Why zero-knowledge KYC won’t work

The advent of blockchain technology provides an opportunity to review and implement the solutions used in our daily lives. Blockchains, and more generally the digital space fueled by the AI ​​revolution, urgently need to establish a verifiable human identity to ensure trust, accountability, and compliance.

There are many new technologies, both inside and outside the network, that can serve as the basis for a functioning trust system. One solution in particular is often referred to as the holy grail of verifications — zero-knowledge Know Your Customer (zkKYC) verification.

What is zk and KYC?

ZK stands for Zero Knowledge, a cryptographic term used to create cryptographic proofs without exposing the underlying sensitive information. Z-based solutions are a pioneer in online privacy. The blockchain industry has fueled the innovation of ZK technologies due to their minimal transaction size and privacy preservation.

Kraken’s staking ban is another nail in the cryptocurrency coffin – and that’s a good thing

Know Your Customer or KYC is a set of processes and procedures that companies use to verify the identity of their customers. It is also used in the financial sector to assess any potential money laundering or terrorist financing risks. Businesses need to carefully research their customers before establishing a relationship with them.

Why zkKYC Proofs Won’t Work for Blockchains

Zero-knowledge proofs are associated with the wallet address via a signature upon creation. This evidence is not public by design. However, when a blockchain address interacts with a public smart contract that requires such a proof, the existence of the proof becomes public, negating the privacy benefits of a zero-knowledge proof. This is due to the design of smart contracts running on public blockchains that create a public list of all interacting wallets.

A zero-knowledge proof wallet that does not interact with a network service that requires such proof avoids public disclosure of the proof. However, this wallet can only transact with another proof-holding wallet after prior interaction or intermediary involvement. The covert nature of this evidence requires both wallets to disclose their evidence to each other in advance.

Another issue with zero-knowledge credentials that can change status over time (like a good Know Your Customer reputation) comes from the lack of dynamic updates in available ZK solutions. This lack of continuous status validity requires that a wallet holding a zero-knowledge proof must create a new proof for every interaction on the network where that proof is required.

It is worth noting that new blockchain technologies promote zero-knowledge smart contracts while keeping the address of the interacting wallet confidential. However, the problems associated with the need for dynamic proofs and the inability to verify peer-to-peer transactions remain relevant even with these advanced solutions.

Don’t keep personal information in evidence

Projects looking at zero-knowledge proofs often involve generating these proofs for encrypted data stored in a public ledger. However, it is not recommended to store any personal information on the public blockchain.

Supreme Court case could kill Facebook and other social media to allow blockchain to replace them

These perpetual registries are not intended for personal privacy, and for such use they do not comply with privacy regulations such as the General Data Protection Regulation and the California Consumer Privacy Act. Several significant issues are related to the fact that even encrypted data is considered personally identifiable information. Any such information must be removed upon request in accordance with this privacy policy.

Since storing personal information on a blockchain encourages non-compliance with privacy rules, it is not ideal for storing any form of (verified) personal information on the network.

What other solutions do blockchain projects have?

Due to the limitations of each blockchain being limited by the information and data available on that particular chain, developers in the field must consider other native blockchain mechanisms. Any credential design that provides a form of compliance should avoid breaches of privacy and ensure that the final infrastructure complies with necessary identity verification and regulatory requirements. Technological advances are far ahead of regulatory progress; however, ignoring these rules hinders the adoption of the technology.

In addition, when evidence alone is not enough, and the exchange of personal information between participants in a transaction is necessary, it is recommended to rely only on off-chain solutions. One example includes decentralized identities and verifiable credentials. Another option is to use offline zero-knowledge proofs, which provide privacy protection and are suitable for offline data validation.

Balazs Nemethi is the CEO of Veri Labs and co-founder of kycDAO. He is also the founder of Taqanu, a blockchain-based bank for people without an address, including refugees. He is a graduate of the Budapest University of Technology and Economics.

This article is for general informational purposes and is not intended and should not be taken as legal or investment advice. The views, thoughts and opinions expressed here are those of the author only and do not necessarily reflect or represent the views and opinions of Cryptooshala.

Credit :

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker