zkKYC in Decentralized Finance (DeFi)
In the dynamic but esoteric realm of decentralized finance (DeFi), traditional Know Your Customer (KYC) processes have emerged as a necessity to comply with KYC (and other compliance processes native to TradFi) appears as an significant impediment to the progress and efficiency of our emergent industry. Galactica, however, is proud to present a pioneering solution that aims to transform DeFi’s compliance landscape with our state-of-the-art, privacy-preserving zkKYC technology.
MME Legal AG stands as a highly reputable voice in regards to advancing on-chain regulation, earning recognition for their unwavering dedication to progress. The focus of their most recent discourse? zkKYC within the realm of Decentralized Finance (DeFi).
In this analysis, we delve into an article penned by Magdalena Boškić, Head of Crypto Compliance Services at Sygnum Bank AG, and Sebastian Hepp, Compliance Lawyer at MME Legal AG. Boškić & Hepp present their view that zkKYC resolves the conflict between DeFi and KYC/AML (anti-money laundering) regulations in Switzerland.
This article intends to highlight how Boškić & Hepp’s explanations for zkKYC in DeFi, portray the striking similarities of the solutions pioneered by Galactica.
The narrative
In 2022, Galactica embarked on a mission to address the conflict between DeFi and KYC/AML regulations by developing a Layer 1 blockchain that facilitates the use of zkKYC, and with just weeks away from our testnet launch, our talented developers have turned the vision of Zero-Knowledge Know Your Customer for DeFi (zkKYC) — into a tangible reality.
KYC is the biggest unresolved issue at the ever-present intersection of privacy and compliance in DeFi, and Zero-Knowledge Know Your Customer (zkKYC) offers a novel approach to identity verification by enabling on-chain, interoperable validations (to learn more about this topic, see our Trinity Series here). The zkKYC approach adopted by Galactica simplifies the Know Your Customer (KYC) process for businesses, reduces costs and time spent on gathering and validating personal information,while protecting all parties involved.
The problem
Despite the apparent potential of zkKYC, there is currently no established standard for the implementation of a zkKYC framework, and its jurisdictional applicability remains uncertain. An analysis of its compatibility with Swiss Anti-Money Laundering (AML) law reveals some complexities with regard to decentralized finance (DeFi), where traditional regulatory frameworks may only partially apply due to the absence of traditional financial intermediaries.
While most DeFi protocols feature some centralized elements subject to regulation, recent Swiss regulations extend to DeFi platform providers facilitating asset transfers; nonetheless, completely decentralized systems are exempt from these regulations. zkKYC alone does not fulfill KYC obligations because it does not share verifiable identity data with the financial intermediary.
The solution
The fundamental ethos of DeFi is to eliminate intermediaries between individuals and their assets, whether they be funds or data, yet, in reality, many DeFi protocols still rely on centralized elements, such as developer admin keys, web2 services for authentication, asset custodians, or highly concentrated governance control.
At Galactica, we are confronting this challenge head-on by introducing the Galactica Guardianship model, aligning with the Compliance Oracle solution as explained by MME Legal AG in their recent paper.
Galactica’s Guardians are trusted entities that make proofs of compliance information available for verification on-chain (Web3), while keeping the user data off-chain and held in private self-custody. In practical terms, such a zkKYC framework ensures that after the user’s identification is verified, they will own and maintain custody of their personal data, simply creating private proofs of said data to transact on-chain — a far cry compared to your scanned documents being stored in PDF format on an unknown remote server..
Guardians cannot access user activity unless a fraud investigation occurs*, and issue identity verification as a hash of KYC data on-chain (zkCertificate). From there, the customer can generate and send zk-proofs of their data (identity verification) to the financial intermediary/DeFi via the interface of their non-custodial wallet.
The Galactica Guardianship model and the Compliance Oracle solution devised by MME Legal AG exemplify a proactive approach to addressing the regulatory challenges facing DeFi, and by enabling on-chain verification while preserving user privacy off-chain, these solutions strike a delicate balance between compliance, privacy and decentralization.
A detailed comparison between the approaches can be found in the table below.
As we look to the future of DeFi, it is clear that private but verifiable identity attestations via zkKYC are a crucial step towards achieving seamless integration with traditional financial systems, while preserving the core tenets of decentralization and user privacy embraced by Web3’s development ethos.
By adopting zkKYC technology and fostering continued collaboration between industry stakeholders, both on and off chain — we will finally unlock the full potential of DeFi as a democratizing force in global finance.
*Every dApp run on the Galactica network implements a fraud investigation scheme, which is transparently disclosed to users. Users have the autonomy to decide whether to engage. This scheme typically involves a PVSS (Publicly Verifiable Secret Sharing) system — such as 1/1, 2/3, or 5/5 — determining who must reach consensus to link user documents to a transaction on the dApp. For instance, if authorities request transaction information, a dApp can only comply unilaterally with a 1/1 scheme, similar to a centralized exchange (CEX). Otherwise, multiple parties must agree for disclosure to occur, maximizing privacy at the expense of compliance efficiency. Such a system is a superior alternative to many others as it effectively creates a market for all possible compliance and privacy trade-offs. Here, as we shall expect, the ultimate cost of privacy will be slippage.
Sources
https://www.sygnum.com/b2b-banking/crypto-compliance-and-regtech
Join us on Zealy and participate in the Cypher State Campaign.