The Protocol
in full.
Breath Protocol turns a single breath into lifelong proof — a Sybil-resistant Web3 credential anchored on-chain, without centralized biometric databases.
This document describes the architecture, cryptography, and hardware oracle that compose the protocol. It is intended for engineers, auditors, and integrators evaluating the system.
At its core, Breath Protocol triangulates three immutable biological signals — breath patterns, facial micro-structure, and thermal vitality — and compresses them into a Zero-Knowledge Proof verified directly on the blockchain. The result is a universal Proof of Personhood: comparable to the World ID standard, but distinct in its methodology.
A user breathes in the physical world, and their humanity is instantly proven on the digital ledger.
What this document covers
- System architecture and component boundaries
- The Zero-Knowledge Proof construction and verifier circuit
- Hardware Oracle trust model and attestation flow
- API endpoints for verification and attestation
- Common questions and operational considerations
Architecture.
Breath Protocol is composed of three layers — capture, proof, and settlement. Each layer exposes a narrow interface to the next, so that a compromise at one tier cannot trivially propagate.
Capture layer
The user approaches a Breath device — either a paired hardware sensor or a camera-only client running the Breath Mode profile. The capture layer extracts the three signals locally; raw biometrics never leave the device.
Proof layer
Captured signals are passed into a Zero-Knowledge circuit running inside the device's secure enclave. The circuit emits a succinct proof attesting that the three signals belong to a single live human, and that the resulting commitment is unique.
Settlement layer
The proof is broadcast on-chain to a verifier contract. On valid verification, the contract emits a Proof of Personhood credential — a Sybil-resistant identity primitive that downstream applications can read.
Zero-Knowledge Proof.
The proof of humanity is not a recording of a face or a breath — it is a cryptographic statement: "I know inputs that satisfy the human-liveness predicate, and I have committed to them in a way that produces a unique nullifier." Verifiers learn that the predicate was satisfied. They learn nothing about the inputs.
The predicate
The circuit accepts three private witnesses (breath rhythm vector, facial micro-structure embedding, thermal vitality reading) and a public claim (the device's attestation key). It is satisfied when:
- The breath rhythm is consistent with a live exhale (pattern entropy in a documented range)
- The facial micro-structure embedding is well-formed and within the population manifold
- The thermal vitality reading falls inside the human blood-flow window
- The combined commitment yields a globally unique nullifier
Soundness
An adversary holding only synthetic media cannot satisfy all three predicates simultaneously. Deepfakes pass facial checks but fail thermal vitality; thermal spoofs fail breath rhythm; replays produce known nullifiers and are rejected.
// Pseudocode
proof = Circuit.prove({
privateInputs: { breath, faceEmbedding, thermal },
publicInputs: { deviceAttestation, nonce }
})
valid = Verifier.verify(proof, { deviceAttestation, nonce, nullifier })Hardware Oracle.
The device behaves as a hardware oracle. Its attestation key is provisioned at manufacture, lives only in the secure enclave, and signs every proof it produces. The on-chain verifier maintains a registry of attestation keys; revoked keys cannot generate accepted proofs.
Why hardware
Software-only proofs are vulnerable to attacker-controlled inputs: a malicious client can synthesize the witnesses. Hardware attestation binds the proof to a specific physical device that captured the signals locally — closing the synthetic-input attack surface.
Zero friction
The user is not asked to type, swipe, or perform unnatural gestures. They approach the device and breathe. This is the design constraint: biometric validation at the technical barrier of zero. A protocol that cannot be used at planetary scale is not a protocol — it is a demo.
API.
The verification service exposes a small REST surface for partners integrating Proof of Personhood into their flows. All endpoints are public, rate-limited, and require an attested proof in the request body.
Verify a face proof
POST /verify/face
{
"proof": "0x…",
"publicInputs": { … },
"deviceAttestation": "0x…"
}
200 OK
{
"personhood": "0x…",
"expiresAt": 1735689600,
"device": "verified"
}Verify a breath proof
POST /verify/breath
{
"proof": "0x…",
"publicInputs": { … },
"deviceAttestation": "0x…"
}Read a personhood credential
GET /personhood/:address
200 OK
{
"address": "0x…",
"verified": true,
"lastAttested": 1735689600
}FAQ.
Does Breath Protocol store my biometrics?
No. Raw biometrics never leave the capture device. The protocol works on cryptographic commitments and Zero-Knowledge proofs — the network observes only that you are human, not how.
What happens if my device is lost or revoked?
Personhood credentials are bound to nullifiers, not to devices. A user who re-attests on a new device produces a credential that the network can stitch to their previous one through a recovery handshake — without leaking either side of the link to outside observers.
How is this different from World ID?
Both establish Sybil-resistant proof of personhood. Breath Protocol differs in its capture surface — non-invasive respiration plus facial micro-structure plus thermal vitality, instead of iris scanning. The hardware design philosophy is "zero friction": no orb, no enrollment ceremony, no specialized site visit.
Can I run the protocol without the dedicated hardware?
Breath Mode (camera-only) is supported for liveness checks where thermal vitality is not required. Thermal Mode (paired sensor) is required for the highest assurance level used by financial and access-control applications.
Where is the source for the verifier?
The on-chain verifier contract and the Zero-Knowledge circuit are open source. Audit reports and reproduction instructions ship alongside each release. Drop us a note at contato@breath.id.