Here is a small ZK selective disclosure KYC protocol we implemented for the 0x hackathon in full JS using SnarkJS.
Feel free to upvote the project and comment:
To understand what happens, please look at the console logs and download the keystore.
The link to try it out is available on the Coinlist page.
Disclose implements a Zero Knowledge selective disclosure protocol. In other words, it achieves anything a Single Sign On (Facebook Connect, Google Connect…) can do, with additional advantages . In the case of KYC, this means a User can send a proof that he/she matches the predefined requirements defined by a Smart Contract as long as they both trust the same Authority and comply with requirements defined by both parties beforehand. The goal is register once, reuse everywhere.
It works as a two-step process:
Step 1 - User KYC validation with Authority
- User goes on the Authority’s website and fills in his private info. This info can be anything required for KYC purposes. (e.g. Name, Email, proof of address, ID, picture holding ID).
- This info is computed on the client’s side and a zero-knowledge proof is generated.
- This info is sent to the Authority’s server, which validates the user (assuming the info provided is correct) and cryptographically signs part of them.
- The signed information is returned to the user in the frontend, the user then has to back it up.
Step 2 - KYC reuse with third parties
Company deploys a smart-contract with the Authority public key embed to handle its KYC
User goes on Company’s website. “Company” deals with STOs, and therefore requires KYC from its Users to enable them to use its services.
User now uses the signed information in any transaction with the company, in order to prove to the Company that he/she is compliant with the Company’s requirements.
This proof is verified by Company’s smart-contract and the transaction goes through if the User provided the Authority with all the required KYC information.
Advantages over whitelisting:
- Users’ private information is never leaked, which in turn cuts Companies’ liability costs.
- This scheme is GDPR compliant: user can manage granularly what kind of info is shared with which companies. Conversely, the Authority can revoke part, or all the clearances of the User.
- KYC can be reused across any number of companies that trust the Authority and across blockchains, a KYC that SCALES. It is Wallet independent and unlinkable. Should a KYC requirement change, the User can generate a new proof of his credentials on-the-fly, and remain compliant with all companies he/she interacts with.