Privacy‑First Job Applications with Midnight Network

Core Features:

• Anonymous Eligibility Proofs: Prove subset skills, minimum experience, and region membership without revealing specifics
• On-Chain Verification: Verifier contract integration with mock fallback for development
• Anti-Spam Protection: Per-job nullifiers prevent duplicate applications while preserving cross-job unlinkability
• Privacy-First UI: Clear indicators showing what stays private vs. what gets proven

GitHub Repository: https://github.com/depapp/zk-job-board

Page-by-Page Walkthrough

This section explains every page, its function, and how it supports privacy by design.

1. Home Page (/)

Purpose: Landing page introducing the concept of anonymous job applications
Key Actions: Navigate to "Browse Jobs" or "Post a Job"

Privacy Signals: Copy and visuals emphasize that proofs validate eligibility without exposing personal data

Midnight Integration: Educational introduction; no proof generation on this page

2. Browse Jobs (/jobs)

Purpose: List all open positions with summarized requirements

Key Actions: Select a job to view full details

Privacy Signals: Requirements are public; applicant data remains private

Midnight Integration: Displays policy summaries that become public inputs (policyHash) in the circuit

3. Job Detail (/job/:id)

Purpose: Show complete job policy including required skills, minimum experience, and allowed regions

Key Actions: Click "Apply to This Job" to start application

Privacy Signals: Requirements are transparent, but what you'll reveal is not

Midnight Integration: jobId and policyHash form part of the circuit's public inputs

4. Apply to Job (/job/:id/apply)

Purpose: Applicant prepares private attributes and generates ZK proof

Key Actions: Generate proof client-side, then submit application

Privacy Signals: UI marks private fields with 🔒 icons and explains that raw values never leave the device

Midnight Integration:

• Real Mode (VITE_MIDNIGHT_ENABLED=true):
  • Fetches zk-config for job_eligibility circuit
  • Generates proof via MidnightJS httpClientProofProvider
  • Optionally submits to on-chain verifier
• Mock Mode: Deterministic proof generation for demo/testing

5. Proof Result (/proof-result)

Purpose: Confirmation that proof was generated and verified

Key Actions: View "What Was Proven" vs "What Remained Private"

Privacy Signals: Explicit list of public inputs (jobId, policyHash, nullifier) vs hidden attributes

Midnight Integration: Shows verification result (on-chain or mock) with transaction hash in real mode

6. Applicant Status (/status)

Purpose: Check application status using applicationId or nullifier reference

Key Actions: View historical submissions per job while preserving anonymity

Privacy Signals: Status checking without identity revelation; nullifier provides rate-limiting

Midnight Integration: Real deployments derive status from on-chain events; mock mode uses localStorage

7. Employer New Job (/employer/new)

Purpose: Create job policy with required skills, minimum experience, and allowed regions

Key Actions: Submit job → policyHash computed and stored

Privacy Signals: Employers never see raw applicant attributes, only validity results

Midnight Integration: Policy becomes circuit parameterization; policyHash embedded in proofs

8. Employer Applications (/employer/job/:id/applications)

Purpose: View verified submissions for a specific job

Key Actions: Inspect application validity, timestamps, and anonymized IDs

Privacy Signals: No visibility into applicant skills/years/region—only constraint satisfaction

Midnight Integration: Read-only view of verified results (on-chain or mock storage)

9. Review Application (/employer/application/:applicationId)

Purpose: Inspect single application's verification outcome

Key Actions: Approve, shortlist, or reject based on proof validity

Privacy Signals: No PII; only proof validity and job policy reference shown

Midnight Integration: Links proof result to job policy without deanonymizing applicant

10. Privacy Page (/privacy)

Purpose: Educational page explaining zero-knowledge proofs in this context

Key Actions: Learn what's shared vs. protected, understand nullifiers

Privacy Signals: Teaches users to trust the process and clarifies tradeoffs

Midnight Integration: Conceptual explanation with links to technical documentation

1. Compact Circuit Design

The core privacy logic lives in circuits/job_eligibility.cmp:

circuit JobEligibility { // Public inputs (visible to verifier) public jobId: Field public policyHash: Field public nullifier: Field // Private inputs (never revealed) private skillsBitset: Field[32] private experienceYears: Field private regionIndex: Field private secret: Field // Constraints enforce: // 1. Skills subset check (applicant ⊇ required) // 2. Experience threshold (years ≥ minimum) // 3. Region membership (region ∈ allowed) // 4. Nullifier derivation (prevents duplicates) } 

2. MidnightJS SDK Integration

The app/src/lib/midnight.ts file orchestrates proof generation:

// Dual-mode design for flexibility if (VITE_MIDNIGHT_ENABLED === 'true') { // Real Midnight Network integration const { httpClientProofProvider } = await import('@midnight-ntwrk/midnight-js-http-client-proof-provider'); const { FetchZkConfigProvider } = await import('@midnight-ntwrk/midnight-js-fetch-zk-config-provider'); // Generate real proofs via SDK const proof = await proofProvider.prove('job_eligibility', witness, zkConfig); } else { // Mock mode for development/demo return generateMockProof(publicInputs, privateInputs); } 

3. Build & Deployment Scripts

• Circuit Compilation (scripts/compile-circuits.ts): Compiles Compact code to proving/verification keys in artifacts/zk/
• Verifier Deployment (scripts/deploy-verifier.ts): Deploys on-chain verifier and persists contract address

Privacy isn't an afterthought—it's the foundation of every design decision:

What Stays Private:

• Exact Skills: Verifier never sees your full skill list, only that you have the required subset
• Precise Experience: Your exact years remain hidden; only proof of meeting minimum is revealed
• Specific Location: Your exact region stays private; only membership in allowed regions is proven
• Personal Identity: No PII is ever exposed or stored

What Gets Proven:

• ✅ "I have all required skills" (without listing other skills)
• ✅ "I have enough experience" (without revealing exact years)
• ✅ "I'm in an allowed region" (without specifying which one)
• ✅ "This is my only application to this job" (via nullifier)

UI Privacy Reinforcement:

• 🔒 Lock icons mark all private data fields
• Clear explanations at each step about what remains hidden
• Dedicated /privacy page educating users on ZK benefits
• Success page explicitly lists "What Was Protected" vs "What Was Proven"

Prerequisites

• Node.js 18+ and npm
• Git
• Modern web browser

Step 1: Clone and Install

git clone https://github.com/depapp/zk-job-board.git cd zk-job-board npm install 

Step 2: Configure Environment

cp .env.example .env.local 

Option A: Mock Mode (Default - No Credentials Needed)
Leave .env.local as-is or set:

VITE_MIDNIGHT_ENABLED=false 

Option B: Real Midnight Integration

VITE_MIDNIGHT_ENABLED=true VITE_MIDNIGHT_RPC_URL=https://testnet.midnight.network/rpc VITE_MIDNIGHT_NETWORK_ID=testnet-02 VITE_MIDNIGHT_API_KEY=your-api-key VITE_PROOF_SERVER_URL=http://localhost:6300 VITE_VERIFIER_ADDRESS= # Set after deployment 

💡 Get testnet credentials at midnight.network

Step 3: Compile Circuit

npm run compile-circuits 

This compiles circuits/job_eligibility.cmp and generates artifacts in artifacts/zk/.

Step 4: Deploy Verifier (Real Mode Only)

npm run deploy-verifier 

Deploys verifier contract and saves address to .env.local.

Step 5: Run the Application

npm run dev # Visit http://localhost:5173 

Step 6: Try the Complete Flow

As an Employer:

1. Navigate to "Submit Job" (/employer/new)
2. Create a job with requirements:
   • Required Skills: Select from allowlist
   • Min Experience: Set years
   • Allowed Regions: Choose regions
3. Submit and note the Job ID

As an Applicant:

1. Browse jobs (/jobs)
2. Select a job and click "Apply"
3. Generate mock credentials that meet requirements
4. Click "Generate Proof"
5. Submit application
6. View "Your Privacy Was Protected" confirmation

Verify Privacy:

1. Check the Privacy page (/privacy) to understand the system
2. Try applying twice to same job (nullifier prevents it)
3. Apply to different jobs (nullifiers don't link identity)

Step 7: Understanding Console Logs

The app provides detailed logging for educational purposes:

// Mock mode [Midnight] SDK loading skipped (VITE_MIDNIGHT_ENABLED is not true) [Midnight] Using mock proof generation // Real mode [Midnight] Loading SDK modules... [Midnight] Connected to testnet-02 [Midnight] Using real proof generation via SDK [Midnight] Proof verified on-chain at 0x... 

Step 8: Troubleshooting

Step 9: Advanced Customization

Adding New Skills:
Edit config/allowlist.skills.json:

{ "skills": ["YourNewSkill", ...] } 

Modifying Circuit:

1. Edit circuits/job_eligibility.cmp
2. Recompile: npm run compile-circuits
3. Redeploy: npm run deploy-verifier

Switching Modes:
Toggle VITE_MIDNIGHT_ENABLED and restart dev server.

Step 10: Production Deployment

# Build for production npm run build # Preview production build npm run preview # Deploy to any static hosting (Vercel, Netlify, etc.) 

Architecture Overview

┌─────────────┐ ┌──────────────┐ ┌─────────────┐ │ Employer │────▶│ Job Policy │────▶│ On-Chain │ │ UI │ │ Creation │ │ Storage │ └─────────────┘ └──────────────┘ └─────────────┘ │ ▼ ┌─────────────┐ ┌──────────────┐ ┌─────────────┐ │ Applicant │────▶│ ZK Proof Gen │────▶│ Verifier │ │ UI │ │ (Midnight) │ │ Contract │ └─────────────┘ └──────────────┘ └─────────────┘ 

Key Design Decisions:

1. Dual-Mode Operation: Enables both development (mock) and production (real Midnight) workflows
2. Client-Side Proof Generation: Sensitive data never leaves user's device
3. Nullifier Design: Per-job nullifiers prevent spam while maintaining cross-job unlinkability
4. Bitset Encoding: Efficient skill matching using bitwise operations in circuit