Zero-knowledge Proof DID (Decentralized ID) for KYC and Governance in the Web3 world

(draft)

NFT-based ID for user identification, decentralized voting, and privacy protection.

Using the Zero-knowledge Proof approach, the Decentralized ID (DID) token is needed to authenticate and verify the customer. The purpose of such a token is two-fold. One is to allow seamless one-click onboarding with any Web3 dApps (e.g., DeFi, SocialFi, GameFi, Airdrops), and another allows the customer to vote in local, state, and general elections conducted on the blockchain. The general architecture design of such a token includes the following four parties: the Customer, the KYC Vendor, the Voter records Vendor, and the Onboarder (the entity that acquires the Customer, e.g., DeFi dApp). The steps are as follows.

1. The customer is asked to pass the standard KYC process using his/her mobile device, providing information from national ID (e.g., driver's license) via scan + biometrics. This step is done via the KYC provider, such as Jumio, Onfido, Sumsub, etc. The customer data set is received and collected on the verifier side.
2. At the same time, the same data is run over the government-registered voter records to identify if a) the customer is previously registered as a voter and b) if s/he is eligible for registration otherwise.
3. Once the customer data is processed and no red flags are raised on either of the verifiers, the data set gets encrypted and stored in the metadata of the NFT token, which is minted and then sent to the customer’s wallet address.
4. The customer uses Wallet Connect, a standard Web3 wallet feature to receive the unique DID NFT. Further, the same wallet address is used, and occasionally can be whitelisted, to sign up/in with any onboarder that supports such DID NFT. The onboarder may further set up certain filters to accept or deny specific customers. E.g., “US only, male only, from 18 y.o. except New York state”. Those parameters are run and filtered over NFT’s metadata stored in the user wallet, producing Yes/No results.

Summary.

a) The NFT DID mint is done only once, for as long as the original national ID/ DL is valid. The DID NFT issuing/minting process is repeated upon the expiration date.

b) The KYC provider will never know what onboarders the user will sign up/in with and when.

c) Onboarders will never know the customer data. The onboarder only knows the user met their specific approval filters and parameters, making them compliant with the regulator.

References / additional readings:

ERC-5851: On-Chain Verifiable Credentials
https://eips.ethereum.org/EIPS/eip-5851
ERC-4955: Vendor Metadata Extension for NFTs
https://eips.ethereum.org/EIPS/eip-4955
ERC-5643: Subscription NFTs
https://eips.ethereum.org/EIPS/eip-5643
ERC-6551: Non-fungible Token Bound Accounts
https://eips.ethereum.org/EIPS/eip-6551