ≤ C_max, so maximum votes from that identity = ⌊√C_max⌋.
Summing across n identities: V_adversary ≤ n × ⌊√C_max⌋
If each identity costs κ to acquire: adversary pays at least n × κ in addition to on-chain costs.
Therefore: the more expensive identity verification is (higher κ), the more resistant IGQV becomes to Sybil attacks. This is an economic deterrence property, not a cryptographic guarantee.