> For the complete documentation index, see [llms.txt](https://docs.zipwire.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.zipwire.io/zipwire-approve/verifiable-timesheets.md).

# Verifiable Timesheets with Selective Disclosure

Timesheets prove you worked. But they're just documents—easy to falsify, hard to verify.

**Verifiable timesheets are blockchain-attested proofs of your work.** When your timesheet is approved, we create an immutable frozen record, build a Merkle tree, and attest it to the Base blockchain. You can then generate selective-disclosure proofs revealing only the claims you choose. The verifier checks the proof cryptographically—no call to us needed, no trust required. Just proof.

## The Problem They Solve

### AI-Generated CVs

LLMs can write a convincing CV in seconds: "500 hours of React. Led a team of 5. Shipped production systems." Did any of it happen? There's no way to know instantly.

### Regulatory Recency Requirements

In regulated industries—aviation, finance, healthcare—employers must verify *recent* work experience before hire:

* **Pilots:** Must have flown within the past 90 days
* **Compliance officers:** Need recent regulatory experience
* **Healthcare workers:** Must have recent clinical hours

Checking recency today means days of manual verification: calling references, hunting through CVs, hoping records exist. It's slow, error-prone, and leaves room for fabrication.

### The Trust Gap

When you claim experience, employers have two bad options:

1. Hope they trust you and risk hiring someone who can't do the job
2. Spend days running reference checks and hunting for documented proof

There's no instant way to verify: you actually did this work, you actually have this skill, with no room for exaggeration or AI-generated fantasy.

## How It Works

### 1. Timesheet Approved → Frozen Record Created

When you submit your timesheet and it's approved, we create a **FrozenTimesheet**: an immutable snapshot containing:

* Your work details (dates, hours, activities)
* [Extracted skills](/zipwire-approve/unboxing-key-concepts/skills-extraction.md)
* Approver signature
* Work and billing summaries
* Engagement context (clients, projects, agencies)

### 2. Merkle Tree Built → Root Hash Generated

We build a deterministic Merkle tree from the frozen data. Each leaf represents a piece of information:

* A skill you used
* A day you worked
* Your approver
* Billing information

The root hash is a single cryptographic value representing the *entire* timesheet.

### 3. Root Hash Attested to Base Blockchain

We publish the root hash to the **Base blockchain** via **EAS (Ethereum Attestation Service)**. It's signed by us (Zipwire) and permanently recorded on-chain. Your work is now verifiable.

### 4. Create a Selective-Disclosure Proof

You decide what to reveal. ProofPack generates a signed token (JWS) that cryptographically proves your disclosed claims come from the attested timesheet:

<figure><img src="/files/l1CXG4FQrqYjWWBkKzOv" alt="Selective disclosure interface showing Merkle tree and checkboxes for choosing which timesheet fields to reveal in the proof" width="375"><figcaption><p>Select which fields to reveal in your proof. Checked fields (approvedAt, approver, assignment, skillsUsed, worker, workSummary) will be publicly visible in the proof. Unchecked fields remain private.</p></figcaption></figure>

* **"React experience?"** Prove it without disclosing client names or exact dates
* **"Approved on this date?"** Prove it without showing salary or hours
* **"Recent work?"** Prove you've worked in the past 90 days without revealing projects

### 5. Verifier Checks the Proof

The employer, client, or service uses ProofPack to verify your proof:

1. Check the JWS signature
2. Verify the Merkle proof connects disclosed fields to the attested root
3. Confirm the root hash exists on-chain on Base
4. Trust the claims without exposing your full timesheet

No call to Zipwire. No central IdP. Just cryptographic certainty.

## Real Use Cases

### Job Applications

"I have 500 hours of TypeScript experience." Generate a proof. Employer verifies it cryptographically in milliseconds. No reference checks. No waiting for "I forgot they worked here."

### Regulatory Recency Verification

A pilot applying for a job generates a proof of flight hours from the past 90 days—on-chain, tamper-proof. A compliance officer proves recent regulatory work. An RN proves recent clinical experience. Instant verification. No manual hunting.

### Client Audits

"Can you prove the hours you billed?" Generate a proof of total hours and approver signature from your frozen timesheet. Cryptographically verifiable.

### Contractor Verification

Platforms matching freelancers to jobs verify skills and experience directly from on-chain attestations instead of trusting self-reported profiles.

### Compliance and Background Checks

Regulated industries need verifiable work history for hiring compliance. Blockchain attestations provide tamper-proof records that satisfy regulatory requirements without manual verification calls.

## Why This Matters

**No verification call required.** Employers verify the proof cryptographically in milliseconds instead of spending days calling references.

**AI-proof.** CVs are easy to generate with an LLM. Blockchain attestations are not. Your work is cryptographically signed and on-chain.

**Privacy-preserving.** You reveal only what's necessary. Past clients, exact salary, other projects stay private. But verifiers still trust the claims you do make—because they're backed by cryptographic proof.

**Permanent record.** Your approved timesheets live on-chain forever. No lost references. No "I can't remember if they worked here." No convenient amnesia.

**Portable.** One timesheet, many uses. Prove hours to one employer, skills to another, contractor status to a third—all with the same on-chain record.

## Technical Details

**Merkle trees with random salts:** Each leaf has a random salt preventing preimage attacks and enabling selective disclosure. Different hashes on rebuild are intentional—the handler stores the tree once at approval.

**Base blockchain:** Layer 2 Ethereum, fast and cheap. Via EAS (Ethereum Attestation Service), the industry standard for on-chain attestations.

**ProofPack:** Open standard for creating and verifying selective-disclosure proofs. JavaScript and .NET implementations available. No vendor lock-in.

**JWS tokens:** Compact, portable proofs that work in HTTP headers, API requests, or as standalone tokens.

## Getting Started

1. **Create and approve a timesheet** — All fields populate automatically
2. **Frozen record generated** — Automatic, no action needed
3. **Merkle tree built and attested** — Your work is now on-chain
4. **Mint selective-disclosure proofs** — Via Zipwire API, choose what to reveal
5. **Share proof (JWS token)** — With any verifier who needs to check your work
6. **Verifier uses ProofPack** — No Zipwire API call needed, just cryptographic verification

## Privacy and Security

**Privacy-first design:** Your personal data never leaves your control and never goes on-chain. Only cryptographic hashes are stored on the blockchain. You choose exactly what to reveal in each proof.

**Security features:**

* Government-approved ID verification (via Zipwire Attest)
* Optional AML background checks
* Cryptographic proofs ensure data integrity
* On-chain attestations prevent tampering

See [Blockchain Attestations](/zipwire-collect/idsp-idvt-kyc-kyb-and-aml/blockchain-attestations.md) for deeper technical details.

## Learn More

### Documentation

{% content-ref url="/pages/2z6WecyLa8YDtBkj0K6K" %}
[Skills Extraction](/zipwire-approve/unboxing-key-concepts/skills-extraction.md)
{% endcontent-ref %}

{% content-ref url="/pages/kzmdzG6x7y91vzCPFJMX" %}
[Your Digital Identity on the Blockchain](/zipwire-attest/zipwire-attest.md)
{% endcontent-ref %}

{% content-ref url="/pages/o6oB9rNFDKiUMPlCA1As" %}
[Blockchain Attestations](/zipwire-collect/idsp-idvt-kyc-kyb-and-aml/blockchain-attestations.md)
{% endcontent-ref %}

### ProofPack

For code examples and integration details, see the [ProofPack Repository](https://github.com/zipwireapp/ProofPack).

### Blog Post

For a detailed walkthrough with real-world examples, see: [Verifiable Timesheets: Prove Your Work Without Revealing Everything](https://zipwire.io/blog/articles/2026-05/verifiable-timesheets/verifiable-timesheets-with-selective-disclosure)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.zipwire.io/zipwire-approve/verifiable-timesheets.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.