Privacy-Preserving On-chain Permissioning for KYC-Compliant Decentralized Applications
Fabian Piper, Karl Wolf, Jonathan Heiss
TL;DR
This work tackles the conflict between KYC/AML regulatory compliance and the decentralized, privacy-preserving ethos of DeFi by proposing a privacy-preserving on-chain permissioning framework that fuses Self-Sovereign Identity (SSI), Zero-Knowledge Proofs (ZKPs), and Attribute-Based Access Control (ABAC). It introduces a holistic architecture where policy decisions and enforcement are recorded on-chain while user attributes remain private, enabled by a commit-and-prove scheme that moves credential authenticity verification outside the ZKP circuit. The authors instantiate and prototype this model for a KYC-compliant DeFi liquidity pool, supporting $equality$, $range$, $membership$, and $time ext{-}dependent$ proofs, and they show substantial performance gains over baseline approaches (roughly 50% faster for range/equality and 25% faster for membership) with manageable on-chain storage and gas costs. The results demonstrate the practicality of decentralized, privacy-preserving policy decisions in permissioned dApps, and they offer guidelines for real-world deployment, including considerations for Layer 2 solutions and SNARK-friendly hash choices.
Abstract
Decentralized applications (dApps) in Decentralized Finance (DeFi) face a fundamental tension between regulatory compliance requirements like Know Your Customer (KYC) and maintaining decentralization and privacy. Existing permissioned DeFi solutions often fail to adequately protect private attributes of dApp users and introduce implicit trust assumptions, undermining the blockchain's decentralization. Addressing these limitations, this paper presents a novel synthesis of Self-Sovereign Identity (SSI), Zero-Knowledge Proofs (ZKPs), and Attribute-Based Access Control to enable privacy-preserving on-chain permissioning based on decentralized policy decisions. We provide a comprehensive framework for permissioned dApps that aligns decentralized trust, privacy, and transparency, harmonizing blockchain principles with regulatory compliance. Our framework supports multiple proof types (equality, range, membership, and time-dependent) with efficient proof generation through a commit-and-prove scheme that moves credential authenticity verification outside the ZKP circuit. Experimental evaluation of our KYC-compliant DeFi implementation shows considerable performance improvement for different proof types compared to baseline approaches. We advance the state-of-the-art through a holistic approach, flexible proof mechanisms addressing diverse real-world requirements, and optimized proof generation enabling practical deployment.