CertifyChain

CertifyChain — A Secure Bridge from Online Certificates to Verifiable Self-Bound Tokens

GitHub Repo with full docs and images

DESCRIPTION

Today, the number of fake and forged certificates is growing quickly, making it hard to know which ones are real. Certificates from platforms like Udemy, Coursera, AWS, or Cisco can be checked manually by the specific providers, but this process is slow and not practical for many users.

CertifyChain solves this problem by letting users create a soulbound NFT from their verified certificate. This token works as clear, on-chain proof that the certificate is real, original, and not fake.

CertifyChain transforms traditional Web2 course certificates (e.g., from Udemy) into self-bound NFTs, providing verifiable, non-transferable proof of achievement on-chain. It also supports privacy-preserving credentials by creating private soulbound NFTs and deriving “view” NFTs for selective data disclosure, using on-chain commitments and signatures to verify authenticity without revealing full certificate details.

To issue a token, the user simply uploads their certificate in PDF format. The system then performs a two-step verification process:

• Server-side validation — the certificate is verified through the issuing authority’s API to confirm its authenticity. For current version of project it was created functionality to verify the certificate for Udemy, but in the same way it caan be expanded for another platforms like: Coursera, AWS, Cisco etc.
• On-chain validation — the system checks that no identical certificate has been minted before, ensuring its uniqueness.

Once both checks are successfully completed, the user can mint a self-bound NFT directly to their wallet. This NFT permanently proves ownership of the specific certificate and cannot be transferred, making it a trustworthy credential in the Web3 world.

Server-side verification is performed by checking the certificate ID through the issuing authority’s API. For example, each Udemy certificate includes a unique certificate hash, which is used to confirm its authenticity.

The certificate hash is automatically extracted using AI-powered OCR (Optical Character Recognition) algorithms. Once identified, the backend sends a verification request to the certificate authority’s API to confirm its authenticity.

If a user submits an invalid certificate, the verification process will reject it, and the transaction will be reverted.

After successful verification, the system encrypts the entire certificate file and sends it to the smart contract, which checks whether this certificate has already been published on-chain.

Finally, the user can mint a soulbound NFT, which serves as a verifiable, non-transferable proof of certificate ownership.

Non-decrypted view (Private NFT)

Decrypted view

Controlled Disclosure and Access

“View” NFTs let the holder of a private CertificateNFT share only selected certificate attributes. A View NFT is a non-transferable token that points to the base certificate and encodes an access policy (time-limited and/or link-gated). Only the certificate holder can mint a View NFT, ensuring holder-controlled disclosure.

How it works: The holder decrypts their private certificate locally with a wallet-derived key (the key and plaintext never leave the device), chooses which fields to reveal, and creates a disclosure package (fields + proofs). They then mint a View NFT that references the base certificate and locks its transfer.

Disclosure modes:

• Public view: the selected fields (and their proofs) are published as open JSON.
• Link-based view: the selected fields (and proofs) are encrypted client-side; access is granted via a shareable link that automatically expires at the time set by the holder.

After minting, the contract stores the reference to the base certificate and marks the View NFT as locked (non-transferable). The holder can create multiple View NFTs with different field sets and expirations for different audiences.

Verification Paths

Next step (after completing View NFTs): add zero-knowledge verification so anyone can confirm that a disclosed attribute in a View NFT comes from its underlying private CertificateNFT—without trusting our backend and without seeing raw values, salts, or Merkle branches.

Main idea: the holder generates a zk proof off-chain that recomputes the commitment from the selected fields to the certificate’s on-chain Merkle root. The smart contract verifies this proof, ties it to a fixed code identity, and checks it against the root stored in CertificateNFT. This delivers content-based verification, protects privacy, prevents replay, and avoids reliance on a trusted setup. We plan to implement this with a general-purpose zkVM (e.g., RISC Zero) so we can keep the workflow simple while enabling on-chain verification of the proof.

TELEGRAM USER NAME

Telegram User Names

tg: @dimon22856 (alt: @delik17)

VIDEO DEMO – https://youtu.be/RmAeutZutkg

BACKEND (AI‑powered FastAPI)

• AI OCR + CV: Tesseract, pdf2image, and OpenCV extract fields (name, course, certificate ID) from Udemy certificate PDFs.

• Web verification: Headless Chrome (Selenium) scrapes the public Udemy certificate page and cross‑checks extracted fields.

• Cryptography: Builds a keccak256 Merkle tree with per‑field 32‑byte salts; returns field proofs for selective disclosure.

• Signing: EIP‑712 Mint payload signed by an issuer key; used by the dApp to mint the private SBT and View NFTs.

• API: `POST /api/verify_certificate` (PDF), `POST /api/sign-mint`.

The contract address:

• CertificatePrivateNFT: 0x67deeAcfA815903f48605d85B5279D9c729969B0 — Chain: Paseo PassetHub

BOUNTIES

Smart Contract dApp Development on Paseo testnet – $3400

• What we built: A privacy-preserving credential system using two contracts:

1. CertificatePrivateNFT — mints a soulbound NFT per verified certificate; stores an on-chain cryptographic commitment (hash), while encrypted attributes remain off-chain.

2. CertificateViewNFT — issues shareable “view” NFTs that disclose only selected fields.

   • Why it fits the bounty: Original Solidity dApp, deployed on a Polkadot EVM testnet, clear UX (mint, derive views, share links), and practical impact for verifiable education credentials.

   • Frontend: Minimal UI to upload/verify a certificate, mint the private SBT, and generate view NFTs for selective disclosure.

More information about the project is available in the GitHub repository above.