Reusable KYC:
Verify Once, Use Everywhere

Every time a user opens a new brokerage account, applies for a mortgage, or signs up for a crypto exchange, they go through the same ritual: upload a government ID, snap a selfie, wait hours or days for approval, and hope the service does not leak their data in the next breach. The global KYC industry processes over 500 million identity checks annually, yet the architecture behind most of these checks has barely evolved since 2010. Documents are copied in full, stored indefinitely, and rarely shared between relying parties. The result is a system that is simultaneously expensive for businesses, frustrating for users, and a magnet for data breaches.

Reusable KYC changes this equation entirely. Instead of repeating full identity verification at every touchpoint, a user verifies once with a trusted issuer and receives a cryptographic credential they can present to any relying party. The credential proves specific claims — "this person is over 18," "this person passed OFAC screening," "this person has a verified address in the EU" — without revealing the underlying documents. The relying party can verify the credential in microseconds, the user retains control over what is shared, and no one stores a copy of the raw identity data.

The Verifiable Credential Model

The W3C Verifiable Credentials (VC) specification provides the foundational data model. A credential contains three roles: an issuer (the KYC provider who performs initial verification), a holder (the end user), and a verifier (the relying party accepting the credential). The issuer signs a set of claims with a digital signature. The holder stores the signed credential in a wallet. When a verifier requests proof, the holder presents only the relevant claims along with a cryptographic proof of their validity.

This model aligns directly with GDPR's data minimization principle (Article 5(1)(c)) and the emerging eIDAS 2.0 framework in the EU, which mandates support for verifiable credentials in European Digital Identity Wallets by 2026. Under selective disclosure, a credential holder can prove they are over 18 without revealing their exact date of birth, or prove residency in a specific country without disclosing their full address.

Selective Disclosure with Zero-Knowledge Proofs

Selective disclosure is the mechanism that makes reusable KYC privacy-preserving rather than merely convenient. There are several approaches, but zero-knowledge proofs (ZKPs) offer the strongest guarantees. A ZKP allows the holder to prove a statement about their credential — such as "my age is greater than or equal to 18" — without revealing any additional information to the verifier.

In the H33 stack, ZKP verification runs through an in-process DashMap cache that resolves lookups in 0.085 microseconds. This is not a toy benchmark: it is the production number measured under 96-worker contention on Graviton4 hardware, where the full authentication pipeline sustains 1.595 million verifications per second at ~42 microseconds per auth. That latency budget is low enough to embed credential verification into real-time transaction flows without perceptible delay.

Why Post-Quantum Signatures Matter for KYC Credentials

A KYC credential is not a session token. It may remain valid for months or years. If the digital signature protecting a credential relies on ECDSA or RSA, a future quantum adversary with a sufficiently large fault-tolerant quantum computer could forge credentials retroactively. For financial services operating under AML5 or the Bank Secrecy Act, accepting a forged KYC credential would constitute a compliance failure with severe consequences.

H33 credentials are signed with CRYSTALS-Dilithium (ML-DSA, FIPS 204), a lattice-based signature scheme selected by NIST for post-quantum standardization. Dilithium signatures provide 128-bit post-quantum security and can be verified in approximately 120 microseconds even on mobile hardware. Because the credential's validity period may span the "harvest now, decrypt later" threat window, post-quantum protection is not a future-proofing exercise — it is a present-day compliance requirement.

// Pseudocode: Reusable KYC credential issuance
let identity_claims = verify_documents(user_passport, user_selfie);
let credential = VerifiableCredential {
    issuer: "did:h33:kyc-provider-001",
    subject: user_did,
    claims: identity_claims.selective_fields(),
    issued_at: now(),
    expires_at: now() + Duration::months(12),
};
let signed = dilithium_sign(issuer_sk, credential.canonical_bytes());
// Credential stored in user's wallet -- issuer discards raw docs

Encrypted Biometric Binding

A credential is only as trustworthy as the binding between the credential and the person presenting it. Passwords and PINs can be shared. Even device-bound keys can be compromised if the device is stolen. Biometric binding solves this by tying the credential to a physical characteristic — a fingerprint, iris scan, or face embedding — that cannot be transferred.

The critical challenge is performing biometric matching without exposing the biometric template in plaintext. H33 addresses this with BFV fully homomorphic encryption: the enrolled biometric template and the live capture are both encrypted, and the inner-product comparison executes entirely on ciphertexts. The server never sees the raw biometric. With SIMD batching (4,096 polynomial slots packing 32 users per ciphertext), the FHE layer adds only ~1,109 microseconds per 32-user batch — roughly 35 microseconds per user for encrypted biometric verification.

"The only biometric system worth deploying is one where the server provably cannot extract the template. FHE is the only technology that delivers this guarantee without trusted hardware assumptions."

Credential Lifecycle Management

Reusable credentials require careful lifecycle management. Issuance must be tied to a verified identity event. Presentation must be logged (for audit) without revealing credential contents. Revocation must propagate quickly enough that a compromised credential cannot be used after it is invalidated. H33 handles revocation via a ZKP-based accumulator: the verifier checks membership in a revocation set in constant time, and the holder proves non-membership without revealing their credential identifier.

• Issuance: KYC provider verifies documents, issues Dilithium-signed VC with selective-disclosure capability
• Storage: Credential stored in user's wallet (mobile or hardware). Raw PII discarded by issuer after issuance.
• Presentation: User generates ZKP proving specific claims. Verifier checks proof + Dilithium signature + revocation status.
• Renewal: Credential expires after configurable TTL (typically 6–12 months). Re-verification can be lighter (delta check) if biometric binding is fresh.
• Revocation: Issuer publishes updated accumulator. Verifiers reject credentials whose non-membership proof fails.

Compliance Mapping

Reusable KYC is not a regulatory shortcut. It must satisfy the same obligations as traditional KYC while delivering better privacy outcomes. The table below maps core regulatory requirements to the mechanisms that satisfy them within the H33 credential architecture.

The Economics of Verify-Once

Traditional KYC costs between $5 and $25 per verification depending on jurisdiction and document complexity. A fintech with 100,000 monthly sign-ups spends $500K to $2.5M annually on KYC alone — a cost that banking and financial institutions are eager to reduce — and each of those users likely verified with three other services that same year. Reusable KYC amortizes the cost of a single high-quality verification across every subsequent relying party. The issuer charges once; verifiers pay a fraction of the cost for a cryptographic check that completes in under 42 microseconds.

Combined with H33's throughput of 1.595 million authentications per second on a single Graviton4 instance, the infrastructure cost per verification drops to fractions of a cent. At scale, reusable KYC is not just better for privacy — it is an order-of-magnitude reduction in compliance spending.