“As the Web3 industry matures, Zero-knowledge Know Your Customer (zkKYC) is becoming more widely discussed as a means to comply with strict financial regulations while maintaining user privacy, according to the partner of a venture capital firm” [Coghlan, J. Zero-knowledge KYC could solve the privacy vs compliance conundrum: VC partner. (Accessed October 11, 2022)].
John Henderson, a partner at Australian-based venture capital firm Airtree Ventures, speaking with Cointelegraph, believes "the successful implementation of a zkKYC system would be ‘great news for both regulators and consumers’ and could increase cryptocurrency adoption: 'Institutions and retail users are more likely to participate in DeFi if they can be confident that they are complying with their AML/CTF obligations” [Id].
Zero-knowledge Know Your Customer (KYC) systems are predicated upon the idea of a zero-knowledge proof. To foster your understanding of these concepts let’s review:
A zero-knowledge proof is a digital protocol that allows for data to be shared between two parties without the use of a password or any other information associated with the transaction. In its most basic sense, a zero-knowledge proof (also commonly referred to as ZKP) can be thought of as a protocol through which a digital authentication process can be facilitated without the use of any passwords or other sensitive data. As a result of this, no information, either from the sender’s or receiver’s end, can be compromised in any way […] Zero-knowledge proofs allow for a transfer of information to take place between two parties without the originator having to use a password or reveal any data related to him/her. This helps weed out many of the potential risks that are involved with the use of password-only authentication protocols. Additionally, ZKPs also help in bolstering the security of a person’s online payments/transactions and public cloud accounts.
[Jagati, S. Zero-Knowledge Proofs, Explained. (Accessed October 11, 2022)].
Applying the foregoing to KYC/AML/CTF, “a zkKYC system would allow users to prove certain things about themselves to service providers without having to divulge personally identifying data such as their names or identification documents. In theory, the sharing of that information would be enough to satisfy Anti-Money Laundering (AML) and Counter-terrorist Financing (CTF) regulatory requirements placed on the crypto industry” [Coghlan, supra].
Henderson explained: “[The system] involves a trusted third party validating my personal information and then issuing a cryptographic proof to my personal wallet, which I could then choose to share, or share attributes of, with financial service providers’. The benefit of such an approach is that no personally identifying information could be leaked in the event of a security breach of a service provider such as a crypto exchange, Henderson claims, with the identification documents only recoverable when required by authorities” [Id].
A system such as this would obviate the problems raised in situations such as the most recent Celsius Court Document filing. “Specifically, [t]he document contains over 14,500 pages and while addresses of customers have been redacted, it includes customer names, amounts, types, descriptions and timing of transactions on the platform, along with the United States dollar amounts and cryptocurrency type used, among other details” [Coghlan, J. Court docs reveal details about thousands of Celsius customers. (Accessed October 7, 2022)]" [Nagoda, K. No Surprise - Court Docs Show Celsius Execs Withdrew Millions Prior to the Halt.. (Accessed October 11, 2022)].
The [Celsius] user data leak has already received widespread condemnation on social media. Nick Hansen, CEO and co-founder of Luxor, said on Twitter that: ’This Celsius leak may go down as one of the greatest breaches of customer information ever.' Celsius has not provided any explanation as of yet as to why this level of information was revealed and if it was required by the court" [Firenews Admin. Bankrupt Crypto Lender Celsius Reveals Thousands of Users’ Transaction Histories in Court Filing. (Accessed October 7, 2022)]. (emphasis added)
However, there remain problems that need to be solved prior to the widespread adoption of zkKYC.
Henderson however admitted that ‘storage of sensitive information is still an unsolved problem,’ sharing two ideas on how the management of such information could take place. ‘One idea would be to have trusted entities hold identity documents off-chain and port proof of identity on-chain, without the original documents. Another idea is to sign a wallet transaction with a regulatory institution, who would then register that account with an identity.’ Despite the challenge, Henderson was adamant a zkKYC protocol will form the ‘building blocks of on-chain reputation scores’ allowing ‘more useful’ financial products and services.
[Coghlan, supra].
Henderson’s interview ended with the following post-script: “My priority is onboarding the next hundred million users to crypto,’ he said, ;If we want to achieve internet scale, we need a solution for AML/CTF compliance” [Id].
