Dusk Network presents Citadel, a zero-knowledge proof KYC solution where users and institutions are in control of sharing permissions and personal information. The framework can be used for all claim-based KYC requests and puts users in total control of what information they are sharing and with whom while being completely compliant and private at the same time.
After months of research and submitting the official paper to arXiv, Citadel finally launches. It is one of the first decentralized Know Your Customer (KYC) solutions focusing on the financial ecosystem, that invites institutions to use the technology for cost-reducing compliance. As the user is in charge of their own data, it isn’t necessary to do KYC with service providers that have already been used. Or for example, multiple KYC processes for the trade of one asset.
How does it work
Dusk Network is the first to integrate zero-knowledge technology KYC in a Layer-1 (L1) blockchain. It is a key feature of Dusk itself to implement it in its privacy-preserving protocol. Using the Citadel framework, an entity that is able to handle private information - for example, the company Dusk who is compliant with all necessary regulations and is allowed to handle private information, or a company that is verified to do KYC on behalf of institutions - can provide a list of requirements for their KYC verification. The user who needs to complete the KYC is able to provide the necessary information, share how long their information can be stored and can withdraw access to their data. The company will authenticate the data, which will be privately stored in the Dusk blockchain. To simplify: it is using non-fungible token (NFT) technology, where instead of an art piece, a license is created.
If you open a bank account, you need to KYC and share personal information with your bank. If you then decide to do stock trading, you'll need to open an account with a brokerage service, where you will also have to do KYC/Anti-Money Laundering (AML). You will either have to share the same information with them or your bank will provide it to them. If you buy a house and get a mortgage, you will also have to offer a lot of KYC/AML/personal information. All these players will keep your information and store it, which both has a big impact on your privacy and puts you at risk of data leakage. Instead, if you use Citadel, you would store your data with one party who is only able to store and verify data, and other services can opt to accept the licenses and use that as KYC/AML proof.
This significantly reduces risk and privacy exposure. In a fully on-chain world, you can buy regulated assets simply by providing a license that you're in compliance with the requirements of the trading platform. You can borrow money from a lending service by providing a license that meets their KYC and AML requirements. You can loan out money and get yield, simply by providing the license. No need to share personal information with the three parties. For safety measures, a quarterly confirmation of the correctness of all the provided data in the license could help data stay up to date.
Banks and financial institutions are often complaining that new regulations like the Travel Rule and other Anti-Money Laundering measures are costly operations, costs that are also charged to the customer. The processes to meet the requirements are tedious, time-consuming, and involve many unnecessary parties, making the process even more challenging. Citadel as an SSI protocol can provide the basis for a KYC service that could eliminate the need for financial institutions to do KYC/AML themselves and/or with third parties. It can significantly reduce the cost of gathering, protecting, and renewing client information. A KYC provider built on Citadel will speed up processes and information is always up to date, real-time accessible, and privacy-preserving. With Citadel, the client will be fully in charge of their own details, without unnecessary information duplication and a reduced risk of information leakage.
Next to digital identity verification like in the use case above, Citadel can be used for privacy-preserving transactions and global compliance.
This is just one way that Citadel can be used. Citadel offers much more than can be described in a single article, so expect more information and use cases in the future.
Citadel offers access to services without having to share personal data or information. This is practical, efficient, and preserves privacy for users. We’re so used to having to share and expose our personal data to gain access to services that it’s hard to imagine not needing to do this.
It has benefits for companies and provides relief from GDPR which is currently a heavy burden for companies to bear. By allowing users to access services and membership etc without sharing their identity or data, there is nothing that needs to be “forgotten” to comply with GDPR. This will be a huge relief for companies operating in the EU.
It offers protection from hacks and data leakages. From LastPass to Celsius to the countless hacks and leaks you won’t have heard of, companies simply won’t have this data so there’s nothing to hack. This is good for institutions as it makes them more secure and is good for users who don’t have to trust a 3rd party to look after their most important data.
Citadel changes the relationship between users and providers and eliminates the need to swap your identity for access, and the security and management needed to keep that identity private. And it does so in a way that is compliant to regulations, providing a real and necessary solution to the challenges users and companies face, and will continue to face as more and more parts of life go online.