Why zero-knowledge KYC doesn’t work

Blockchain technology – including zero-knowledge proofs – does not yet provide adequate solutions for identity verification.

The emergence of blockchain technology provides an opportunity to re-examine and innovate the solutions we use in our daily lives. Blockchain and, broadly speaking, the digital space driven by the AI ​​revolution have an urgent need to establish verifiable human identities to ensure trust, accountability and compliance.

There are multiple emerging technologies, both on-chain and off-chain, that can serve as the basis for a functional trust framework. In particular, one solution is often referred to as the holy grail of verification – zero-knowledge know-your-customer (zkKYC) verification.

What are zk and KYC?

ZK stands for Zero Knowledge, a cryptographic term used to create cryptographic proofs without revealing underlying confidential information. Z-based solutions pioneer online privacy protection. The blockchain industry has driven the innovation of ZK technology with its minimal transaction size and privacy-preserving features.

Related: Kraken Staking Ban Is Another Nail in Cryptocurrency’s Coffin — And It’s a Good Thing

Know Your Customer or KYC is a set of processes and procedures used by businesses to verify the identity of their customers. It is also used in the financial sector to assess any potential risks of money laundering or terrorist financing. Businesses must make an effort to understand their customers before building a relationship with them.

Why zkKYC proofs don’t work on blockchains

Zero-knowledge proofs are linked to a wallet address via a signature when created. These proofs are not publicly discoverable by design. However, when a blockchain address interacts with a public smart contract that requires such a proof, the existence of the proof becomes public, negating the privacy benefits of zero-knowledge proofs. This is due to the design of smart contracts running on a public blockchain creating a publicly discoverable list of all interacting wallets.

Wallets that have zero-knowledge proofs and do not interact with on-chain services that require such proofs avoid public disclosure of the proofs. However, this wallet can only transact with another wallet holding the proof after a pioneer interaction or intermediary involvement. The hidden nature of these proofs requires both wallets to proactively reveal their proofs to each other.

Another problem with zero-knowledge credentials that are prone to changing state over time (e.g. good standing with Know Your Customer) comes from the lack of dynamic updates in available ZK solutions. Due to the lack of continuous state validity, a wallet holding a zero-knowledge proof must generate a new proof for each on-chain interaction that requires this proof.

Notably, emerging blockchain technology advances smart contracts that support zero-knowledge, allowing interactive wallet addresses to remain private. However, even with these advanced solutions, issues surrounding the need for dynamic proofs and the inability to conduct verification-to-verification peer-to-peer transactions remain.

Do not store personal information in testimonials

Projects considering zero-knowledge proofs often consider generating these proofs about encrypted data stored on a public ledger. However, it is not recommended to store any personal information on public blockchains.

Related: Supreme Court case could kill Facebook and other social sites — allowing blockchain to replace them

These eternal ledgers are not designed for personal privacy, and for such use they are not compliant with privacy regulations such as the General Data Protection Regulation and the California Consumer Privacy Act. Some important questions have to do with the fact that even encrypted data is considered personally identifiable information. Any such information must be deleted upon request under these privacy regulations.

Since storing personal information on the blockchain further violates privacy regulations, it is not an ideal solution for storing any form of (verified) personal information on-chain.

What other solutions are there for blockchain projects?

Since each blockchain is limited to the information and data available on that given chain, builders in this space must consider other blockchain-native mechanisms. Any design of credentials that provides a compliant form must avoid privacy violations and ensure that the final infrastructure meets necessary authentication and governance requirements. Technological progress far outpaces regulatory progress; however, ignoring these rules can hinder the adoption of the technology.

Furthermore, when proofs alone are not enough and sharing of personal information between transaction participants is essential, it is recommended to rely solely on off-chain solutions. An example includes decentralized identifiers and verifiable credentials. Another option is to use off-chain zero-knowledge proofs, which provide privacy protection and are suitable for off-chain data verification.