EthSafari Discussion on ZK-Based KYC
AI Blockchain Starknet ZKP

EthSafari Discussion on ZK-Based KYC

At EthSafari 2025, I joined the Zero-Knowledge panel to discuss how ZK proofs can transform KYC. Beyond blockchain scalability, ZK can bridge the gap between privacy and compliance—verifying identity without exposing sensitive data. This article explores the difference between data integrity and computational integrity, why ZK proofs thrive in blockchain systems, and how we might design effective, privacy-preserving KYC protocols for the future.

3 min read

At EthSafari 2025, I had the privilege of speaking on the Zero-Knowledge (ZK) panel, where the audience raised many insightful questions. In this article, I’d like to expand on one of those topics: building a KYC (Know Your Customer) system based on zero-knowledge proofs.

Zero-Knowledge in Context

Zero-knowledge technology promises the ability to prove and verify a private computation without ever revealing the private information itself.

While this might sound like something out of wizardry, it is already being tested and deployed across real systems—for example, Ethereum’s ZK-based Layer 2 solutions.

One of the earliest references comes from the original STARK paper, which even explored a use case for DNA verification. This naturally leads us to the concepts of data integrity versus computational integrity.

Data Integrity vs. Computational Integrity

This distinction is often misunderstood, so let’s break it down:

  • Data Integrity
    Refers to the accuracy, completeness, and consistency of data as it is stored and maintained over time【Harvard Business Online†source】. It ensures that the data has not been tampered with or corrupted. For example, hashing functions like SHA3 or MD5 can verify data integrity—two different datasets will always result in different hashes.
  • Computational Integrity
    Refers to the guarantee that the output of a computation is correct【Software Engineering Daily†source】. In ZK systems, this is ensured by a proof of correct execution. For arbitrary programs, a ZK-compatible “virtual CPU” can prove not only the result of a computation but also that every step was faithfully executed.

Why ZK Works So Well in Blockchains

Blockchains are state machines: each new block depends on the previous one. The beauty of zero-knowledge technology is that proofs are far cheaper to verify than re-executing the computation itself.

This property allows massive computations to be compressed into compact zk-proofs. Smart contracts on Ethereum, for instance, can verify zk-proofs from Layer 2 systems such as Scroll, Starknet, or Lisk, ensuring that their off-chain computations are trustworthy.

KYC: A Data or Computational Problem?

KYC introduces a tension between user privacy and regulatory compliance. On one hand, users don’t want to reveal their personal identity details to every website or service. On the other hand, service providers are legally required to verify user identity.

ZK proofs can help bridge this gap. In a typical ZK flow:

  • The prover has access to the inputs (identity data) and runs a program to produce both an output and a proof.
  • The verifier receives the output, the program, and the proof—and can check validity without ever learning the original inputs.

Building an Effective ZK-Based KYC System

To make ZK KYC practical, both provers (who hold the identity data) and verifiers (who must check compliance) need interoperable standards and protocols.

Some key considerations:

  • Identity Sources: How is identity issued to citizens? Can this be standardized into a digital protocol usable across the internet?
  • Beyond the ID Card: Identity is more than just the data printed on a plastic card. It’s proof of humanity, citizenship, and legal recognition within a given jurisdiction.
  • Hybrid Verification: A ZK-powered OCR system could extract data from an ID card image. This could be cross-verified with a government identity server to confirm citizenship without directly revealing the user’s data.

Can KYC Be Permissionless?

A centralized KYC model depends on state authorities. But there are experiments with more “permissionless” systems.

For example, Worldcoin’s Orb uses iris biometrics to guarantee uniqueness—proving that a user is a human being without linking them to a specific national identity.

While this ensures “proof of personhood,” it sidesteps social, legal, and political considerations tied to national citizenship. For such systems to replace traditional KYC, they would need recognition and approval by states.

Final Thoughts

As AI grows more capable, we urgently need stronger ways to distinguish humans from automated agents. At the same time, reducing KYC friction is key to unlocking access to global services.

Zero-knowledge proofs provide a powerful foundation for solving both challenges: enabling compliance without overexposure of personal data, and enabling trust in a world where trust is increasingly scarce.

Many systems in this space are already being built. Perhaps you can be one of the pioneers shaping this future.

(I’m writing these reflections in a car taxi from EthSafari. I’d love to hear what you think—join the conversation.)

elielmathe