Every KYC provider is a breach target. You collect passport scans, SSNs, and bank statements because regulators require identity verification. But you don't need the documents — you need proof they're who they say they are. ZK-KYC gives your platform the verification result and a cryptographic proof. Zero PII. Zero documents. Zero liability.
Each tier builds on the last. Basic proves identity attributes. Enhanced adds biometric liveness. Full adds sanctions screening. The platform never sees a document at any tier.
Standard KYC collects a passport scan, extracts the date of birth, and stores both. Now you have a PII database that every attacker on earth wants to breach. You needed to know the user is 18+. You did not need the passport.
The document is processed client-side. A cryptographic hash anchors the document without revealing it. STARK zero-knowledge proofs attest: age ≥ 18, jurisdiction = permitted country. Dilithium post-quantum signature binds the proof. Platform never sees the document.
A Dilithium-signed attestation: user is 18+, user is in a permitted jurisdiction, document hash is anchored. Zero PII. Zero document bytes. Cryptographic proof only.
Document-only KYC does not prove the person holding the document is the person on the document. Liveness checks require a selfie matched against the photo. Every provider that does this stores biometric templates in the clear — a BIPA, GDPR, and CCPA liability.
Everything in Basic, plus: the selfie and document photo are converted to 128-dim feature vectors, FHE-encrypted client-side, and matched via inner product on ciphertext. The server computes a similarity score without ever seeing either face. ZK address proof included.
Everything from Basic plus: biometric liveness attestation (face matches document), ZK address proof, all Dilithium-signed. Platform never sees the face. Server never sees the face. BIPA-proof by architecture.
Regulators require sanctions screening against OFAC SDN, EU consolidated, UN, and PEP lists. This means sending the user's full legal name to a screening vendor in plaintext. One vendor breach exposes your entire customer ledger.
Everything in Enhanced, plus: the user's name and identifiers are FHE-encrypted before leaving their device. Screening runs on ciphertext against encrypted sanctions lists. The screening server never sees the plaintext name. Compliance report with chain-hashed audit trail.
Everything from Enhanced plus: sanctions screening attestation (clear or flagged), compliance report with chain-hashed audit trail, all Dilithium-signed. Platform never sees the name. Full regulatory compliance, zero PII exposure.
Each tier is composed of discrete cryptographic capabilities. These are the building blocks.
To prove a user is 18+, platforms collect the full date of birth. To prove they are a US resident, platforms collect the full address. Every attribute check becomes a PII collection event, expanding the breach surface.
Prove age ≥ 18. Prove country = US. Prove income ≥ threshold. Prove NOT on sanctions list. All without revealing the underlying value. STARK proofs are generated client-side and verified server-side. The attribute value never leaves the user's device.
The verifier learns exactly one bit of information per proof: the statement is true or the statement is false. The underlying value — the actual age, the actual country, the actual income — is never revealed. Mathematically impossible to extract.
OFAC SDN, EU consolidated, UN sanctions, and PEP lists must be screened for every customer. Every screening vendor sees the customer's full legal name in plaintext. Vendor breaches expose the entire customer base.
OFAC SDN, EU, UN, PEP lists screened on FHE-encrypted identifiers. The screening engine runs fuzzy matching on ciphertext. The server never sees the plaintext name. Result: match or no match, signed with Dilithium. Full compliance, zero PII exposure.
Full regulatory compliance with OFAC, EU AML, and UN sanctions obligations. The screening vendor never sees a single customer name. Eliminates the largest third-party risk vector in the KYC pipeline.
Biometric liveness requires matching a live selfie against a document photo. Every provider that does this possesses unencrypted biometric templates. Illinois BIPA: $650M+ in settlements. GDPR Article 9: biometric data is special category. CCPA: biometric information is sensitive personal information.
FHE-encrypted selfie template matched against FHE-encrypted document photo. 128-dimensional inner product computed entirely on ciphertext. The server never sees either face. Similarity score decrypted only by the authorized party. 32 users per FHE batch.
You cannot leak what you never had in the clear. No biometric template is ever decrypted on the server. BIPA-proof, GDPR-proof, CCPA-proof — not by policy, but by mathematics.
Proof, not documents. Every verification result maps to a specific H33 cryptographic component and public standard.
| What the Platform Gets | H33 Component | Standard |
|---|---|---|
| Age verification (18+, 21+) | STARK ZK range proof | SHA3-256 |
| Jurisdiction verification | STARK ZK set membership | SHA3-256 |
| Document anchoring | SHA3-256 document hash | FIPS 202 |
| Biometric liveness | FHE-BFV inner product (128-dim) | Lattice-based |
| Sanctions clearance | FHE fuzzy match (OFAC/EU/UN/PEP) | Lattice-based |
| Proof integrity | Dilithium ML-DSA signature | FIPS 204 |
| Computation correctness | STARK attestation | SHA3-256 |
| Audit trail | Chain-hashed compliance report | Tamper-evident |
ZK-KYC maps directly to the regulatory frameworks that require identity verification while imposing data minimization obligations.
Each tier includes everything below it. Volume discounts apply across all tiers.
A fintech doing 100K verifications/month at Full tier volume pricing spends $5,250/month for zero-knowledge identity verification with sanctions screening — less than a single data breach notification costs. A crypto exchange doing 1M verifications/month at Basic tier spends $8,000/month to eliminate their entire PII database.
Every document you collect is a liability. Every biometric template you store is a class-action waiting to happen. ZK-KYC gives you the verification result and a cryptographic proof. The documents stay with the user. The liability stays at zero.