Redefining KYC
Holonym’s Edge with ZK Verification
In the delicate dance between digital identity and privacy, Holonym’s zero-knowledge-based KYC strikes a harmonious balance, blending the trustworthiness and flexibility of traditional IDs with the discretion of zero-knowledge proofs.
Attack of the Bots
How do we establish trust in systems vulnerable to abuse by impersonation, automation, and fraud? Proof-of-personhood has emerged as a trending solution to drive mainstream adoption of web3 for digital distributed governance, public goods funding, universal basic income, and civic advocacy.
Authentication tools such as, “Sign in With Google,” Robinhood’s streamlined KYC, captchas, and Apple’s FaceID, have brought web accounts, government IDs, and biometrics into the mainstream. A lot of attention has been focused on how well these methods perform against impersonation and bot attacks.
One of the best attributes of peer-to-peer systems may also be one of its biggest weaknesses: it is very easy for anyone in the world to make any number of pseudonymous accounts.
How can you tell a user is a person?
Not all proof-of-personhood solutions are made equal. Web accounts are less rigorous and easily gamed by bots. However, even the most rigorous categories of proposed proof-of-personhood solutions, biometrics and Government IDs, must negotiate complex trade-offs.
- Biometrics don’t need anything, or anyone, but the self-attestation of a person to establish their personhood, however they can’t be changed once leaked — making them incredibly sensitive and limiting their flexibility. You can’t change your iris as easily as you can change your password.
- Government IDs require trust in a third party authority, however they can be revoked both by the issuer, or the person that holds them. This grants them both complexity and flexibility, since the validity of the credential depends on at least two parties rather than one.
Flexible Proof-of-Personhood with Holonym
The best solution for proof-of-personhood will depend on the use-case and requirements for rigor. However, in all cases, a complete privacy stack that is credential-type agnostic will be critical for the responsible development and deployment of proof-of-personhood technologies.
Holonym is a full zero-knowledge (ZK) decentralized identity (DID) stack that allows users to verify with any credential while remaining in control over their privacy.
Although biometrics are a popular, mainstream choice for user authentication, the flexibility of government IDs becomes more powerful with the introduction of ZK to maintain privacy after verification. This approach adeptly navigates the intricate challenges posed by the current proof-of-personhood landscape, which often grapples with issues like freedom of speech, censorship, abuse of power, limitations of transparency and accountability, the cost of verification, scalability concerns, access barriers, and unclear guidelines on data storage.
Holonym has the potential to serve as a foundational protocol for other proof-of-personhood technologies. By integrating Holonym as a core credential, these protocols can further develop a robust social graph or web of trust, fortifying their defenses against Sybil attacks.
Let’s dive in!
Blockchain’s Pseudonymous Dilemma
The pseudonymity and permissionless-ness of distributed systems make it very easy for anyone in the world to access financial tools, secure messages, and share/receive content. However, one of the best attributes of peer-to-peer systems may also be one of its biggest weaknesses: it is very easy for anyone in the world to make any number of pseudonymous accounts.
Pseudonymity has given rise to Sybil actors, agents that create many copies of their identity with the express purpose of exploiting soft-trust assumptions in a protocol to serve their own needs. Sybil actors can manifest as nodes in proof of stake, airdrop farmers, and even phony grants in Public Goods funding. In fact, much of core Web3 tooling that powers reputation, voting, loyalty programs and governance are vulnerable to Sybil exploitation.
Ethereum’s consensus mechanism, Proof-of-Stake, has proven to be a robust Sybil-resistant mechanism. However, this low-level solution doesn’t cater to every challenge that Web3 developers might face in production, especially when producing applications for tech-naive end-users. There is an outstanding need for users to prove facts about themselves, such as that they are a unique person, while remaining pseudonymous. To crack this problem, solutions must strike a delicate balance between privacy, user consent, and rigor.
Regulatory Scrutiny and Illicit Transactions
Vulnerabilities to Sybil attacks are just the tip of the iceberg. Regulatory scrutiny has intensified due to illicit transactions and bad actors in the ecosystem. Chain Analysis quantified these illicit crypto transactions at a staggering $20.6B for the year ’22 in their Crypto Crime Report. The pseudonymous nature of crypto makes it an attractive avenue for these bad actors. Even though such transactions constitute less than 1% of the total volume, the rising significance of KYC and AML regulations is undeniable. At its core, Blockchain thrives on trustless-ness. But, on a paradoxical level, to earn trust from both users and regulators, it’s imperative to establish a robust identity management system that deters bad actors while preserving individual privacy.
There is an outstanding need for users to prove facts about themselves, such as that they are a unique person or not on a sanctions list, while remaining pseudonymous. To crack this problem, solutions must strike a delicate balance between privacy, user consent, and rigor.
Traditional KYC: Strengths and Weaknesses
KYC stands as a cornerstone for identity verification, especially for financial services. Its efficacy is proven in traditional sectors and is gaining traction in blockchain to address identity challenges and deter malicious entities. The typical KYC flow entails collecting Personally Identifiable Information(PII), encompassing Government IDs and Biometric Data, followed by OTP Authentication for validation. All of this information may be kept on a server for up to 5 years, or more, depending on the regulatory requirements imposed on the entity providing the service.
The Power of Digital Identity also Feeds its Risks
Government IDs and biometric data, having stood the test of time, are pivotal for identity verification. Considerable efforts have been invested in crafting these Personally-Identifying-Information (PIIs) protocols to deter forgery.
For example, India’s Aadhaar system, the world’s largest biometric identification mechanism, epitomizes this effort. While Aadhar has streamlined welfare schemes and curbed redundancies, its centralized data registry remains susceptible to potential breaches, a vulnerability shared by many KYC data registries. Iris scans stand out as a robust method in biometric verification, acclaimed for their accuracy and swift validation, while they are also susceptible to data leaks from their registries. Placing this data on-chain, coupled with hard privacy and self-sovereign data policies, could transform the identity verification landscape.
Web3’s Native Digital IDs
Web3-native identity protocols, such as Gitcoin Passport, Proof of Humanity, Idena, Polygon ID, Bright ID, and Worldcoin, offer a fresh perspective on digital identity, beyond KYC. These identity systems leverage on-chain activities, social verification/vouching, and blockchain-based biometric data verification.
Web of Trust: “I say I trust them, so just trust me”
The Web of Trust is a notable approach that combines graphing social connections with formal verifications. Systems such as Proof of Humanity and Bright ID have championed this, using community vouching complemented by unique identifiers like photos and videos.
Within this framework, subjectivity is introduced into the verification process, defined by reliance on personal judgments, typically arising from social or community-based attestations. This layer of subjectivity makes exploitation more difficult and expensive due to the necessity of social attestations. Meanwhile, objectivity in verification, which implies a method free from personal biases, typically rooted in empirical evidence and formal proofs, is also pivotal. However, while blending objective and subjective proofs offers an intersectional approach, it also brings challenges like bootstrapping, scalability, and the complexities of decentralized maintenance.
Biometrics: Mapping a Person to an Identity with their Biology
Biometrics, which identifies individuals based on physical attributes, remains a trusted method in today’s identity verification landscape. In the web3 space, projects like Worldcoin have charged ahead with biometric identity, though not without sparking debates. The primary concern with biometrics is data storage, the potential ramifications of data breaches, and the risk of abuse of power, given the irreversible nature of biometric data theft.
Spotlight: Gitcoin Passport
On another front, the Gitcoin Passport stands out as a comprehensive identity aggregator. It combines various verification stamps that attest to multiple converging attributes useful for proof-of-personhood. The wide open source net cast by Gitcoin Passport allows for trial-by-fire of the top Sybil resistance protocols. Gitcoin’s million+ dollar grant matching pools are up for grabs 4x a year, or every quarter, by anyone who can defeat the assembled anti-Sybil technologies. This high-stakes pot combined with the frequent quality control and protocol upgradeability has led to a driven evolution of effective anti Sybil measures. Passport’s forkable design makes it easy for the technology to be adapted and improved beyond the core efforts of the Gitcoin team.
Any Identity Service Must Ship With Privacy
Identity management is undeniably a potent use case for crypto. However, the inherent transparency of blockchain jeopardizes identity privacy. Any claims or attestations you make on your blockchain account are public and stored for the entire history of the chain.
Trad KYC is a Honey Pot
As we’ve discussed in depth, traditional KYC’s weak points are centralized data collection processes and storage methods. These centralized repositories are hotbeds for potential data breaches and unauthorized backdoor access. The dangers of surveillance capitalism, built on such models by monetizing our data without consent, are all too familiar.
Self-Sovereign Identity is a Non-Starter without Privacy
Web3’s answer to this challenge is Self-Sovereign Identity (SII). This paradigm empowers users with data control and consent, championing interoperability, transparency, data-sharing minimization, and privacy preservation. However, these protocols grapple with scalability challenges, potential centralization risks, and blockchain’s intrinsic privacy concerns. Vitalik’s insights on biometric and social graph-based proof-of-personhood underscore privacy as a crucial missing piece. However, the approach for an adequate solution that balances the risks of on-chain identity with the requirements for practical use cases has yet to be proven.
Holonym’s ZK-based KYC: Elevating Identity Checks with Zero- Knowledge
In our digital age, striking a balance between identity verification and personal privacy protection is paramount. Zero knowledge cryptographic systems have emerged as a key solution, ensuring privacy for on-chain attestations. For the first time, users can prove facts about themselves on-chain and import attributes of their identity with total control over their privacy on-chain.
Zero-Knowledge Proofs
Holonym leverages zero knowledge proofs for minting private credentials. This technology helps users validate specific identity aspects without divulging comprehensive personal data. In other words, once verified, a user can prove rigorous facts about themselves without showing the source documents that collateralize those facts.
Minting Credentials as SBT
Upon successful verification, Holonym captures user credentials into a Soul-bound Token (SBT) which is a non-transferable non-fungible token that can be used to track the reputation of an Ethereum account. Specifically, the SBT ensures exclusive user ownership of the credential, and its non-transferability acts as a Sybil defense.
Single-Spend Identity
Alongside the SBT, a unique, concealed identifier called a nullifier is generated. The actual nullifier remains secret to the user, but its hash is publicly recorded. This setup ensures that each credential is uniquely tied to its respective nullifier, preventing users from presenting the same credential more than once. In essence, nullifiers maintain the integrity of the verification process, ensuring that each proof remains authentic and singular in its use. Or, in other words, users can’t “spend their identity” more than once.
Data Security and Privacy
Holonym has a strong commitment to data security. Post verification, personal data transmitted via encrypted channels is promptly deleted. Users’ identity data is stored in their local devices. Holonym’s servers only keep encrypted backups, granting users deletion rights via their private keys. Users are encouraged to wait until, at least, few dozen new leaves are added to the Merkle Tree before proving and minting a ZK-SBT to maximize their probabilistic “hiding” within the anonymity set.
Anti-Doxxing Measures
The Holonym architecture ensures that personal data remains distinct from digital wallets, courtesy of zero knowledge proofs. This architecture renders it difficult for verifiers to correlate wallets with credentials. Key to this, is a relayer that submits transactions for users on their behalf, making it difficult to attach a single session or IP address with a credential.
Enhanced Privacy
Holonym’s KYC minting process is focused on minimizing data leakage risks. In stark contrast to numerous Web3 KYC providers with centralized databases, Holonym ensures that real-world documents remain notably difficult to link on-chain identities. The Holonym standard issuer is memory-less, which means it deletes all user-session data after a successful verification. Data for users experiencing verification errors are kept for 5 days to facilitate support, after which the data is deleted.
Government ID Verification & Web3 Compliance
Holonym harnesses the authority and inherited trust of data derived from government-issued IDs. While these IDs are traditionally vulnerable to data breaches in centralized systems, Holonym seamlessly integrates them on-chain with privacy and protection for the user. Holonym validates relevant details, such as “You have US residency,” without exposing intricate personal identifiers using zero knowledge proofs. This strategy not only upholds the sanctity of these IDs but also addresses the Sybil conundrum and web3’s compliance challenges.
Instilling Trust
Holonym navigates a careful equilibrium, momentarily entrusting a centralized verifier with user data, while also mandating its deletion post-verification to safeguard privacy. Despite the transient holding of data, Holonym’s architecture is crafted to obstruct the verifier from linking a pseudonymous wallet address with any off-chain data.
This design offers users a choice: opt for immediate verification by trusting the KYC provider not to track their wallet, or choose enhanced privacy by delaying proofing of credentials, a mechanism prevalent in the privacy strategies employed by platforms like Tornado Cash and ZCash. In the end, the third-party authority can only log that a specific person verified using Holonym but can not determine what account they are on-chain without significant effort, time, resources and pre-meditated intent. For the majority of consumer use-cases, Holonym provides near-perfect privacy preservation.
Compliance and KYC
Ameen and Vitalik, with others, recently dropped a paper on privacy pools to shed light on the delicate balance between transactional privacy and regulatory compliance. For crypto to be perceived as a viable alternative to conventional banking, the industry must evolve their identity management practices. Despite the prohibition on mixers, bad actors ingeniously discover avenues to launder stolen funds which stands at odds with attempts for crypto to go mainstream. Even liquidity pools can be manipulated as mixers for money laundering. While it is not without trade offs, a comprehensive zero knowledge KYC service that preserves on-chain privacy can be another option to bridge the chasm between privacy and compliance, ensuring a seamless and secure identity verification process while respecting users’ data protection rights.
Looking Ahead: The Future of ZK Identity
ZK identity is a monumental project, with many creatively diverse projects endeavoring to redefine web3 identity management and enhance the power of individuals with self-sovereignty over their digital footprint. Given the industry’s diverse needs, projects must innovate with varied credential schemas, protocols, and use-cases , culminating in a plethora of solutions. This diversified approach fortifies the ecosystem against Sybil threats and bad actors, such as in the case of Gitcoin Passport. Holonym, with its private credentialing methodology, stands out as a pragmatic model for preserving anonymity, validating genuine personhood, and ensuring that wallets remain unlinkable to off-chain credentials.
Learn More
Read our white paper, explore our documentation, or try minting a ZK DID for yourself. Questions or comments, we’d love to hear from you. Please join the community in Discord to engage more about the future of private, zero knowledge, identity.
Authors: Arun Sajiv, Shady El Damaty
