From 9fab42d3ab0db2d39766cc4f04dfdcfa891f707d Mon Sep 17 00:00:00 2001
From: 0xThemis <118167989+0xThemis@users.noreply.github.com>
Date: Tue, 26 May 2026 09:34:42 +0200
Subject: [PATCH 1/4] first version
---
.../biometrics/introduction.mdx | 74 +++++++++++++++++++
.../getting-started}/quicklocal.mdx | 0
.../getting-started}/quickstart.mdx | 2 +-
.../nullifiers/introduction.mdx | 24 ++++++
docs/identity-solutions/overview.mdx | 61 +++++++++++++++
.../passport-matching/introduction.mdx | 28 +++++++
docs/index.mdx | 29 +++++++-
docs/services/overview.mdx | 43 ++++++-----
docs/taceo-match/concepts.mdx | 31 ++++++++
docs/taceo-match/overview.mdx | 63 ++++++++++++++++
docs/taceo-oprf/api.mdx | 2 +-
docs/taceo-oprf/authorization.mdx | 2 +-
docs/taceo-oprf/overview.mdx | 10 ++-
docs/taceo-oprf/use-cases.mdx | 10 +--
docs/use-cases/attribution.mdx | 2 +-
docs/use-cases/identity.mdx | 2 +-
sidebars.ts | 36 +++++++--
src/pages/index.tsx | 5 ++
18 files changed, 386 insertions(+), 38 deletions(-)
create mode 100644 docs/identity-solutions/biometrics/introduction.mdx
rename docs/{taceo-oprf => identity-solutions/nullifiers/getting-started}/quicklocal.mdx (100%)
rename docs/{taceo-oprf => identity-solutions/nullifiers/getting-started}/quickstart.mdx (98%)
create mode 100644 docs/identity-solutions/nullifiers/introduction.mdx
create mode 100644 docs/identity-solutions/overview.mdx
create mode 100644 docs/identity-solutions/passport-matching/introduction.mdx
create mode 100644 docs/taceo-match/concepts.mdx
create mode 100644 docs/taceo-match/overview.mdx
diff --git a/docs/identity-solutions/biometrics/introduction.mdx b/docs/identity-solutions/biometrics/introduction.mdx
new file mode 100644
index 0000000..45887d1
--- /dev/null
+++ b/docs/identity-solutions/biometrics/introduction.mdx
@@ -0,0 +1,74 @@
+---
+title: Confidential Biometrics
+description: Biometric matching and verification in MPC - no plaintext biometric data exposed
+---
+
+# Confidential Biometrics
+
+Confidential Biometrics is enabled by [TACEO:Match](/docs/taceo-match/overview), TACEO's service for biometric feature matching in MPC. No plaintext biometric data leaves the user's
+device or passes through a single party. TACEO's threshold MPC stack evaluates biometric
+comparisons directly on secret shares, so the underlying templates are never reconstructed by
+any node, any server, or TACEO itself.
+
+:::tip Proven at global scale
+TACEO co-architected the MPC protocol now running **World**'s iris-code uniqueness system in
+production at global scale. The same threshold computation model - secret-share the sensitive
+data, compute on shares, verify the result - is the foundation Confidential Biometrics is built
+on.
+:::
+
+## Why biometrics are different
+
+Biometric data is unlike a password or a private key. You can rotate a key; you cannot rotate
+your iris or your palm.
+
+- **Irrevocable.** A leaked biometric template exposes a user forever. There is no recovery
+ path equivalent to "change your password."
+- **Population-scale damage.** Centralized biometric databases are prime target for attacks.
+- **Device-only matching is limiting.** Keeping templates on device protects privacy but
+ blocks the cross-organization checks that matter most: uniqueness across a system, sybil
+ detection, sanctions screening.
+- **Central servers break the trust model.** Sending raw templates to a verification server
+ requires trusting that server completely - with data that can never be changed if trust is
+ violated.
+
+Any architecture that solves these problems needs to run the comparison without ever
+centralizing the template in plaintext. That is exactly what MPC enables.
+
+## How MPC solves it
+
+The core mechanic: a biometric template is split into cryptographic secret shares and
+distributed across independent MPC nodes on the TACEO Network. No single node holds a
+meaningful fragment of the template. Comparison, matching, and uniqueness checks are then
+computed *on the shares directly*.
+
+**Step by step:**
+
+1. **Template enrollment.** The biometric template (e.g. an iris code) is secret-shared on
+ the user's device or dedicated hardware before it leaves. The shares are distributed to the MPC network.
+ No complete template exists outside the device.
+
+2. **Matching in MPC.** When verification is requested, the MPC nodes cooperate to evaluate
+ the comparison function (e.g. Hamming distance for iris codes) on their respective shares. Each node only ever sees its own share; the
+ comparison result is the only output.
+
+3. **Threshold security.** Templates are protected by the threshold assumption we know from MPC protocols.
+
+## What this enables
+
+| Use case | Why MPC makes it possible |
+|---|---|
+| **Population-scale uniqueness / sybil resistance** | Compare against an enrolled set without centralizing templates or revealing which record matched |
+| **Cross-org deduplication** | Organizations contribute to a joint check without sharing their underlying biometric data with each other |
+| **Anonymous identity verification** | Prove a biometric matches an enrolled identity without revealing *which* identity |
+
+## Underlying service
+
+The low-level concepts and service documentation live under
+[TACEO:Match](/docs/taceo-match/overview) in the TACEO Services section.
+
+For adjacent reading:
+- [Identity Solutions overview](/docs/identity-solutions/overview)
+- [Distributed Nullifiers](/docs/identity-solutions/nullifiers/introduction) - TACEO's
+ production OPRF-based nullifier service, same threshold MPC foundation
+- [Identity & Uniqueness use cases](/docs/use-cases/identity)
diff --git a/docs/taceo-oprf/quicklocal.mdx b/docs/identity-solutions/nullifiers/getting-started/quicklocal.mdx
similarity index 100%
rename from docs/taceo-oprf/quicklocal.mdx
rename to docs/identity-solutions/nullifiers/getting-started/quicklocal.mdx
diff --git a/docs/taceo-oprf/quickstart.mdx b/docs/identity-solutions/nullifiers/getting-started/quickstart.mdx
similarity index 98%
rename from docs/taceo-oprf/quickstart.mdx
rename to docs/identity-solutions/nullifiers/getting-started/quickstart.mdx
index 69bd237..02ada1c 100644
--- a/docs/taceo-oprf/quickstart.mdx
+++ b/docs/identity-solutions/nullifiers/getting-started/quickstart.mdx
@@ -139,7 +139,7 @@ The wallet ownership example uses **two zero-knowledge proofs**:
## Next Steps
### Experiment Locally
-Ready to experiment more? Set up your own [local OPRF network](/docs/taceo-oprf/quicklocal) for development.
+Ready to experiment more? Set up your own [local OPRF network](/docs/identity-solutions/nullifiers/getting-started/quicklocal) for development.
### Custom Authorization
Want to build your own authorization logic? Learn about [Authorization Modules](/docs/taceo-oprf/authorization).
diff --git a/docs/identity-solutions/nullifiers/introduction.mdx b/docs/identity-solutions/nullifiers/introduction.mdx
new file mode 100644
index 0000000..9d3f769
--- /dev/null
+++ b/docs/identity-solutions/nullifiers/introduction.mdx
@@ -0,0 +1,24 @@
+---
+title: Distributed Nullifiers
+description: Threshold-secured deterministic nullifiers via TACEO:OPRF
+---
+
+# Distributed Nullifiers
+
+Distributed Nullifiers is enabled by [TACEO:OPRF](/docs/taceo-oprf/overview). TACEO's production service for computing threshold Oblivious Pseudo-Random Functions (OPRFs).
+
+A nullifier derived from a single secret is only as safe as that secret. TACEO's distributed
+approach requires a threshold of independent MPC nodes to cooperate before any nullifier can be
+evaluated, so no single party - including TACEO - can link or deanonymize your users even if user secrets are compromised partially compromised. Beyond nullifiers, TACEO:OPRF can serve any use case requiring distributed, verifiable pseudorandomness.
+
+In production for [**World**](https://world.org/blog/announcements/world-id-full-stack-proof-of-human) and **zkPassport**.
+
+## Getting started
+
+Follow the [Quickstart](/docs/identity-solutions/nullifiers/getting-started/quickstart) to run
+your first OPRF computation against the live testnet in minutes.
+
+## Underlying service
+
+The low-level API, authorization modules, and concepts documentation live under
+[TACEO:OPRF](/docs/taceo-oprf/overview) in the TACEO Services section.
diff --git a/docs/identity-solutions/overview.mdx b/docs/identity-solutions/overview.mdx
new file mode 100644
index 0000000..7ce9e50
--- /dev/null
+++ b/docs/identity-solutions/overview.mdx
@@ -0,0 +1,61 @@
+---
+title: Identity Solutions Overview
+description: Privacy-preserving identity at global scale, powered by the TACEO Network
+---
+
+import Link from "@docusaurus/Link";
+
+# Identity Solutions on the TACEO Network
+
+TACEO's identity solutions power privacy-preserving identity systems at global scale.
+TACEO:OPRF is in production and trusted by partners including **World** and **zkPassport**, providing the
+backbone for anonymous, sybil-resistant identity verification.
+
+These solutions let developers build identity systems that verify without surveilling: nullifiers
+that can't be correlated, passport attributes that can be matched without exposure, and biometric
+checks that leave no plaintext trail.
+
+## Solutions
+
+
+
+
+
+### Distributed Nullifiers
+
+Privacy-preserving deterministic nullifiers computed by a threshold of independent MPC nodes.
+No single party can evaluate or link nullifiers on its own.
+
+**Best fit:**
+
+- ZK identity systems (like World ID) that need threshold-secured nullifiers
+- Anonymous voting and private credential systems
+- Wallet recovery without custodial key exposure
+
+[Learn more →](/docs/identity-solutions/nullifiers/introduction)
+
+
+
+
+
+### Private Passport Matching
+
+Match passport attributes across parties without revealing the underlying document data.
+Built on the same MPC network TACEO co-architected for zkPassport.
+
+[Learn more →](/docs/identity-solutions/passport-matching/introduction)
+
+
+
+
+
+### Confidential Biometrics
+
+Run biometric matching and verification in MPC - no plaintext biometric data leaves the user's
+device or passes through a single party.
+
+[Learn more →](/docs/identity-solutions/biometrics/introduction)
+
+
+
+
diff --git a/docs/identity-solutions/passport-matching/introduction.mdx b/docs/identity-solutions/passport-matching/introduction.mdx
new file mode 100644
index 0000000..c5eaa2f
--- /dev/null
+++ b/docs/identity-solutions/passport-matching/introduction.mdx
@@ -0,0 +1,28 @@
+---
+title: Private Passport Matching
+description: Match passport attributes without exposing document data
+---
+
+# Private Passport Matching
+
+Match passport attributes across parties without revealing the underlying document data.
+Built on the same MPC network TACEO co-architected for zkPassport.
+
+## The Problem
+
+Passports are the standard identity document in the physical world, making them a natural
+anchor for digital identity systems as well. But operating on passport data digitally requires
+careful handling: the underlying attributes are sensitive, tied to a real person, and cannot
+be rotated if compromised.
+
+A common mitigation is to hash the passport data before any comparison, so the raw document
+is never transmitted. This limits casual observers - but not the issuers. Passport-issuing
+authorities might hold the original data and can compute the same hashes, making users traceable to
+any party that issued their document.
+
+## The Solution
+
+TACEO:OPRF computes a nullifier over the passport hash using a threshold of independent MPC
+nodes. The resulting nullifier is deterministic - it uniquely identifies the user - but no
+single party, including TACEO or the document issuer, can compute it unilaterally. Knowledge
+of the passport's pre-image is no longer sufficient to derive or link the identifier.
diff --git a/docs/index.mdx b/docs/index.mdx
index 789af3c..ee93d06 100644
--- a/docs/index.mdx
+++ b/docs/index.mdx
@@ -18,15 +18,17 @@ We're best known for our identity work: TACEO Network is a privacy backbone for
global-scale identity systems, with services used by **World** and **zkPassport**. We're now bringing
the same stack to onchain finance through **Merces**.
-## Build private payments on the chain you already use
+## TACEO Solutions
-
+
+
+
### **Finance Solutions**
Private payments on the EVM chains you already use, built on Merces. Merces wraps ERC-20s like USDC into private balances, with compliance primitives at the protocol layer.
-**Live on Arc, Base, and Plasma testnets.** ~5M demo transactions, ~300 TPS, sub-cent gas on L2. Mainnet deployment in progress. The MPC protocol underneath is the same one TACEO co-architected for World's iris-code system, in production at global scale.
+**Live on Arc, Base, and Plasma testnets.** ~5M demo transactions, ~300 TPS, sub-cent gas on L2. Mainnet deployment in progress.
**Looking for design partners.** Stablecoin issuers, fintechs, and payment infrastructure teams shipping private rails to production. Talk to us.
@@ -39,6 +41,27 @@ Private payments on the EVM chains you already use, built on Merces. Merces wrap
+
+
+### **Identity Solutions**
+
+Privacy-preserving identity at global scale. TACEO:OPRF is in production for **World** and **zkPassport** - the same MPC backbone that powers iris-code uniqueness and private credential matching is available for your identity system.
+
+**In production.** Distributed nullifiers, private passport matching, and confidential biometrics, backed by a threshold MPC network with no single point of failure.
+
+**Looking for design partners.** Identity protocol teams and credential issuers building privacy-first systems. Talk to us.
+
+{/* prettier-ignore */}
+
+ Read Identity Solutions
+ Try the Quickstart
+ Become a Design Partner
+
+
+### **TACEO\:Match**
+
+_Distributed Biometric Matching_
+
+**Use when you need:**
+
+- Population-scale uniqueness checks without centralizing templates
+- Cross-organization deduplication without sharing biometric databases
+- Anonymous identity verification - prove a match without revealing which identity
+- Sybil resistance backed by irrevocable biometric uniqueness
+
+**Perfect for:**
+
+- Proof-of-uniqueness systems and anonymous credential issuance
+- Cross-border or cross-org fraud detection and deduplication
+- Privacy-preserving KYC and biometric verification
+- Any workload where biometric templates cannot be centralized
+
+{/* prettier-ignore */}
+Learn More
+
+
+
## Coming Soon
@@ -83,24 +108,6 @@ Private data structures and confidential shared state management across multiple
-
-
-### **TACEO\:Match**
-
-_Distributed Biometric Uniqueness_
-
-**In active integration**
-
-Privacy-preserving uniqueness matching and verification without requiring a single party to hold sensitive data such as biometric templates.
-
-
-
diff --git a/docs/taceo-match/concepts.mdx b/docs/taceo-match/concepts.mdx
new file mode 100644
index 0000000..eac4821
--- /dev/null
+++ b/docs/taceo-match/concepts.mdx
@@ -0,0 +1,31 @@
+# Concepts
+
+## What is a Biometric Template?
+
+A biometric template is a compact mathematical representation of a biometric measurement. An iris code, for example, might encode the texture pattern of an iris as a bit vector of 11k bits. The actual bit length depends on the feature extraction, whether it is iris, face or palm scans. All share that they are fixed-length vectors designed to make comparison cheap and reliable.
+
+The challenge is that these vectors are **sensitive and irrevocable**. Unlike a password hash, a leaked biometric template cannot be rotated. Any system that stores or transmits raw templates creates a permanent liability.
+
+## Secret Sharing
+
+Secret sharing splits a value into $n$ shares such that any subset of size $< t$ reveals nothing about the original value, while any subset of size $\geq t$ can reconstruct it. In TACEO:Match, each enrolled template is split into shares distributed across independent MPC nodes on the TACEO Network. No node holds a full template.
+
+For a deeper treatment of MPC and the secret-sharing primitives TACEO uses, see the [MPC Resources](/docs/resources/mpc) page.
+
+## The Matching Function
+
+Biometric matching reduces to computing a distance metric between two templates and checking whether it falls below a threshold:
+
+```
+match = distance(probe, enrolled) < τ
+```
+
+For iris codes, this is **Hamming distance** - the fraction of bit positions that differ. Is the Hamming distance below a certain threshold $τ$ we can deduce that two scans belong to the same person.
+
+TACEO:Match evaluates this distance function directly on the secret shares of the enrolled template, without reconstructing the template at any node. The same approach extends to other distance-based biometric representations (e.g. cosine similarity for face embeddings) by implementing the corresponding comparison circuit.
+
+## Composition with Nullifiers
+
+TACEO:Match and [Distributed Nullifiers](/docs/identity-solutions/nullifiers/introduction) are complementary primitives built on the same threshold MPC stack. Nullifiers derive a deterministic, unlinkable identifier from a secret input via OPRF; Match verifies that a biometric probe corresponds to an enrolled identity via MPC matching.
+
+A common composition: use Match to verify biometric uniqueness, then issue a nullifier tied to the verified identity. The user gets both sybil resistance (from Match) and unlinkability across interactions (from the nullifier).
diff --git a/docs/taceo-match/overview.mdx b/docs/taceo-match/overview.mdx
new file mode 100644
index 0000000..2086b6f
--- /dev/null
+++ b/docs/taceo-match/overview.mdx
@@ -0,0 +1,63 @@
+# TACEO:Match Overview
+
+TACEO:Match is a service on the TACEO network for biometric feature matching in MPC. It evaluates biometric comparisons directly on secret shares, so no plaintext template is ever reconstructed by any node, any server, or TACEO itself.
+
+## What Problem Does It Solve?
+
+**The Challenge**: Biometric data is irrevocable. You can rotate a password or a key; you cannot rotate your iris or your palm. Any architecture that centralizes biometric templates creates a permanent liability - a breach doesn't affect one user, it affects every enrolled user, forever. Sending raw templates to a verification server requires trusting that server completely, with data that can never be changed if that trust is violated.
+
+**The Solution**: TACEO:Match distributes the comparison across independent MPC nodes on the TACEO Network. No single node holds a meaningful fragment of any template. Matching runs on secret shares, and the only output is the comparison result - never the underlying biometric data.
+
+## How TACEO:Match Works
+
+### Key Features
+
+- **Secret-share enrollment**: Templates are split on the user's device before they leave. No complete template exists outside the device.
+- **Comparison on shares**: Matching functions (e.g. Hamming distance for iris codes) are evaluated directly on shares. No node reconstructs the template.
+- **Threshold security**: Results require cooperation of a threshold of independent nodes. No single party can produce or manipulate a result unilaterally.
+- **Biometric-modality-agnostic**: Iris codes today; extensible to other distance-based biometric representations.
+
+## Who Should Use It?
+
+### Identity Protocol Teams
+Building uniqueness systems, sybil-resistance infrastructure, or anonymous identity verification where biometric templates cannot be centralized.
+
+### Biometric Verification Providers
+Offering cross-organization deduplication or uniqueness checks without requiring any party to hold the underlying templates.
+
+### Enterprise Developers
+Running population-scale matching or compliance screening across organizational boundaries, where centralizing sensitive biometric data is not acceptable.
+
+## Common Use Cases
+
+### Population-Scale Uniqueness / Sybil Resistance
+Problem: Checking uniqueness across a large enrolled set requires comparing against stored templates - centralizing them creates an unacceptable breach risk.
+
+Solution: TACEO:Match compares against the enrolled set without centralizing templates or revealing which record matched.
+
+*Used in: Proof-of-uniqueness systems, anonymous credential issuance, sybil-resistant voting*
+
+### Cross-Organization Deduplication
+Problem: Multiple organizations want to detect shared or duplicate identities, but cannot legally or practically share their biometric databases with each other.
+
+Solution: Organizations contribute to a joint MPC computation. The check runs on secret shares; no party sees another's templates or learns individual match results beyond the joint output.
+
+*Used in: Cross-border identity verification, financial compliance, fraud detection consortiums*
+
+### Anonymous Identity Verification
+Problem: Verifying that a biometric matches an enrolled identity requires revealing which identity it is - breaking anonymity.
+
+Solution: The MPC nodes verify a match against an enrolled set and return only a boolean result. The verifier learns that a match exists, not which identity matched.
+
+*Used in: Anonymous credential systems, private age/eligibility verification, privacy-preserving KYC*
+
+## Next Steps
+
+- Understand the cryptographic foundations? Read the [Concepts](/docs/taceo-match/concepts) guide.
+- Evaluating for an identity use case? Start with [Confidential Biometrics](/docs/identity-solutions/biometrics/introduction).
+
+:::tip Customer-facing framing
+The [Identity Solutions → Confidential Biometrics](/docs/identity-solutions/biometrics/introduction)
+section presents this service in a product context - start there if you are evaluating TACEO for
+a biometric verification use case.
+:::
diff --git a/docs/taceo-oprf/api.mdx b/docs/taceo-oprf/api.mdx
index ba7661c..24ac6f1 100644
--- a/docs/taceo-oprf/api.mdx
+++ b/docs/taceo-oprf/api.mdx
@@ -20,7 +20,7 @@ The whole interaction with a single node is done via websockets. A Rust-based re
| 2 | Server → Client | `OprfResponse` | Partial commitments per party |
| 3 | Client → Server | `DLogEqualityCommitments` | Aggregated commitments |
| 4 | Server → Client | `DLogEqualityProofShare` | Proof response share |
-| 5 | — | Close | Connection closed with CloseFrame and code set to 1000 (NORMAL) |
+| 5 | - | Close | Connection closed with CloseFrame and code set to 1000 (NORMAL) |
The whole flow is split in two parts:
diff --git a/docs/taceo-oprf/authorization.mdx b/docs/taceo-oprf/authorization.mdx
index a90183e..955d892 100644
--- a/docs/taceo-oprf/authorization.mdx
+++ b/docs/taceo-oprf/authorization.mdx
@@ -208,6 +208,6 @@ Contact TACEO to deploy your authorization module:
## Next Steps
-- Ready to build? Check out the [Quickstart](/docs/taceo-oprf/quickstart)
+- Ready to build? Check out the [Quickstart](/docs/identity-solutions/nullifiers/getting-started/quickstart)
- Need examples? See [Use Cases](/docs/taceo-oprf/use-cases)
- Technical details? Review the [API Reference](/docs/taceo-oprf/api)
\ No newline at end of file
diff --git a/docs/taceo-oprf/overview.mdx b/docs/taceo-oprf/overview.mdx
index d097ee6..cb4eed6 100644
--- a/docs/taceo-oprf/overview.mdx
+++ b/docs/taceo-oprf/overview.mdx
@@ -91,5 +91,11 @@ We provide a developer API endpoint for experimentation against a live deploymen
## Next Steps
- New to OPRFs? Start with our [Concepts](/docs/taceo-oprf/concepts) guide
-- Ready to build? Jump to the [Quickstart](/docs/taceo-oprf/quickstart)
-- Need examples? Check out our [Use Cases](/docs/taceo-oprf/use-cases)
\ No newline at end of file
+- Ready to build? Jump to the [Quickstart](/docs/identity-solutions/nullifiers/getting-started/quickstart)
+- Need examples? Check out our [Use Cases](/docs/taceo-oprf/use-cases)
+
+:::tip Customer-facing framing
+The [Identity Solutions → Distributed Nullifiers](/docs/identity-solutions/nullifiers/introduction)
+section presents this service in a product context - start there if you are evaluating TACEO for
+an identity use case.
+:::
\ No newline at end of file
diff --git a/docs/taceo-oprf/use-cases.mdx b/docs/taceo-oprf/use-cases.mdx
index 45c69fb..2a8b1db 100644
--- a/docs/taceo-oprf/use-cases.mdx
+++ b/docs/taceo-oprf/use-cases.mdx
@@ -8,10 +8,10 @@ TACEO:OPRF solves critical privacy problems in Web3 and digital identity. Here a
ZK identity systems rely on a single secret key. If it leaks, your entire history is exposed. Here's how threshold OPRFs solve this.
### Current Vulnerability
-Traditional ZK identity systems like face a fundamental weakness:
+Traditional ZK identity systems face a fundamental weakness:
```
-Traditional: nullifier = OPRF(user_secret, action_id)
+Traditional: nullifier = H(user_secret, action_id)
```
**If your secret leaks:**
@@ -180,15 +180,15 @@ taceo-oprf-testnet-client \
- Explore [Concepts](/docs/taceo-oprf/concepts) for cryptographic details
**DeFi Protocols**: Implement private referral tracking
-- Begin with [Quickstart](/docs/taceo-oprf/quickstart)
+- Begin with [Quickstart](/docs/identity-solutions/nullifiers/getting-started/quickstart)
- Review [API Reference](/docs/taceo-oprf/api) for integration
**Wallet Recovery**: Build privacy-preserving recovery systems
-- Check [Local Setup](/docs/taceo-oprf/quicklocal) for development
+- Check [Local Setup](/docs/identity-solutions/nullifiers/getting-started/quicklocal) for development
- Contact us for production deployment planning
### Ready to Build?
-Each use case requires different authorization modules and integration approaches. Start with our [Quickstart Guide](/docs/taceo-oprf/quickstart) to experiment, then move to [local development](/docs/taceo-oprf/quicklocal) for custom implementation.
+Each use case requires different authorization modules and integration approaches. Start with our [Quickstart Guide](/docs/identity-solutions/nullifiers/getting-started/quickstart) to experiment, then move to [local development](/docs/identity-solutions/nullifiers/getting-started/quicklocal) for custom implementation.
**Need help choosing?** [Contact us](mailto:hello@taceo.io) to discuss your specific requirements.
\ No newline at end of file
diff --git a/docs/use-cases/attribution.mdx b/docs/use-cases/attribution.mdx
index adb6654..cedd60e 100644
--- a/docs/use-cases/attribution.mdx
+++ b/docs/use-cases/attribution.mdx
@@ -32,4 +32,4 @@ This model extends existing approaches to transaction attribution by removing th
Next steps:
- [Check out the Builder Codes article on Core](https://core.taceo.io/articles/privacy-preserving-builder-codes/)
- [TACEO:OPRF Concepts](/docs/taceo-oprf/concepts)
-- [Get started with TACEO:OPRF](/docs/taceo-oprf/quickstart)
\ No newline at end of file
+- [Get started with TACEO:OPRF](/docs/identity-solutions/nullifiers/getting-started/quickstart)
\ No newline at end of file
diff --git a/docs/use-cases/identity.mdx b/docs/use-cases/identity.mdx
index 95a5173..075208c 100644
--- a/docs/use-cases/identity.mdx
+++ b/docs/use-cases/identity.mdx
@@ -16,5 +16,5 @@ Examples of this use case can be found in World ID 4.0, ZK Passport, and our [Vo
Learn more:
- [TACEO:OPRF Concepts](/docs/taceo-oprf/concepts)
-- [TACEO:OPRF Quickstart](/docs/taceo-oprf/quickstart)
+- [TACEO:OPRF Quickstart](/docs/identity-solutions/nullifiers/getting-started/quickstart)
- [OPRF Article on Core](https://core.taceo.io/articles/taceo-oprf/)
\ No newline at end of file
diff --git a/sidebars.ts b/sidebars.ts
index 853f3a2..7d40436 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -38,6 +38,31 @@ const sidebars: SidebarsConfig = {
"finance-solutions/yield/introduction",
],
},
+ {
+ type: "category",
+ label: "Identity Solutions",
+ collapsed: false,
+ link: { type: "doc", id: "identity-solutions/overview" },
+ items: [
+ {
+ type: "category",
+ label: "Distributed Nullifiers",
+ link: { type: "doc", id: "identity-solutions/nullifiers/introduction" },
+ items: [
+ {
+ type: "category",
+ label: "Getting Started",
+ items: [
+ "identity-solutions/nullifiers/getting-started/quickstart",
+ "identity-solutions/nullifiers/getting-started/quicklocal",
+ ],
+ },
+ ],
+ },
+ "identity-solutions/passport-matching/introduction",
+ "identity-solutions/biometrics/introduction",
+ ],
+ },
{
type: "category",
label: "TACEO Services",
@@ -51,11 +76,6 @@ const sidebars: SidebarsConfig = {
"taceo-oprf/concepts",
"taceo-oprf/use-cases",
"taceo-oprf/authorization",
- {
- type: "category",
- label: "Getting Started",
- items: ["taceo-oprf/quickstart", "taceo-oprf/quicklocal"],
- },
{
type: "category",
label: "Development",
@@ -81,6 +101,12 @@ const sidebars: SidebarsConfig = {
"taceo-proof/dev/bestpractice",
],
},
+ {
+ type: "category",
+ label: "TACEO:Match",
+ link: { type: "doc", id: "taceo-match/overview" },
+ items: ["taceo-match/concepts"],
+ },
],
},
{
diff --git a/src/pages/index.tsx b/src/pages/index.tsx
index 2074c38..ec440e7 100644
--- a/src/pages/index.tsx
+++ b/src/pages/index.tsx
@@ -70,6 +70,11 @@ function GuidanceSection() {
label="Finance Solutions"
className={styles.arrowLinkPrimary}
/>
+
From d0bf84d16a45316a1694df867cd6b741c48ba387 Mon Sep 17 00:00:00 2001
From: 0xThemis <118167989+0xThemis@users.noreply.github.com>
Date: Tue, 26 May 2026 09:40:04 +0200
Subject: [PATCH 2/4] update
---
src/pages/index.tsx | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/pages/index.tsx b/src/pages/index.tsx
index ec440e7..9a5a86c 100644
--- a/src/pages/index.tsx
+++ b/src/pages/index.tsx
@@ -103,11 +103,12 @@ function GuidanceSection() {
From 1fea8a116f63793ba8d09253ca50697fbf1446a2 Mon Sep 17 00:00:00 2001
From: 0xThemis <118167989+0xThemis@users.noreply.github.com>
Date: Thu, 28 May 2026 14:32:40 +0200
Subject: [PATCH 3/4] discussion LG
---
docs/identity-solutions/overview.mdx | 4 +-
.../introduction.mdx | 6 +-
docs/index.mdx | 2 +-
docs/taceo-match/concepts.mdx | 12 ++
docs/taceo-match/overview.mdx | 2 +
sidebars.ts | 2 +-
static/img/taceo_match.svg | 121 ++++++++++++++++++
7 files changed, 142 insertions(+), 7 deletions(-)
rename docs/identity-solutions/{passport-matching => passport-identification}/introduction.mdx (86%)
create mode 100644 static/img/taceo_match.svg
diff --git a/docs/identity-solutions/overview.mdx b/docs/identity-solutions/overview.mdx
index 7ce9e50..0cf9c4d 100644
--- a/docs/identity-solutions/overview.mdx
+++ b/docs/identity-solutions/overview.mdx
@@ -38,12 +38,12 @@ No single party can evaluate or link nullifiers on its own.
-### Private Passport Matching
+### Threshold Passport Identification
Match passport attributes across parties without revealing the underlying document data.
Built on the same MPC network TACEO co-architected for zkPassport.
-[Learn more →](/docs/identity-solutions/passport-matching/introduction)
+[Learn more →](/docs/identity-solutions/passport-identification/introduction)
diff --git a/docs/identity-solutions/passport-matching/introduction.mdx b/docs/identity-solutions/passport-identification/introduction.mdx
similarity index 86%
rename from docs/identity-solutions/passport-matching/introduction.mdx
rename to docs/identity-solutions/passport-identification/introduction.mdx
index c5eaa2f..eb94b6c 100644
--- a/docs/identity-solutions/passport-matching/introduction.mdx
+++ b/docs/identity-solutions/passport-identification/introduction.mdx
@@ -1,11 +1,11 @@
---
-title: Private Passport Matching
+title: Threshold Passport Identification
description: Match passport attributes without exposing document data
---
-# Private Passport Matching
+# Threshold Passport Identification
-Match passport attributes across parties without revealing the underlying document data.
+Match passports or any identification document across parties without revealing the underlying document data.
Built on the same MPC network TACEO co-architected for zkPassport.
## The Problem
diff --git a/docs/index.mdx b/docs/index.mdx
index ee93d06..7c0e9fc 100644
--- a/docs/index.mdx
+++ b/docs/index.mdx
@@ -47,7 +47,7 @@ Private payments on the EVM chains you already use, built on Merces. Merces wrap
Privacy-preserving identity at global scale. TACEO:OPRF is in production for **World** and **zkPassport** - the same MPC backbone that powers iris-code uniqueness and private credential matching is available for your identity system.
-**In production.** Distributed nullifiers, private passport matching, and confidential biometrics, backed by a threshold MPC network with no single point of failure.
+**In production.** Distributed nullifiers, threshold passport identification, and confidential biometrics, backed by a threshold MPC network with no single point of failure.
**Looking for design partners.** Identity protocol teams and credential issuers building privacy-first systems. Talk to us.
diff --git a/docs/taceo-match/concepts.mdx b/docs/taceo-match/concepts.mdx
index eac4821..caf1613 100644
--- a/docs/taceo-match/concepts.mdx
+++ b/docs/taceo-match/concepts.mdx
@@ -24,6 +24,18 @@ For iris codes, this is **Hamming distance** - the fraction of bit positions tha
TACEO:Match evaluates this distance function directly on the secret shares of the enrolled template, without reconstructing the template at any node. The same approach extends to other distance-based biometric representations (e.g. cosine similarity for face embeddings) by implementing the corresponding comparison circuit.
+## Architecture
+
+Three independent MPC nodes execute the matching protocol and jointly hold a **secret-shared database** of all enrolled templates. Reconstruction requires at least $t$ shares - no node, and no coalition smaller than $t$, can read the stored data.
+
+A request originates at a sensor: a mobile device or dedicated hardware such as an orb or palm scanner. The sensor performs feature extraction, secret-shares the resulting template, and encrypts each share with the corresponding MPC node's public key, protecting the shares in transit. The choice of sensor does not change the architecture.
+
+Each MPC node decrypts its share and participates in the match protocol against the database. The protocol is parameterised by the distance function - for example, **Hamming distance** for iris codes (see [The Matching Function](#the-matching-function)). Only the final verdict is revealed: match or no match.
+
+
+
+An **orchestration server** may optionally relay requests between the sensor and the MPC nodes. It only ever observes encrypted shares, so user confidentiality is preserved end-to-end.
+
## Composition with Nullifiers
TACEO:Match and [Distributed Nullifiers](/docs/identity-solutions/nullifiers/introduction) are complementary primitives built on the same threshold MPC stack. Nullifiers derive a deterministic, unlinkable identifier from a secret input via OPRF; Match verifies that a biometric probe corresponds to an enrolled identity via MPC matching.
diff --git a/docs/taceo-match/overview.mdx b/docs/taceo-match/overview.mdx
index 2086b6f..cf6dc7e 100644
--- a/docs/taceo-match/overview.mdx
+++ b/docs/taceo-match/overview.mdx
@@ -2,6 +2,8 @@
TACEO:Match is a service on the TACEO network for biometric feature matching in MPC. It evaluates biometric comparisons directly on secret shares, so no plaintext template is ever reconstructed by any node, any server, or TACEO itself.
+Unlike [Threshold Passport Identification](/docs/passport-identification/introduction/), which uses deterministic nullifiers, TACEO:Match is designed for non-deterministic biometric data. A passport nullifier is always the same, but a scanned iris or palm varies with every capture. Rather than comparing hashes bit-by-bit, TACEO:Match evaluates similarity against a configurable threshold.
+
## What Problem Does It Solve?
**The Challenge**: Biometric data is irrevocable. You can rotate a password or a key; you cannot rotate your iris or your palm. Any architecture that centralizes biometric templates creates a permanent liability - a breach doesn't affect one user, it affects every enrolled user, forever. Sending raw templates to a verification server requires trusting that server completely, with data that can never be changed if that trust is violated.
diff --git a/sidebars.ts b/sidebars.ts
index 7d40436..b1dbfe7 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -59,7 +59,7 @@ const sidebars: SidebarsConfig = {
},
],
},
- "identity-solutions/passport-matching/introduction",
+ "identity-solutions/passport-identification/introduction",
"identity-solutions/biometrics/introduction",
],
},
diff --git a/static/img/taceo_match.svg b/static/img/taceo_match.svg
new file mode 100644
index 0000000..720456c
--- /dev/null
+++ b/static/img/taceo_match.svg
@@ -0,0 +1,121 @@
+
From e81e5c9e598e5d294236d4304d91e5589b9ccf33 Mon Sep 17 00:00:00 2001
From: 0xThemis <118167989+0xThemis@users.noreply.github.com>
Date: Thu, 28 May 2026 17:05:08 +0200
Subject: [PATCH 4/4] taceo:omap draft
---
docs/index.mdx | 2 +-
docs/services/overview.mdx | 13 ++++---------
docs/taceo-omap/overview.mdx | 3 +++
sidebars.ts | 1 +
4 files changed, 9 insertions(+), 10 deletions(-)
create mode 100644 docs/taceo-omap/overview.mdx
diff --git a/docs/index.mdx b/docs/index.mdx
index 7c0e9fc..fe4066e 100644
--- a/docs/index.mdx
+++ b/docs/index.mdx
@@ -127,7 +127,7 @@ coSNARK-based systems locally. Distinct from TACEO's managed services.
## Where TACEO is today
- **Finance Solutions.** Merces is live on Arc, Base, and Plasma testnets with ~5M demo transactions, ~300 TPS, and single-digit-cents gas on L2. Mainnet deployment in progress.
-- **Privacy Services.** TACEO:OPRF and TACEO:Proof are in production for partners including World and zkPassport.
+- **Privacy Services.** TACEO:OPRF and TACEO:Proof are in production for partners including World and zkPassport. TACEO:OMap is deployed and onboarding first applications.
- **TACEO Network.** The MPC infrastructure underpinning all of the above is built on the same foundation TACEO co-architected for World's iris-code system, in production at global scale.
## Learning Resources
diff --git a/docs/services/overview.mdx b/docs/services/overview.mdx
index b003d08..adc7e55 100644
--- a/docs/services/overview.mdx
+++ b/docs/services/overview.mdx
@@ -90,21 +90,16 @@ _Distributed Biometric Matching_
-
-
-## Coming Soon
-
-
-
-### **TACEO\:OMap**
+### **TACEO\:OMap** Coming Soon
_Private Reads & Writes_
-**Deployed, onboarding first applications**
+Private data structures and confidential shared state management across multiple parties, with verifiable state updates.
-Private data structures and confidential shared state management across multiple parties, with verifiable state updates. (currently onboarding initial applications).
+{/* prettier-ignore */}
+Learn More
+
+An **orchestration server** may optionally relay requests between the sensor and the MPC nodes. It only ever observes encrypted shares, so user confidentiality is preserved end-to-end.
+
## Composition with Nullifiers
TACEO:Match and [Distributed Nullifiers](/docs/identity-solutions/nullifiers/introduction) are complementary primitives built on the same threshold MPC stack. Nullifiers derive a deterministic, unlinkable identifier from a secret input via OPRF; Match verifies that a biometric probe corresponds to an enrolled identity via MPC matching.
diff --git a/docs/taceo-match/overview.mdx b/docs/taceo-match/overview.mdx
index 2086b6f..cf6dc7e 100644
--- a/docs/taceo-match/overview.mdx
+++ b/docs/taceo-match/overview.mdx
@@ -2,6 +2,8 @@
TACEO:Match is a service on the TACEO network for biometric feature matching in MPC. It evaluates biometric comparisons directly on secret shares, so no plaintext template is ever reconstructed by any node, any server, or TACEO itself.
+Unlike [Threshold Passport Identification](/docs/passport-identification/introduction/), which uses deterministic nullifiers, TACEO:Match is designed for non-deterministic biometric data. A passport nullifier is always the same, but a scanned iris or palm varies with every capture. Rather than comparing hashes bit-by-bit, TACEO:Match evaluates similarity against a configurable threshold.
+
## What Problem Does It Solve?
**The Challenge**: Biometric data is irrevocable. You can rotate a password or a key; you cannot rotate your iris or your palm. Any architecture that centralizes biometric templates creates a permanent liability - a breach doesn't affect one user, it affects every enrolled user, forever. Sending raw templates to a verification server requires trusting that server completely, with data that can never be changed if that trust is violated.
diff --git a/sidebars.ts b/sidebars.ts
index 7d40436..b1dbfe7 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -59,7 +59,7 @@ const sidebars: SidebarsConfig = {
},
],
},
- "identity-solutions/passport-matching/introduction",
+ "identity-solutions/passport-identification/introduction",
"identity-solutions/biometrics/introduction",
],
},
diff --git a/static/img/taceo_match.svg b/static/img/taceo_match.svg
new file mode 100644
index 0000000..720456c
--- /dev/null
+++ b/static/img/taceo_match.svg
@@ -0,0 +1,121 @@
+
From e81e5c9e598e5d294236d4304d91e5589b9ccf33 Mon Sep 17 00:00:00 2001
From: 0xThemis <118167989+0xThemis@users.noreply.github.com>
Date: Thu, 28 May 2026 17:05:08 +0200
Subject: [PATCH 4/4] taceo:omap draft
---
docs/index.mdx | 2 +-
docs/services/overview.mdx | 13 ++++---------
docs/taceo-omap/overview.mdx | 3 +++
sidebars.ts | 1 +
4 files changed, 9 insertions(+), 10 deletions(-)
create mode 100644 docs/taceo-omap/overview.mdx
diff --git a/docs/index.mdx b/docs/index.mdx
index 7c0e9fc..fe4066e 100644
--- a/docs/index.mdx
+++ b/docs/index.mdx
@@ -127,7 +127,7 @@ coSNARK-based systems locally. Distinct from TACEO's managed services.
## Where TACEO is today
- **Finance Solutions.** Merces is live on Arc, Base, and Plasma testnets with ~5M demo transactions, ~300 TPS, and single-digit-cents gas on L2. Mainnet deployment in progress.
-- **Privacy Services.** TACEO:OPRF and TACEO:Proof are in production for partners including World and zkPassport.
+- **Privacy Services.** TACEO:OPRF and TACEO:Proof are in production for partners including World and zkPassport. TACEO:OMap is deployed and onboarding first applications.
- **TACEO Network.** The MPC infrastructure underpinning all of the above is built on the same foundation TACEO co-architected for World's iris-code system, in production at global scale.
## Learning Resources
diff --git a/docs/services/overview.mdx b/docs/services/overview.mdx
index b003d08..adc7e55 100644
--- a/docs/services/overview.mdx
+++ b/docs/services/overview.mdx
@@ -90,21 +90,16 @@ _Distributed Biometric Matching_
-
-
-## Coming Soon
-
-