Paper: zkKYC - A solution concept for KYC without knowing your customer, leveraging self-sovereign identity and zero-knowledge proofs

TLDR:

zkKYC presents an alternative solution concept for KYC, one that is more human-centred, does not rely on upfront sharing of personal information with businesses and still enables a customer to be identified if and when that is required. To achieve this outcome, it leverages self-sovereign identity and zero-knowledge proofs, together with proper ecosystem design.

Core Research Question

How can we remove the need for customers to share any personal information with a regulated business for the purpose of KYC, and yet provide the transparency to allow for a customer to be identified if and when that is ruled necessary by a designated governing entity (e.g. regulator, law enforcement)?

Citation

Pauwels P., “zkKYC: A solution concept for KYC without knowing your customer, leveraging self-sovereign identity and zero-knowledge proofs”, July 2021, ia.cr/2021/907

Background

Privacy is a multifaceted topic and exists on a continuum. Some people are very protective of their privacy, even at a high cost. Others care very much in principle, but easily trade off their privacy for the benefit of convenience. Wherever one sits on this spectrum, it is obvious that privacy is typically a matter of trade-offs. At times transparency is required for regulatory reasons (e.g. to fight money laundering and terrorist financing) or for the greater good (e.g. medical research) and sharing personal information is considered an acceptable and necessary sacrifice. Simultaneously maximising privacy and transparency is the challenge for legislators, regulators, thought leaders and for each of us as individuals in our daily choices.

Summary

• Businesses that are subject to AML/CTF regulation must meet their KYC obligations. In this context, to establish and verify a customer’s identity, the customer is currently required to share personal information with these businesses. This creates a Pareto dominated situation where a customer’s privacy is typically traded off for the mandated transparency requirements. In addition, this privacy erosion also reduces the security and safety of the customer as shared personal information can be passed on or stolen and used against the best interest of the customer (e.g. identity theft).
• Recent innovations in self-sovereign identity and zero-knowledge cryptography, along with smart ecosystem design, allow for a novel approach to KYC that protects the customer’s privacy without reducing transparency. The proposed solution concept, zkKYC, removes the need for the customer to share any personal information with a regulated business for the purpose of KYC, and yet provides the transparency to allow for a customer to be identified if and when that is ruled necessary by a designated governing entity (e.g. regulator, law enforcement, community governance council/DAO).
• A customer can privately prove they meet the eligibility criteria set by the business (or its regulator) such as domestic residency, minimum age requirement, no presence on sanctions list … all without disclosing any personal identifiable information as such. A designated ecosystem governance authority can however reveal the identity of an individual, but only when multiple parties (i.e. verifier and issuer) are agreeing to the need to do so and actively collaborate to such request. This makes identification at scale very hard by design, to make sure this effort is only focused on those events where it is absolutely required; on identifying bad actors.
• In summary, zkKYC breaks the traditional privacy vs. transparency trade-off and provides structured transparency, resulting in a net positive outcome for all parties involved.

Applicability

As zkKYC is built on top of a decentralised (self-sovereign) identity model, it is well suited to be applied for decentralised KYC. The obvious candidate use case for this is Decentralised Finance (DeFi).

SCRF Presentation material on zkKYC used during community call 22 September 2021:
zkKYC-SCRF-v0.01.pdf (710.8 KB)

@darco Thanks for a fascinating research summary. I’ve seen the presentation you provided and the architecture of the solution certainly seems more elegant and useful that the current approach.

Question: How would this become widely available — i.e., for “free” or for profit?

Welcome to the Forum, @darco. This is a great addition to our Privacy category, thank you so much for posting it! I understand that this is your own paper, so I’d be really interested to hear about your background as a researcher, and how you came up with this idea – where you working on similar projects in the past or is this an entirely new idea?

Hi @darco,
Thank you for contributing. I’m curious what roadblocks to the inclusion of zkKYC in organizational structures as opposed to just “standard” KYC measures?

Also, if companies begin to adopt this solution for data minimization, would it become easier for them to adhere to regulations such as the GDPR in Europe or other burgeoning versions of data protection regulations in other world powers such as India?

Hey @darco - Is there a way to reuse the verifier’s work? Suppose I did my KYC in the first bank, then went I visit the second bank, is there a way for them to not conduct KYC by themselves, and just quote the work done by the first bank?
I’m thinking that in this way, we would be taking advantage of blockchain’s strength in enabling people to share and update information smartly.

@darco First, thank you for the excellent work, I really appreciate your efforts on protecting people’s privacy and preventing mass data leakage!

I’m just here to raise an example on how to make government more likely to accept our “GIP, Government Improvement Proposal”.

First, this is a civili hacking group in Taiwan, which held hackathons periodically. Instead of introducing it formally, I’ll tell a story and you’ll soon find out how our government started to embrace the projects generated here.

In the beginning, it’s a bunch of geeks who wanted to build a better UI/UX to better represent government’s open data visually. It was: housing sales price data, court’s judgement data, traffic ticket data, or tax/household income data…

And of course the news started to pick up projects, some misunderstandings from gov side also appeared “You’re accessing our data illegally.” Ppl started to realize that their work are being used, not just some hacky incomplete projects. Something like a diaster map(typhoon, flooding, etc) were also generated, and even used by the commanding center in the governement. (better UI/UX than internal system and whiteboards)

The key takeout here is: even if the participants of the civil hackathon are decentralized, by having a regular hackathon schedule and a person/a placeholder org, where media and gov can contact - it forced the voted politicians to pressure government employees to understand such organization/hackathon, and their projects/mandates, etc.

Later, ppl starting to realize that it’s not enough to reinvent needs for your customer if you were never one of them. Some of the projects are for usual people, and this is still ok cause we are all users to such project.
However, in order to increase the leverage of the projects - there must be some projects that focused on improving government’s internal system and framework.

So here comes a big one…spiler alert: some of them joined the government temporarily, and accepted a huge paycut (for the public!).

and its repo:

Civil hacking is not a new thing, IRRC there’s one in the UK, in Singapore, and in the Baltic states.

Back to our main topic here: how can we make government accept this seemingly radical new paradigm of KYC?

My answer will be: do it in a non-profit way, and do it frequently. After you’ve gain that moral highground and news coverage…government and private sectors will contact you automatically, without the need to even persuade them.

This may sound VERY farfetched - and it indeed is.
We, as blockchain ppl, are essentially educating people of a new set of framework/paradigm. You never expect the time scale to be small…it’s 3yrs+. It’s also the same to educate government bureaucrats. And you better do it in a non-profit way so that ppl won’t question your motivation. (don’t worry about the competitors, trust me)

Of course this is just one way of doing it…however it’s the most efficient way as far as I know - step by step.

Hope that we won’t have another equifax data leak, and we can all have a future with kyc protected by zk primitives!

Hi @rlombreglia, thanks for your feedback!
A good question (i.e. also a “hard” one). This is obviously an ecosystem play. I mean that not one party can build something and then can sell it. By nature this is a multi-actor ecosystem. However, I think you can start small where, for example, 1 party can take up multiple roles. This can help to get people used to the concept, and then gradually grow and extend.
Regarding for “free” or for “profit”, there is a certain incentive model that is required:

• Issuers must be incentivised to perform high-quality identification of the Holder prior to issueing them credentials. This effort must somehow be rewarded.
• Similarly, Verifiers would very much benefit from reliance on high-quality credentials from trusted issuers. Being able to rely on them without having to build extensive identity verification capabilities themselves, is valuable, so worthy a fee.
• Last, parties that build these technology solutions would have to be compensated too for their effort and support.

All this makes it clear that some kind of commercial model is required, but it should be fair, balanced and proportionate. Otherwise the ecosystem is out of balance and it will collapse. Tricky but worth pursuing, I would argue.

Thanks @jmcgirk!
I have been working on some Digital Identity related initiatives in the past few years, with a particular interest in the Self-Sovereign Identity model as well a strong passion for Privacy Enhancing Technologies that I believe are very necessary in our increasingly digital world.
Having worked in a regulated industry (Finance/Banking) before, I observed that even with DI and SSI, we still had to share personal information at many businesses we interact with and in my personal time I started thinking if (and how) there could be a way to avoid that from happening, but at the same time adhere to some principles such as

• Issuers not knowing where you use your credentials,
• An individual’s interactions across Verifiers should not be correlatable (i.e. a different pseudonym for each relationship)

I loved the challenge of solving that “puzzle”, just for myself - feeding my curiosity. It was a long journey in my time off, with different ideas popping up (and being squashed). The hardest part was finding a way to hide who you were, yet providing a way for your identity to be revealed - especially if you were a bad actor (i.e. you would be dishonest). The Zero-Knowledge Proof technology is critical for this - you can hide, but not cheat.
Once that became clear to me, I made it a personal project to structure and document this, hoping it might demonstrate and inspire people to consider alternative ways of doing what we have been doing for a while.

Hi @shoule!
Great question re: the roadblocks to adoption of zkKYC. The biggest challenge I see is regulation. It would be valuable for regulators to clarify that for purpose of KYC (AML/CFT) an organisation can rely on cryptographic proofs based on credentials issued by third parties, without collecting personal information themselves. The lack of clarity on this topic will hold many organisations back from considering this.
Also for regulators themselves, it will be a journey to get comfortable with such new technologies.
Last, the ecosystem design of zkKYC also assumes that parties that take up the ‘Government’ role have a Digital Identity (i.e. a DID identifier with associated pub/private key). This is also something that I think will take some time to realise.
Regarding your question on GDPR, absolutely! It is a great motivation for businesses to switch to a zkKYC-style approach. Solely being able to rely on cryptographic proofs and seemingly random tokens that are specific for your business only (i.e. no incentive to get hacked to steal them) is potentially very valuable: reduced cost, risk and liability exposure.

Hi @Twan! Great question.
The short answer is Yes! See the concept of ‘KYC Issuers’ at the end of the paper (p.15). I can imagine that you go through full KYC verification at a regulated business (e.g. bank, KYC provider …) and then that business issues you (Holder) a ‘KYC Credential’. You can then use that KYC Credential to onboard at other Verifiers (businesses).
This is also a good example of how 1 party that takes up the role of Verifier in one context, can play the role of Issuer in another. Great illustration of the difference between Parties vs. Roles.
I hope that answers your question.

Hi @Jerry_Ho, thank you so much for your feedback. I appreciate it a lot and it gives me something to think about, thanks! I am aware of the digital innovation that has been introduced in the public governance process in Taiwan. It is truly inspirational. Any lessons learned from that experience are definitely worth considering! As any type of “revolution” of how things are done typically, it usually happens from the edges inward (and rarely from the centre outward). I agree that step by step, bit by bit, is the right approach. You implement it in smaller ecosystems, for free, and let the benefits demonstrate themselves, it is indeed the best possible sales pitch!
Therefore, I think that in crypto/DeFi/… there are unique opportunities to leverage the zkKYC approach (I’m actually in the process of finishing a follow-up paper that focuses on an approach to implement zkKYC in DeFi). Crypto/DeFi is greenfield and has specific characteristics (e.g. the inability to store personal information) that would make for a suitable environment for zkKYC. I’m not arguing for KYC in DeFi, but merely that IF a DeFi project would consider KYC, THEN zkKYC might be a very suitable approach. This can also be helpful to inform and assure regulators that are looking at this space.
It is a fascinating time and I like discussing the options to break the transparency vs. privacy trade-off. With modern technologies we can rethink our assumptions, rewrite the rules and redefine what is acceptable.

@darco: Thanks for your reply to my hastily stated question. I agree with your points about a multi-actor ecosystem, and the need for a fair, balanced and proportionate solution.

Obviously, individual actors (issuers, verifiers, developers) deserve to be compensated for any value they add. The potential problem, especially with issuers and verifiers, is monopolistic control. But this is possibly a non-issue in a genuinely decentralized system.

What do you think?

@darco thanks again for bringing this project to us, and being so generous with your time in answering our questions here. One of the reasons that the Smart Contract Research Forum exists is to connect engineers, systems architects and academics together. With that in mind, are there any technical or research obstacles that you face right now that you’d like to ask the community about? If you’d like to see an example of how another researcher brought an issue to the SCRF community, please visit Deep Diving into PRBMath, a Library for Advanced Fixed-Point Math

Hi @rlombreglia, I think you touch on a great and important point here. I believe this is the difference between technology design and governance design. We can design the technology such that it is decentralised, but when the governance of the services/solutions on top of this decentralised technology is centralised and favours monopolistic powers to particular actors, then we have gained only a part of what is possible.
Verifiers are in theory permissionless in zkKYC, i.e. anyone can stand up and perform this role. For Issuers, this is rather different - those are the parties that are fundamentally trusted authorities. Verifiers will not accept proof of credentials from just any Issuer, but only from highly trusted Issuers, Issuers that have a proven high level-of-assurance (LoA) of their identification processes (see NIST Special Publication 800-63-3 for IAL, as well as AAL and FAL) prior to issuing verifiable credentials to the Holders.
There is a risk that this reduces the number of such Issuers and that we see “centralisation” here, “gatekeepers” appearing. If Holders must get a credential from a specific Issuer in order to participate in the ecosystem, then we have still a sense of centralised gatekeepers. That is why a healthy ecosystem relies on a diverse and wide set of trusted Issuers. Some of them could focus on non-traditional forms of identification, in order to establish inclusiveness and minimize the chance of excluding people from participating in this digital ecosystem. I would say that ecosystem governance has a strong role to play here, to make sure these objectives are met and we avoid centralised gatekeepers.

Thanks so much @jmcgirk! I appreciate the welcome reception of the RSCF community, the curiosity and support. At the moment I have no particular plans to implement this solution, or research specific implementation challenges. Given the real-time interaction pattern for Holders, I can imaginen that finding and optimising the best suitable ZKP system for generating the Validity Proof is an interesting challenge. There are many varieties, with lots of innovations happening over the last few years. I believe the focus would be on speed of proof generation and verification, not the proof size as such. That is a possible interesting next topic to research.

@Darco Thank you so much for a wonderful piece. The solution of privacy with transparency will be highly advantageous in this new web3.0 world. The KYC/AML/CFT requirements have thrived due to the prevalence and consequences of acts such as fraud, hacking, terrorism and the like. The concept of zkKYC extends the Self-Sovereign Identity (SSI) model, and allows data to be controlled (as the increased value of it has been realized). Removing third parties, and putting the user in control of their identity information will solve a number of privacy issues, as highlighted in the article. My concerns while reading, surrounded the monopoly that could be enjoyed by the Issuer and the Government (abuse of decryption power). You however allayed my fears with the proposition of the threshold cryptosystem by building in additional security of multi-person access before the use of private keys to access and decrypt the zkKYC. The issuers on the other hand seem to still enjoy some monopoly. How do we go about reducing that loophole? Could a hybrid decentralized approach work? I know you are working on research with the zkKYC token and its operability with DeFi.

Hi @LTTOguns, thanks for your thoughtful feedback! I much appreciate it. In addition to the threshold cryptosystem, I also want to note that Government needs multiple parties to collaborate to be able to reveal someone’s identity. First they need a Verifier to agree to share with them a zkKYC token. Then, assuming they pass the threshold to decrypt the token, Government also requires the specific Issuer to share the (personal) information associated to a Decentralised Identifier (i.e. DID(HI)) that they revealed after decrypting a zkKYC token. This makes a total of 2 parties (outside of Government) to collaborate with them in order to reveal 1 person’s identity. While this is all easier to accomplish in a digital world with automation and APIs and stuff, I believe it introduces multiple opportunities to check the legitimacy of such a request and mitigates the risk for large scale identification of individuals.
To your second point, the monopoly by Issuers; that is a valid concern indeed. This can be mitigated by standardising levels of assurance for identification, so that multiple types of parties are able to issue (and be trusted to do so correctly) verifiable credentials that describe certain attributes of the Holder. While the SSI model is decentralised, there is a fundamental trust axis between Verifiers and Issuers. Verifiers need to know and trust the Issuers, they have to be reputable and trusted authorities in their field. Otherwise the trust that can be put in the credentials they issue is limited. I can only think of standards and accredation processes to broaden the set of trusted Issuers and address the risk of centralisation or even monopoly. We see the rise of Trust or Digital Identity Frameworks pop up, which aim to standardise these processes, in order to have multiple Issuers onboard in the ecosystem. Last, the commercial model should incentivise Issuers to step up and participate. Considering their critical role, they should be rewarded for the value they contribute or else the system is not sustainable.
Keen to hear your thoughts on this.

For more information about zero knowledge and its applications, please visit SCRF’s zero knowledge tag. You’ll find a detailed breakdown of REDSHIFT, by @Sean1992076 explaining how the tech uses list polynomial commitments; there’s also @Jerry_Ho’s summary of Impact Award-winner @Ariel_Gabizon’s PlonK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge ; @jasonanastas’ discussion about Zero Knowledge Proofs - an ethics perspective, @tina1998612’s summary of Zerocash’s 2014 Zerocash: Decentralized Anonymous Payments from Bitcoin and many more!

@darco was kind enough of to give us a presentation of this paper during one of our Community Calls. If you get a chance, be sure to check another paper of his that has just come out in the most recent Research Pulse which proposes an AML/KYC verification system that could be layered atop DeFi decentralized exchanges. @Twan @Jerry_Ho @LTTOguns – you had some terrific questions, perhaps you’d consider extending the dialog to his latest piece?