Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Grant, Verify, Revoke: A User-Centric Pattern for Blockchain Compliance

Supriya Khadka, Sanchari Das

Abstract

In decentralized web applications, users face an inherent conflict between public verifiability and personal privacy. To participate in regulated on-chain services, users must currently disclose sensitive identity documents to centralized intermediaries, permanently linking real-world identities to public transaction histories. This binary choice between total privacy loss or total exclusion strips users of agency and exposes them to persistent surveillance. In this work, we introduce a Selective Disclosure Framework designed to restore user sovereignty by decoupling eligibility verification from identity revelation. We present ZK-Compliance, a prototype that leverages browser-based zero-knowledge proofs to shift the interaction model, enabling users to prove specific attributes (e.g., "I am over 18") locally without revealing the underlying data. We implement a user-governed Grant, Verify, Revoke lifecycle that transforms the user's mental model of compliance from a permanent data handover into a dynamic, revocable authorization session. Our evaluation shows that client-side proof generation takes under 200ms, enabling a seamless interactive experience on commodity hardware. This work provides early evidence that regulatory compliance need not come at the cost of user privacy or autonomy.

Grant, Verify, Revoke: A User-Centric Pattern for Blockchain Compliance

Abstract

In decentralized web applications, users face an inherent conflict between public verifiability and personal privacy. To participate in regulated on-chain services, users must currently disclose sensitive identity documents to centralized intermediaries, permanently linking real-world identities to public transaction histories. This binary choice between total privacy loss or total exclusion strips users of agency and exposes them to persistent surveillance. In this work, we introduce a Selective Disclosure Framework designed to restore user sovereignty by decoupling eligibility verification from identity revelation. We present ZK-Compliance, a prototype that leverages browser-based zero-knowledge proofs to shift the interaction model, enabling users to prove specific attributes (e.g., "I am over 18") locally without revealing the underlying data. We implement a user-governed Grant, Verify, Revoke lifecycle that transforms the user's mental model of compliance from a permanent data handover into a dynamic, revocable authorization session. Our evaluation shows that client-side proof generation takes under 200ms, enabling a seamless interactive experience on commodity hardware. This work provides early evidence that regulatory compliance need not come at the cost of user privacy or autonomy.
Paper Structure (12 sections, 2 figures)

This paper contains 12 sections, 2 figures.

Table of Contents

  1. Introduction
  2. The Agency Gap in Web3 Identity
  3. System Design: A User-Centric Lifecycle
  4. Phase 1: Grant (Sovereign Proving)
  5. Phase 2: Verify (Ephemeral Authorization)
  6. Phase 3: Revoke (The "Kill Switch")
  7. ZK-Compliance: Prototype and Evaluation
  8. Implementation: Architecture and Usability
  9. Evaluation: Interaction Latency and Economic Feasibility
  10. Discussion: Enforcing Digital Rights
  11. Future Work and Limitations
  12. Conclusion

Figures (2)

  • Figure 1: The Grant, Verify, Revoke lifecycle. (1-4) Grant: Alice actively generates a private proof locally to establish a session. (5-6) Verify: The application continuously checks this active, time-bounded authorization. (7) Revoke: Alice retains a direct "Kill Switch," allowing her to instantly sever the connection on-chain, bypassing the application entirely.
  • Figure 2: Integration of the ZK-Compliance protocol within TradeBase, a reference trading application. The sequence shows: (a) the host app enforcing restrictions, (b) the protocol requesting privacy-preserving verification, (c) the local generation of the zk-SNARK, and (d) the verified state granting access.