Back to Blog

Protego: The Wallet That Lets You Prove Anything—Without Giving Everything

August 13, 2024
web3
identity
security
crypto
Protego Wallet

The web is evolving. We're moving from a world of data silos to one where you can prove facts about yourself without handing over your life story. This is the promise of Protego—a decentralized credentials wallet that turns identity from something you upload into something you hold and selectively reveal.

Here’s how the shift works: you collect credentials (ID, school transcripts, licenses) from trusted issuers, they’re cryptographically signed into your wallet, and when a site needs proof—age, degree, address—you present a verifiable proof rather than raw data. No central honeypot. No endless re-onboarding. Just receipts, not dossiers.

Why Now: The Data Demands It

  • Breaches are expensive. The global average breach cost was $4.88M in 2024; in finance it was $6.08M. IBM’s latest update pegs the 2025 global average at $4.4M (a dip, but still brutal).
  • KYC is heavy. U.S./Canada financial crime compliance now costs $61B annually; EMEA runs $85B. Per client, KYC reviews average ~$2,600 (commercial) and can hit $6k on average (with highs to $25k). Cycle times: ~95–100 days for corporate onboarding at many banks.

Protego’s value proposition is blunt: move KYC and verification to reusable, digitally signed credentials held by users. You slash what you store, collapse onboarding time, and still raise assurance.

The Standards Are Ready

  • Verifiable Credentials 2.0 (VC 2.0)—the W3C spec for tamper-evident credentials and presentations—shipped as a Recommendation in May 2025. It explicitly supports zero-knowledge proofs (ZKPs), e.g., “over 18” without revealing your birthdate.
  • Decentralized Identifiers (DIDs) became a W3C Web Standard in **July 2022**, giving us identifiers not bound to a single provider.
  • Selective disclosure is real, not theoretical: the W3C BBS+ cryptosuite enables unlinkable, minimal disclosures; ISO 18013-5 (mobile driver’s license) natively supports selective sharing (e.g., “21+” only).
  • Issuance & flows are converging on OID4VCI (OpenID for Verifiable Credential Issuance), now in fresh drafts for high-assurance profiles. Translation: wallets, issuers, and verifiers can interop without bespoke plumbing.
  • In the EU, eIDAS 2.0 and the EU Digital Identity (EUDI) Wallet moved from law to implementation regs in 2024–2025, giving legal effect to digitally signed attributes across borders.

The rails exist. Protego can be built on mature specs—not “yet another login.”

How Protego Works

  1. Issuer → Wallet. A university, bank, or government signs your credential (transcript, banked address, license). It lands encrypted in your wallet as a VC bound to your DID.
  2. Holder → Verifier. A site asks for proof: “18+, degree from X, address in Joburg.” You generate a verifiable presentation that discloses only what’s requested—optionally via ZKPs.
  3. Revocation & freshness. Verifiers check signatures and status lists (revoked/suspended) without learning anything else about you. (W3C bitstring status lists are built for privacy-preserving revocation at scale.)

This flips the Web2 model: companies validate proofs, not hoard data.

A Concrete Flow: Age-Gating Content

Age checks are hardening fast (UK Online Safety Act and new Ofcom codes; Australia’s under-16 rules), and YouTube has begun rolling out AI-assisted age verification with fallbacks to government ID or credit card. Protego would let you satisfy those checks using selective disclosure—proving “18+” from a signed ID credential—while the platform stores only a cryptographic result, not your ID image.

If your jurisdiction issues mDLs (ISO 18013-5), wallet-to-app sharing already supports just the attributes needed; Apple’s Wallet docs even describe verifying identity in apps with selective share. This is exactly the pattern age-gates need.

What Changes for Companies

  • Radical data minimization. Holding less PII lowers breach blast radius and response costs—remember the $4.4–4.88M per breach. Even partial substitution of stored documents with verifiable proofs materially shifts risk (and cyber insurance posture).
  • Faster, cheaper onboarding. Reusable credentials curb the 95–100-day corporate onboarding slog and the $2.6k–$6k+ per-client KYC burn. Multiply by thousands of accounts and you’re suddenly talking board-level savings.
  • Higher assurance, lower fraud. Signed credentials from regulated issuers plus revocation/status checks beat PDFs and screenshots. (Microsoft, EBSI, and others already implement StatusList 2021-style revocation.)
  • Regulatory alignment. EUDI Wallets, Ofcom guidance, and OpenID profiles point to the same future: prove attributes, don’t stockpile them.

The Protego Blueprint

  • Wallet UX with DID key management, secure backup, and hardware-bound keys (WebAuthn/TEE).
  • Issuance connectors (OID4VCI) for governments, universities, banks; multi-format support (W3C VC, SD-JWT VC, ISO mdoc).
  • Selective disclosure stack: BBS+ for unlinkable minimal proofs; SD-JWT for broad ecosystem compatibility; ZK predicate proofs for “≥ age” or “degree == true.”
  • Revocation at scale with W3C Bitstring Status Lists; privacy-preserving checks; audit trails for relying parties.
  • Trust lists & governance (who can issue what) aligned with eIDAS/QEAA and sector registries.
  • Edge privacy: on-device proof generation, ephemeral presentations, and policy-based disclosure (e.g., “never share birthdate”). (Apple’s mDL approach shows the pattern.)

Will This Eliminate All Breaches?

No system eliminates breaches. But Protego drastically narrows the blast radius by:

  • keeping source documents off the verifier’s servers,
  • converting many checks into math, not storage, and
  • enabling instant invalidation via revocation/status.

Even a modest cut in retained PII can be worth millions per incident avoided or softened.

The Future of Identity

Picture onboarding that feels like Apple Pay: tap your wallet, consent to “share: age-over-18,” and a verifier sees yes/no with a signature—not a scan of your passport. Picture transcripts as portable proofs: an employer verifies a degree in seconds without pinging your university. Protego is that vision: a wallet that lets people prove themselves without becoming a product.

If Web2 was “collect, store, hope,” Web3 identity is “prove, verify, move on.”