Summary: Primus is best understood not as a generic identity app, but as a zkTLS-based attestation layer for turning web-session data and other offchain facts into reusable proofs for blockchains and AI systems. Its core mechanism is a split stack: developers use templates and SDKs, users or backends generate attestations, and a network of attestors verifies data using MPC-mode or Proxy-mode zkTLS. That makes Primus a strong comparison case for Orange Pass, Sismo, Human Passport, and other systems that promise portable identity or offchain proofs. The real questions are which facts can be template-ized, who runs the attestors, whether attestor admission is permissionless or whitelist-gated, when users generate proofs locally versus delegating credentials to backend agents, and how much trust remains in TEEs, attestors, or template registries even when the protocol is marketed as privacy-preserving cryptography.
What it does:
Exposes zkTLS and encrypted-computation tooling for bringing offchain Web2 data into blockchain and AI workflows without revealing raw data
Offers two main zkTLS modes, MPC and Proxy, behind a unified developer-facing API surface
Uses developer templates and SDKs so applications can request attestations against predefined offchain data sources and proof rules
Supports both user-generated proof flows via browser extension and backend-generated proof flows where services act with user credentials
Frames identity verification, age-gating, nationality checks, address eligibility, and reusable KYC / proof-of-humanity-style attestations as initial application scenarios
Operates an attestor-node network with chain-specific task contracts and TEE-based deployment guidance, showing how proof generation is tied to real infrastructure operators
Key claims:
Primus’ main reusable primitive is not just zkTLS itself, but the packaging of zkTLS into a templated attestation network. The important control surface is who defines templates, who operates attestors, and which proof modes downstream apps actually trust.
The docs explicitly present two trust/performance branches: MPC mode for stronger client-side integrity and Proxy mode for better performance. That tradeoff is more analytically useful than generic privacy language because it shows where security assumptions shift.
The identity-verification docs reveal Primus’ preferred wedge into crypto: not standalone DID issuance, but proving specific offchain eligibility predicates and reusing existing KYC or Web2 account histories as attestations.
The attestor-node guide is especially revealing because it surfaces concrete governance friction. Node operators deploy via Phala TEEs, point to specific supported chains and task contracts, and must contact the Primus team to be added to a whitelist before managing a node. That means distribution of verification power is not purely permissionless today.
The tutorial repo shows Primus wants proofs to be built from templates plus SDKs rather than custom cryptographic plumbing in every app. This makes the developer hub / template layer a likely future chokepoint for what offchain facts become legible onchain.
Primus is useful for comparison with Orange Pass and Sismo because it separates data-source proof generation from downstream credential interpretation. It is less about a single social score or identity registry and more about the transport layer that makes offchain claims portable.
Primus belongs in the active corpus because it sharpens an important distinction inside “proof” systems: cryptographic privacy can coexist with operational centralization in attestor whitelists, template markets, browser extensions, and TEE dependencies.
Whitepaper: No standalone Primus protocol whitepaper surfaced in this pass. The docs point instead to the team’s technical zkTLS foundation paper, Lightweight Authentication of Web Data via Garble-Then-Prove (IACR ePrint 2023/964), plus the QuickSilver paper as core technical references. See ../whitepapers/primus-primary-sources-2026-05-10.md.