The Art of Knowing Your Client Without Knowing Your Client: Zero-Knowledge Proofs, KYC, and Automated Compliance
By Jade Doherty

Feb 07, 2023 - London

With the recent launch of Citadel, Dusk’s bespoke KYC/AML solution that incorporates zero-knowledge proofs, digital self-sovereign identity, and automated compliance to regulations, we wanted to share more about why this tool is necessary and what it will allow. If you’d like to read more about how it works on a technical level please see this article, and if you’d like to read the press release you can find it here.

Mass adoption; Beyond UI/UX

As cryptocurrencies and blockchain technology move towards mainstream adoption, we find that we come up against many challenges, a lot of which are complex to solve and may have unforeseen and detrimental side effects.

While it can be easy (and tempting!) to think that mainstream adoption is a question of improving the UI/UX so that “your parents can use it”, this is actually an oversimplification of what is required. Many moving pieces need to be sorted out in order to stimulate a transition of the broader economy to a decentralized paradigm. Although important, the UI/UX aspect is still just one piece of the puzzle.

Today, let’s consider another fundamental piece of the adoption puzzle: KYC/AML compliance, and how Dusk is approaching and solving his many challenges.

What are KYC and AML, and why do they matter?

“KYC” stands for “know your client” while “AML” means “anti-money laundering”.

KYC refers to the requirements placed on banks and financial institutions to know who their client is, that is to know and be able to verify their identity, while AML refers to the legal infrastructure aimed at stopping money laundering and the illegal use of funds.

We’ve all submitted ourselves to these checks, and upon successful verification we were granted access to the (financial) services we set to use, from centralized exchanges (CEX), to open a bank account.

The hallowed ground of mass adoption requires crypto/blockchain to interact with mainstream, institutional organizations. Traditional financial institutions operating in heavily regulated spaces cannot do business without effective KYC/AML procedures. So, if crypto wants to interact with these institutions, we will have to find a way to meet these requirements. While you still might use a decentralized exchange or dApp without needing to KYC and might have multiple wallets with no KYC, at the point of interacting with regulated assets, we will need to comply with their regulations, including KYC/AML.

But I don’t like KYC or AML!

Well… a lot of people don’t. But, mass adoption doesn’t just mean the masses adopting crypto, it also means crypto adopting (or adapting) to the masses. We won’t get into a debate here about whether KYC or AML are effective measures to fulfill the goals they set out to achieve. For better or worse, these procedures are enforced at the regulatory level and are therefore part of the law to which the masses - as in financial institutions - must comply.

Most crypto users comply with KYC/AML regulations when using centralized exchanges, but maintain anonymity or use a pseudonym once they move to the blockchain. The CEX knows who they are, but once they get on-chain they are 0xwhoever. They onramp and offramp via the CEX, and do their activities in the crypto sandbox via multiple wallets oblivious of any KYC or AML requirements.

This is fine, of course, but represents a hindrance toward broader adoption as it doesn’t allow interactions with assets requiring a higher level of legitimacy. In fact, if crypto and blockchain are to interact with regulated assets they are going to have to meet the regulatory requirements.

KYC but make it crypto

At Dusk, we are building a blockchain that will allow you to interact with regulated assets in a “crypto way”. We intend for you to regain self-custody of your assets, to be able to maintain your privacy, to transact in a trustless way, and to open your financial horizons toward the full spectrum of economic opportunities.

The Dusk blockchain will also allow institutions and companies to tokenize their assets on the blockchain, thus delivering the mass adoption we’ve all been waiting for.

This means we had to build KYC and AML into our technology. While other blockchains work around interacting with real-world and, God forbid, regulated assets so they can avoid this important issue, at Dusk we set out to tackle the challenge head-on.

This is where zero-knowledge proofs come into play. Our approach to KYC and AML is to do it in a way that is privacy-preserving. ZKPs allow us to verify your identity without having to reveal it. This means you can interact with traditional, regulated assets without sharing your identity.

What does this look like in practice?

Enough theory, here’s a use case!

When you transact on Dusk’s blockchain you would need to KYC/AML initially. Once that’s done, your digital identity will be verified, and you can use the full spectrum of financial opportunities that the financial landscape has to offer and build your portfolio of crypto or real-world digital assets you can trade with whoever has successfully gone through the same process.

As a company that tokenized its assets, you would be able to program your regulatory compliance directly into the blockchain. This solves three issues; firstly, it automates the resource-consuming process of checking and verifying all the details of people who want to transact with you and making sure you’re not breaking any rules. Secondly, it removes the ambiguity of granting pseudonymous entities access to the services you are legally responsible for. Thirdly, it removes the compliance costs associated with storing, handling, and gaining responsibility to handle the personal data of your customers. The latter is particularly important in the EU, where the GDPR sets very strict and costly procedures for any organization that explicitly deals with users’ data.

With Dusk’s programmable compliance, if, for example, you’re not allowed to transact with people from a given country, you simply wouldn’t be able to. No need to check credentials, the system simply won’t allow it. Compliance is automated. Like a computer program; if it’s within the rules it can happen. If it isn’t, then it can’t.

Equally, if you are a user, once you get verified, you can trade and transact without having to reveal your identity. You don’t have to provide your credentials every time you trade a regulated asset. Thanks to zero-knowledge proof technology, if you’re allowed to do something you’ll be able to, and if you’re not, then you won’t.

Automated regulation

In this way, Dusk has found an ideal solution to this issue of mainstream adoption. Users that value their privacy - and they should! - shall be protected when interacting with the mainstream world, especially when critically sensitive information is handled, like when KYC and AML procedures are required.

By using privacy-preserving zero-knowledge proofs, and building regulation in at the blockchain level, we are able to automate regulation and compliance.

Companies and institutions don’t have to spend resources doing background checks and verifying identities, and users are able to stay in full control and avoid endangering their own data when dealing with institutions digitally while still being able to purchase their assets.

About Dusk Network
Dusk Network is the privacy blockchain for financial applications. A new standard for compliance, control, and collaboration. Our mission is to enable enterprises of any size to collaborate at scale, meet compliance requirements and ensure that personal and transaction data remains confidential.

Share this post

Subscribe to our newsletter

Dusk on GitHub Download Whitepaper