# How It Works

ZK-Provenance uses a 4-step process to generate verifiable proofs without revealing your data.

## The Flow

```
Your Data → Hash → ZK Proof → On-Chain Attestation → Verify
```

## Step 1 — Data Commitment

Your document (PDF, CSV, or JSON) is hashed locally in your browser using **Poseidon-128** over the **BN254 elliptic curve**:

```
commitment = Poseidon(data, nonce)
```

* The original data **never leaves your device**
* The nonce adds randomness — same data produces different commitments
* The commitment is mathematically binding — cannot be reversed

## Step 2 — Merkle Tree Construction

Your commitment is inserted into a **Merkle tree** (depth = 8):

```
           Merkle Root (public)
          /                    \
      Node_0                Node_1
     /      \              /      \
 Leaf_0    Leaf_1      Leaf_2    Leaf_3
   |
Poseidon(data, nonce)
```

The Merkle root is published on-chain. Your specific data position remains private.

## Step 3 — Groth16 Proof Generation

A **Groth16 circuit** (50,000 constraints) runs in your browser and proves simultaneously:

* ✅ Your data matches the commitment
* ✅ The commitment is included in the Merkle tree
* ✅ The timestamp is within a valid window
* ✅ The selected compliance policy was applied

**What the circuit reveals:** commitment, Merkle root, policy hash, timestamp range **What it hides:** your actual data, nonce, Merkle path

## Step 4 — On-Chain Attestation

The 288-byte proof is submitted to our **Anchor program** on Solana:

```
Program ID: E1kuGTachRuekJXgsPaeAEjMzbVMq4rhxAQQCxtehsB8
```

* Transaction confirmed in \~400ms
* Attestation PDA (Program Derived Address) created
* Permanent, tamper-proof record on Solana

## Verification

Anyone with the attestation link can verify:

1. Open Solana Explorer
2. Look up the transaction signature
3. The proof is mathematically verified — no trust required

```
Verification time: <1ms
Cost: $0.0001
Finality: ~400ms (Solana slot time)
```

## Technical Specs

| Parameter      | Value                        |
| -------------- | ---------------------------- |
| Proving System | Groth16                      |
| Curve          | BN254 (alt\_bn128)           |
| Hash           | Poseidon-128                 |
| Merkle Depth   | 8 (256 leaves)               |
| Constraints    | \~50,000                     |
| Proof Size     | 288 bytes                    |
| Trusted Setup  | Powers of Tau (Hermez, 2^12) |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.zkprovenance.io/introduction/how-it-works.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.