Why zero-knowledge KYC won’t work

Blockchain technology — including zero-knowledge proofs — doesn’t yet provide adequate solutions for identity verification.

The emergence of blockchain technology presents an opportunity to reexamine and innovate solutions used in our day-to-day life. Blockchains and, broadly speaking, the digital space fuelled by an artificial intelligence revolution urgently need to establish verifiable human identities to ensure trust, accountability and regulatory compliance.

There are a variety of emerging technologies, both on- and off-chain, that could serve as the basis for a functioning trust framework. One solution, in particular, is often referred to as the holy grail of verifications — zero-knowledge Know Your Customer (zkKYC) verification.

What are zk and KYC?

ZK stands for zero-knowledge, a cryptography term used to create cryptographic proofs without revealing the underlying confidential information. Z-based solutions are pioneering privacy across the web. The blockchain industry fueled the innovation of ZK technologies due to their minimal transaction size and privacy-preserving nature.

Related: Kraken staking ban is another nail in crypto’s coffin — And that’s a good thing

Know Your Customer, or KYC, is a set of processes and procedures businesses use to verify their customers’ identities. It is also used in the financial sector to assess any potential risks for money laundering or terrorism financing. It is a requirement for businesses to diligently understand their customers before establishing a relationship with them.

Why zkKYC proofs will not work for blockchains

Zero-knowledge proofs, when created, are linked to a wallet address through a signature. These proofs are not publicly discoverable by design. Yet when a blockchain address interacts with a public smart contract that requires such a proof, the proof’s existence becomes public, negating the privacy benefits of a zero-knowledge proof. It is due to the design of smart contracts running on public blockchains that create a publicly discoverable list of all interacting wallets.

A wallet with zero-knowledge proof that does not interact with an on-chain service that requires such a proof avoids the public disclosure of the proof. Yet this wallet can only transact with another proof-holding wallet following a precursor interaction or the involvement of an intermediary. The hidden nature of these proofs requires both wallets to reveal their proofs to one another proactively.

Another issue with zero-knowledge credentials that are prone to change status over time (such as a Know Your Customer good standing) arises from the lack of dynamic updates in available ZK solutions. This absence of continuous status validity necessitates that the wallet holding a zero-knowledge proof will be required to produce a new proof for every on-chain interaction where this proof is required.

It is worth noting that emerging blockchain technologies advance zero-knowledge-enabled smart contracts, keeping the interacting wallet address private. However, the issues around the need for dynamic proofs and the inability for verified-to-verified peer-to-peer transactions remain relevant even with these advanced solutions.

Do not store personal information in a proof

Projects considering zero-knowledge proofs often contemplate producing these proofs about encrypted data stored on a public ledger. However, it is ill-advised to store any personal information on a public blockchain.

Related: A Supreme Court case could kill Facebook and other socials — Allowing blockchain to replace them

These eternal ledgers are not designed for personal privacy, and for such use, they are not compliant with privacy regulations such as the General Data Protection Regulation and California Consumer Privacy Act. A few significant issues relate to the fact that even encrypted data is considered personally identifiable information. Any such information must be deleted upon request according to these privacy regulations.

Because storing personal information on a blockchain furthers non-compliance with privacy regulations, it is not an ideal solution for storing any form of (verified) personal information on-chain.

What other solutions do blockchain projects have?

Due to the limitations that each blockchain is limited to information and data available on that given chain, builders in the space must consider other blockchain native mechanisms. Any credential design that provides a form of compliance must avoid privacy violations and ensure that the final infrastructure meets the necessary identity verification and regulatory requirements. Technology advancements far outpace regulatory progress; however, disregarding these rules hinders the technology’s adoption.

In addition, when proofs alone are insufficient, and personal information sharing between the participants of a transaction is essential, relying only on off-chain solutions is advised. One example includes decentralized identifiers and verifiable credentials. Another option is to employ off-chain zero-knowledge proofs, which provide privacy protection and are suitable for off-chain data verification.

Balázs Némethi is the CEO of Veri Labs and a co-founder of kycDAO. He is also the founder of Taqanu, a blockchain-based bank for people without addresses, including refugees. He’s a graduate of the Budapest University of Technology and Economics.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Leave a Reply

Your email address will not be published. Required fields are marked *