Why zero-knowledge KYC won’t work

The emergence of blockchain technology provides an opportunity to rethink and innovate solutions used in our daily lives. Blockchains and, more broadly, the digital space powered by an artificial intelligence revolution, urgently need to establish verifiable human identities to ensure trust, accountability and regulatory compliance.

There are a number of new technologies, both on and off the chain, that can serve as the basis for a functioning trust framework. One solution in particular is often referred to as the holy grail of verifications – zero-knowledge Know Your Customer (zkKYC) verification.

What is zk and KYC?

ZK stands for zero-knowledge, a cryptographic term used to create cryptographic proofs without revealing the underlying confidential information. Z-based solutions are ground-breaking privacy protection across the entire web. The blockchain industry drove the innovation of ZK technologies due to their minimal transaction size and privacy-preserving nature.

Related: Kraken staking ban is another nail in crypto’s coffin – And that’s a good thing

Know Your Customer, or KYC, is a set of processes and procedures companies use to verify their customers’ identities. It is also used in the financial sector to assess potential risks of money laundering or terrorist financing. It is a requirement for businesses to thoroughly understand their customers before establishing a relationship with them.

Why zkKYC proof won’t work for blockchains

Zero-knowledge proofs, when created, are linked to a wallet address through a signature. This evidence is not publicly visible by design. However, when a blockchain address interacts with a public smart contract that requires such a proof, the proof’s existence becomes public, negating the privacy benefits of a zero-knowledge proof. It is due to the design of smart contracts that run on public blockchains that create a publicly discoverable list of all interacting wallets.

A zero-knowledge proof wallet that does not interact with an on-chain service that requires such a proof avoids public disclosure of the proof. Nevertheless, this wallet can only transact with another proof-holding wallet after a precursor interaction or involvement of an intermediary. The hidden nature of these proofs requires both wallets to disclose the proofs to each other proactively.

Another problem with zero-knowledge credentials that are prone to change status over time (such as Know Your Customer good standing) arises from the lack of dynamic updates in available ZK solutions. This absence of continuous state validity necessitates that the wallet holding a zero-knowledge proof must produce a new proof for each chain interaction where this proof is needed.

It is worth noting that new blockchain technologies promote zero-knowledge enabled smart contracts, keeping the interacting wallet address private. However, the issues surrounding the need for dynamic proofs and the inability for verified-to-verified peer-to-peer transactions remain relevant even with these advanced solutions.

Do not store personal data in a proof

Projects that consider zero-knowledge proofs often consider producing these proofs of encrypted data stored in a public ledger. However, storing personal information on a public blockchain is bad.

Related: A Supreme Court case could kill Facebook and other social media – allowing blockchain to replace them

These perpetual ledgers are not designed for privacy and for such use do not comply with privacy regulations such as the General Data Protection Regulation and the California Consumer Privacy Act. A few significant issues are related to the fact that even encrypted data is considered personally identifiable information. All such information must be deleted upon request in accordance with these privacy regulations.

Because storing personal information on a blockchain promotes non-compliance with privacy regulations, it is not an ideal solution to store any kind of (verified) personal information on the chain.

What other solutions do blockchain projects have?

Due to the limitations that each blockchain is limited to the information and data available on that given chain, developers in the space must consider other native blockchain mechanisms. Any credential design that provides some form of compliance must avoid privacy violations and ensure that the final infrastructure meets the necessary identity verification and regulatory requirements. Technological advances far outpace regulatory advances; However, ignoring these rules hinders the technology’s use.

In addition, when evidence alone is insufficient, and the sharing of personal information between the participants of a transaction is essential, it is recommended to rely only on off-chain solutions. An example includes decentralized identifiers and verifiable credentials. Another option is to use off-chain zero-knowledge proof, which provides privacy and is suitable for off-chain data verification.

Balázs Némethi is the CEO of Veri Labs and one of the founders of kycDAO. He is also the founder of Taqanu, a blockchain-based bank for people without an address, including refugees. He is a graduate of the Budapest University of Technology and Economics.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed herein are those of the author alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *