ZKP and DID — Privacy and Sovereignty

Drivers Are Safe. Carriers Are Sovereign. AI Is the Partner.

The Privacy Paradox

Every fraud prevention tool in freight demands more data. More monitoring. More cameras. More tracking. More access to driver movements, carrier finances, and operational details.

The Owner-Operator Independent Drivers Association (OOIDA) — 150,000 members — took the ELD mandate to the Supreme Court, arguing it violates Fourth Amendment protections against warrantless searches. Cornell research confirms that monitoring "invades truckers' privacy without boosting safety."

They have a point. The question is not whether carriers should be verified. The question is: does verification require surveillance?

The answer is no. We can prove everything a broker needs to know without revealing anything a driver has a right to keep private. The technology exists. It's called zero-knowledge proofs.

Zero-Knowledge Proofs: Proving Without Showing

A zero-knowledge proof lets you prove a fact is true without revealing the underlying data.

This is not a metaphor. It is a mathematical technique with forty years of research behind it, deployed in production systems, and proven secure against the strongest adversaries.

Here is what it means for freight:

A broker needs to know: "Does this carrier have insurance coverage of at least one million dollars?"

Today: The carrier sends a PDF showing the full policy — coverage amount, policy number, insurer, deductible, named insured, effective dates. The broker sees everything.

With ZKP: The carrier provides a mathematical proof that their coverage exceeds one million dollars. The broker learns exactly one fact — "yes, coverage is sufficient." They don't learn the exact amount, the policy number, the insurer's identity, or any other detail.

The proof is unforgeable relative to what the issuer signed: the math guarantees the carrier cannot produce a valid proof unless they hold a credential — signed by the insurer — that makes the statement true. (Zero-knowledge moves the trust to the issuer; it does not manufacture truth. If the insurer signs a false attestation, the proof faithfully proves the falsehood.) But the data behind the proof stays with the carrier.

More examples:

What the broker needs to know	What ZKP proves	What stays private
Is the safety rating satisfactory?	Yes or no	The actual rating
Has this truck operated continuously for 12 months?	Yes or no	Every individual trip, route, and stop
Is the driver's CDL valid and correct class?	Yes or no	License number, home address, date of birth
Were there any out-of-service violations in the past year?	Yes or no	Dates, locations, and details of any violations
Did the truck complete the contracted route on time?	Yes or no	Every GPS coordinate, rest stop, and fuel purchase

Privacy AND verification. Not a trade-off. Both.

A precision note, because the word matters. Most of the examples above — coverage ≥ $1M, satisfactory safety rating, valid CDL — don't actually need a heavyweight zero-knowledge circuit. They are issuer-known facts, so a signed Verifiable Credential with selective disclosure (revealing just the one field, e.g. via BBS+) does the job — simpler, auditable, and already in the standards below. True zero-knowledge proofs earn their keep on the harder case: proving something over data the carrier holds and no one else will vouch for — "this truck ran continuously for 12 months," "the route was completed on time" — without exposing the underlying trail. We use the lighter tool where it suffices and reserve ZKP for where it is genuinely needed. (And note: after a loss, a broker or insurer often wants the full policy detail for subrogation — selective disclosure lets the carrier reveal exactly what a given counterparty needs, no more, no less.)

Decentralized Identifiers: Sovereign Identity

A Decentralized Identifier (DID) is a W3C web standard for digital identity that doesn't depend on any central authority.

Today, a carrier's identity lives in FMCSA's database. If FMCSA's system goes down, the carrier effectively doesn't exist. If the data is wrong, the carrier has to petition FMCSA to fix it. If someone compromises the database, the carrier's identity can be modified without their knowledge or consent.

A DID is different. The carrier creates their own identifier. They hold their own cryptographic keys. They control their own data. Nobody can revoke, modify, or deny their identity without the carrier's private key.

What a truck's DID looks like:

Every truck gets its own decentralized identifier — a Digital VIN that is resoluble, verifiable, and carrier-controlled. When anyone queries the truck's DID, they learn:

The truck's public key (for verifying signatures)

Where to access the truck's data wallet (the service endpoint)

Who currently operates the truck (the controller — the carrier's CorpID)

How to verify data from this truck (verification methods)

When the truck is leased to a new carrier, the controller changes — a signed transaction in the wallet, authorized by both the old and new carrier. The DID stays the same. The history follows the truck.

This is the W3C Verifiable Credentials standard. The same standard being adopted by the European Union for digital identity (eIDAS 2.0), piloted and evaluated by the Department of Homeland Security for supply-chain integrity, and used in the financial industry for KYC verification. Not experimental. Increasingly deployed.

What Sovereignty Means for Carriers

Sovereignty means the carrier is not a data subject. The carrier is a data owner.

Today's model: Fifteen companies each hold a piece of your data. The ELD vendor owns your driving logs. The fuel card company owns your fuel history. EZPass owns your toll records. GenLogs owns photos of your truck from their cameras. CarrierAssure owns your "reputation score." The carrier — whose trucks generated all this data — owns none of it.

Sovereign model: The carrier owns a wallet. Every system that interacts with the truck writes a transaction to the wallet. The carrier controls who can read the wallet. The carrier shares proofs — ZK proofs, Merkle subsets, verifiable presentations — that reveal exactly what is needed and nothing more.

When a carrier moves from one broker to another, their reputation comes with them — in their wallet, verified by math, portable by design. No vendor lock-in. No proprietary scores that evaporate when you change platforms.

Sovereignty has to mean more than nicer words. Owning a wallet only shifts power if it comes with hard guarantees — and these are the ones that matter to a one-truck operator who has heard "this is for your protection" before. Data minimization: the identity and insurance proofs work without collecting the brake-by-brake or GPS trail, so the surveillance-grade layers stay genuinely optional. No coerced access: wallet data should not be a hidden condition of getting a load, and access requests are logged. Due process on reputation: a counterparty's signature proves who said something, never that it is true, so a disputed mark gets an expiry and a neutral path to correction — not a permanent blacklist. Key recovery you control: losing a phone cannot erase your business, via backup and social recovery that is not a vendor backdoor. A real exit ramp: open standards plus a verifiable export, so your history survives even if any single provider — including us — disappears. If those guarantees aren't kept, "you own your data" is just a nicer label on the same monitoring.

AI Is the Partner

This entire system is designed to be operated by AI agents, not by humans staring at dashboards.

AI does the verification work:

Checking signatures on every document in a data room — milliseconds, not minutes

Verifying ZK proofs — mathematical computation, no human judgment needed

Cross-referencing wallet transactions — fuel against ELD against tolls, pattern detection at scale

Monitoring for anomalies — gaps in heartbeats, ECU hash changes, brake correlation breaks

AI cannot be the threat when the data is signed:

An AI cannot forge a valid signature — it doesn't hold the private key

An AI cannot modify a sealed record — the hash would break

An AI cannot fabricate a ZK proof — the math won't validate

An AI cannot fake the brake light biometric — physics won't cooperate

The AI is the tireless verification clerk. It checks everything, trusts nothing, and verifies mathematically. It doesn't get tired. It doesn't cut corners. It doesn't skip the check because the carrier "looks fine."

This is the future of fraud prevention: not more surveillance, but more math. The carrier proves. The AI verifies. The human decides. Each does what they're best at.

Concrete Actions

For carriers: Your data is yours. Demand portability. Demand ownership. A reputation score that lives in someone else's database and disappears when you switch vendors is not your reputation. A wallet with verifiable transactions that you control and carry with you — that is your reputation.

For brokers: Accept ZK proofs. When a carrier can mathematically prove their insurance is sufficient, their safety record is clean, and their truck completed the route intact — without revealing private details — you have better evidence than any PDF or dashboard could provide.

For regulators: Adopt W3C DID and Verifiable Credential standards for carrier identity. The standards exist. The EU is implementing them. DHS is evaluating them. Freight can be an early adopter instead of a late follower.

For the industry: Stop treating verification and privacy as opposites. They are not. Zero-knowledge proofs let you have both. The driver's location history stays private. The trip's integrity is provable. The carrier's compliance is verifiable. The fraud is detectable. All of it, simultaneously, with math.

Building This Today

FreightProof is the beginning. Cryptographic proof of carrier vetting — SHA-256 sealed, independently verifiable, courtroom-ready. The foundation that the data rooms, CorpIDs, truck wallets, and ZK proofs build upon.

Every component described in these pages uses existing, proven, standardized technology. The cryptography is federal-standard. The identity model is W3C-standard. The IoT baseline already exists. The zero-trust architecture is published.

None of this requires new science. Some of it is cheap — signing data, issuing credentials, verifying signatures. Some of it is not — instrumenting and signing every legacy trailer is real cost and real time, and we should say so. It simply hasn't been assembled for freight yet.

Now it is.

Start with FreightProof → — 30 free credits, no credit card. See what verifiable carrier vetting looks like. Then imagine it applied to every truck, every trailer, every document, every transaction in the industry.

That is where we're going.

You've reached the end of the tour. Now see the whole vision applied to one truck — from registration to a green-light at the dock — in ELD Clearance →. Want to talk about a pilot, or what we sell? Products · Contact us · back to the Vision overview.

Steven Sprague is Founder and CEO of Rootz Corp. He co-founded the Trusted Computing Group (TCG), which created the TPM chip standard now embedded in billions of devices. He served as CEO of Wave Systems Corp (NASDAQ: WAVX) for 14 years, pioneering enterprise trusted computing with a market cap exceeding $2 billion. He holds dozens of patents in digital identity and cybersecurity, and graduated from Cornell University with a B.S. in Mechanical Engineering. Steven carries a CDL and put 20,000 miles on his truck this year hauling his family's horses up and down I-95.

FreightProof by Rootz Corp — freight.rootz.global