Why zero-knowledge KYC won't work

Published at: Feb. 15, 2023

The emergence of blockchain technology presents an opportunity to reexamine and innovate solutions used in our day-to-day life. Blockchains and, broadly speaking, the digital space fuelled by an artificial intelligence revolution urgently need to establish verifiable human identities to ensure trust, accountability and regulatory compliance.

There are a variety of emerging technologies, both on- and off-chain, that could serve as the basis for a functioning trust framework. One solution, in particular, is often referred to as the holy grail of verifications — zero-knowledge Know Your Customer (zkKYC) verification.

What are zk and KYC?

ZK stands for zero-knowledge, a cryptography term used to create cryptographic proofs without revealing the underlying confidential information. Z-based solutions are pioneering privacy across the web. The blockchain industry fueled the innovation of ZK technologies due to their minimal transaction size and privacy-preserving nature.

Related: Kraken staking ban is another nail in crypto’s coffin — And that’s a good thing

Know Your Customer, or KYC, is a set of processes and procedures businesses use to verify their customers’ identities. It is also used in the financial sector to assess any potential risks for money laundering or terrorism financing. It is a requirement for businesses to diligently understand their customers before establishing a relationship with them.

Why zkKYC proofs will not work for blockchains

Zero-knowledge proofs, when created, are linked to a wallet address through a signature. These proofs are not publicly discoverable by design. Yet when a blockchain address interacts with a public smart contract that requires such a proof, the proof’s existence becomes public, negating the privacy benefits of a zero-knowledge proof. It is due to the design of smart contracts running on public blockchains that create a publicly discoverable list of all interacting wallets.

A wallet with zero-knowledge proof that does not interact with an on-chain service that requires such a proof avoids the public disclosure of the proof. Yet this wallet can only transact with another proof-holding wallet following a precursor interaction or the involvement of an intermediary. The hidden nature of these proofs requires both wallets to reveal their proofs to one another proactively.

Another issue with zero-knowledge credentials that are prone to change status over time (such as a Know Your Customer good standing) arises from the lack of dynamic updates in available ZK solutions. This absence of continuous status validity necessitates that the wallet holding a zero-knowledge proof will be required to produce a new proof for every on-chain interaction where this proof is required.

It is worth noting that emerging blockchain technologies advance zero-knowledge-enabled smart contracts, keeping the interacting wallet address private. However, the issues around the need for dynamic proofs and the inability for verified-to-verified peer-to-peer transactions remain relevant even with these advanced solutions.

Do not store personal information in a proof

Projects considering zero-knowledge proofs often contemplate producing these proofs about encrypted data stored on a public ledger. However, it is ill-advised to store any personal information on a public blockchain.

Related: A Supreme Court case could kill Facebook and other socials — Allowing blockchain to replace them

These eternal ledgers are not designed for personal privacy, and for such use, they are not compliant with privacy regulations such as the General Data Protection Regulation and California Consumer Privacy Act. A few significant issues relate to the fact that even encrypted data is considered personally identifiable information. Any such information must be deleted upon request according to these privacy regulations.

Because storing personal information on a blockchain furthers non-compliance with privacy regulations, it is not an ideal solution for storing any form of (verified) personal information on-chain.

What other solutions do blockchain projects have?

Due to the limitations that each blockchain is limited to information and data available on that given chain, builders in the space must consider other blockchain native mechanisms. Any credential design that provides a form of compliance must avoid privacy violations and ensure that the final infrastructure meets the necessary identity verification and regulatory requirements. Technology advancements far outpace regulatory progress; however, disregarding these rules hinders the technology’s adoption.

In addition, when proofs alone are insufficient, and personal information sharing between the participants of a transaction is essential, relying only on off-chain solutions is advised. One example includes decentralized identifiers and verifiable credentials. Another option is to employ off-chain zero-knowledge proofs, which provide privacy protection and are suitable for off-chain data verification.

Balázs Némethi is the CEO of Veri Labs and a co-founder of kycDAO. He is also the founder of Taqanu, a blockchain-based bank for people without addresses, including refugees. He’s a graduate of the Budapest University of Technology and Economics.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Tags
Law
Kyc
Related Posts
Ethereum’s Merge will affect more than just its blockchain
As with many things in life, events are not siloed. When any type of event or action occurs, planned or unplanned, it causes changes and reactions to surrounding components. Think of a stone thrown into a pond creating ripples in the water while also altering the aquatic environment below the surface. This school of thought can also be applied to the Ethereum Merge. The Ethereum blockchain, with its native coin Ether (ETH), is a pillar of the crypto asset industry — an industry that has become increasingly mainstream with each passing year. Ether is the second most popular altcoin, with …
Technology / Sept. 14, 2022
Developers could have prevented crypto's 2022 hacks if they took basic security measures
Users losing funds due to malicious activity is hardly unknown on Ethereum. In fact, it is the very reason researchers recently developed a proposal to introduce a type of token that is reversible in the event of a hack or other unsavory behaviors. Specifically, the suggestion would see the creation of an ERC-20R and ERC-721R, which would be modified versions of the standards that govern both regular Ethereum tokens and nonfungible tokens (NFTs). The premise goes like this: this new standard would allow users to make a “freeze request” on recent transactions that would lock those funds until a “decentralized …
Technology / Nov. 13, 2022
Programming languages prevent mainstream DeFi
Decentralized finance (DeFi) is growing fast. Total value locked, a measure of money managed by DeFi protocols, has grown from $10 billion to a little more than $40 billion over the last two years after peaking at $180 billion. The elephant in the room? More than $10 billion was lost to hacks and exploits in 2021 alone. Feeding that elephant: Today’s smart contract programming languages fail to provide adequate features to create and manage assets — also known as “tokens.” For DeFi to become mainstream, programming languages must provide asset-oriented features to make DeFi smart contract development more secure and …
Technology / Nov. 25, 2022
A Supreme Court case could kill Facebook and other socials — allowing blockchain to replace them
The internet — arguably the greatest invention in human history — has gone awry. We can all feel it. It is harder than ever to tell if we are engaging with friends or foes (or bots), we know we are being constantly surveilled in the name of better ad conversion, and we live in constant fear of clicking something and being defrauded. The failures of the internet largely stem from the inability of large tech monopolies — particularly Google and Facebook — to verify and protect our identities. Why don’t they? The answer is that they have no incentive to …
Technology / Dec. 10, 2022
zkEVM could be the endgame for blockchain infrastructure
Very few projects have come close to matching the security and decentralization of the Ethereum network. However, the inherent overhead of maintaining these two critical features has left Ethereum burdened by low throughput and prohibitively high costs. As a result, alternative layer-1 blockchains (L1s) — which normally sacrifice security and decentralization to provide scale — have emerged to nip away at Ethereum’s market share. However, with Ethereum Virtual Machine (EVM)-equivalent scaling solutions bringing high throughput and low transaction fees to Ethereum itself, the question is: Do we really need these alternative L1 networks? Despite a rocky year for the industry, …
Technology / Dec. 21, 2022