7Block Labs on Identity Verification and KYC in DeFi

In the world of Decentralized Finance (DeFi), identity verification and Know Your Customer (KYC) processes are super important. They really help keep things secure and trustworthy! Here at 7Block Labs, we’re super focused on making sure these systems run smoothly. We strive to strike the perfect balance between user-friendliness and sticking to all the necessary regulations. Let’s take a closer look at what we’re up to in this area!

The Importance of Identity Verification

When it comes to DeFi, identity verification isn't just a luxury; it's a must-have. When platforms take the time to verify who their users are, it really helps cut down on fraud and makes things a lot safer for everyone. This whole process really helps create trust among everyone involved, and that’s super important for the long-term success of DeFi applications.

What is KYC?

KYC, which stands for Know Your Customer, is basically how companies check to make sure they know who their customers are. It’s all about confirming identities to keep things secure. In the world of DeFi, having solid KYC (Know Your Customer) measures in place is super important. It not only helps platforms stick to the rules and regulations but also keeps both the platform and its users safe. We really think that KYC doesn’t need to be a pain--it can actually be straightforward and easy to use!

Challenges with KYC in DeFi

KYC is pretty crucial, but let's be real - it definitely has its hurdles. There are a few major challenges that come to mind, like:

• Privacy Issues: A lot of folks are pretty concerned about putting their personal info out there on blockchain platforms.
• Regulatory Compliance: Depending on where you are, the rules around KYC can get pretty complicated. Each region has its own set of regulations, which makes it a bit of a maze to figure out!
• User Experience: It can be a real challenge to strike that perfect balance between having solid verification processes and making sure the user interface is smooth and easy to navigate.

Our Approach at 7Block Labs

Here at 7Block Labs, we're jumping right into these challenges and working hard to tackle them. Here's how we roll:

1. User-Centric Design: We focus on building user-friendly interfaces that simplify the KYC process, making it a breeze for everyone involved. 2. Privacy-First Solutions: We really care about your privacy, so we focus on keeping your data secure and fully anonymized. 3. Regulatory Know-How: Our crew makes it a point to keep up with the latest global regulations, so we can ensure everything’s compliant no matter where we’re working.

The Future of KYC in DeFi

As the DeFi world keeps expanding, we can definitely expect KYC to change in some pretty cool ways. We’re looking forward to seeing more decentralized solutions pop up that give people the power to manage their own identities--without having to give up on privacy or security.

Join the Conversation

Curious about how identity verification and KYC are changing the game for DeFi? Swing by our blog for some cool insights and the latest updates. You'll definitely find some valuable info there! We’d love to hear what you think about this important topic!

The Specific Headache DeFi Teams are Facing

Alright, so here’s the situation: you need to handle access stuff--like who’s allowed in based on things like where they live, their age, any sanctions, and whether they qualify as accredited investors. But here’s the catch: you have to do all of this without giving away your users’ identities or keeping all that sensitive information in one place. It's a bit of a balancing act, right? At the same time:.

So, just a heads up: the EU Transfer of Funds Regulation (Regulation (EU) 2023/1113) officially kicked in on December 30, 2024. So, when you're dealing with crypto-asset transfers between CASPs, you’ll need to share the originator and beneficiary details. Oh, and just a quick reminder: the EBA guidance kicks in starting from that date as well. If you mess up, your partners might decide to hit the brakes on those transactions. (eur-lex.europa.eu).

So, the FATF’s updates for 2024-2025 show that more countries are getting on board with the Travel Rule. But honestly, the way it’s being enforced varies quite a bit from place to place. Some places with big virtual asset markets are making great strides, while others are falling behind and facing more scrutiny. On top of that, DeFi is definitely on the radar for monitoring. (fatf-gafi.org).

Institutions aren’t just asking for permission anymore; they’re actually expecting to have access granted. So, Aave Arc has introduced these whitelisted KYC protocols for institutions, and they’re doing it through Fireblocks. This is the benchmark that your business development team keeps hearing about at pretty much every meeting. (fireblocks.com).

So, your team gave that whole “KYC wall plus allowlist” thing a shot, but here’s the twist:

• Conversion rates are really taking a nosedive! You’ve got vendors hopping from one place to another, re-uploading documents, and then just sitting around twiddling their thumbs for what feels like ages. Figuring out costs and latency can be a bit tricky. It doesn’t matter if we’re talking about on-chain stuff like proof verification gas fees or off-chain things, where you’re relying on what your vendors say they'll deliver in their SLAs. It's just not straightforward! When procurement starts asking those tough questions about risks--things like revocation, reusability, and auditability--you might find yourself stumped. And that can really slow things down, causing deals to get stuck.

The real risk, quantified

• Missed Deadlines: So, here's the scoop - come late 2024, our EU CASP partners are really going to ramp up their enforcement around the Travel Rule and start keeping an eye on unhosted wallets. If you’re not on the same page with their messaging or can't confirm who you're dealing with, you could end up with your transfers hanging in limbo or, worse, getting flat-out rejected. This can really throw a wrench in liquidity events and the launches your partners have planned. If you’re curious and want to dig a little deeper, you can find more info right here. Happy exploring!
• Cost Blowouts: If you’re looking to verify a Groth16 proof on the EVM, be ready for a hefty bill. It’ll cost you about 207,700 upfront, plus an additional 7,160 for each public input you add. Ouch! You know those four-pairing templates? They can really rack up the gas--like, around 34k every time you use them. Oh, and just a heads up: that calldata bloat from EIP-7623 is going to affect your data-heavy flows as well. Make sure you're keeping that in mind! If you don’t start making better design choices, you might find yourself shelling out a ton of cash at every gate. Check out all the details right here! You won't want to miss it!
• Regulatory Asymmetry: So, here’s the deal: a lot of regions are still dragging their feet when it comes to enforcement. But then you've got places like the EU, certain parts of APAC, and North America that are really stepping up their game. They're already actively checking for compliance with the Travel Rule and tightening up their AML/CFT controls.
  If you're just "partially compliant," you might be putting yourself in a tough spot. There's a chance you could get delisted, have your banking services cut off, or end up with geofencing restrictions at a time when you really can't afford it. If you're looking for more details, you can check it out here. It's got all the info you need!
• Procurement Challenges: Be prepared for some tough questions regarding revocation (like how your credentials are holding up), data minimization practices, and the whole independent attestation thing. If you can't clearly show "who issued what, what was attested, and if it's still valid" either on-chain or with a verifiable credential, you could risk missing out on that enterprise wallet share you've been eyeing. If you want to dive deeper into this topic, feel free to check out this link. It’s got all the details you need!

7Block’s Technical Yet Pragmatic Approach

At 7Block, we've created a ZK-native identity stack that really puts a focus on attestations. Our goal is to help you navigate regulatory and procurement requirements without compromising your privacy. And the best part? We’ve figured out how to keep it budget-friendly, even when we’re doing big things! We take a hands-on approach with our solutions, launching them in 90-day sprints. Whether you’re looking for our all-encompassing Web3 development services or our DeFi-focused smart contract development, we’ve got you covered! No need to stress--we’ve got security covered in everything we do! We make sure that both delivery and auditability are in excellent shape.

Architecture, in three layers

1) Off-chain identity issuance and policy

• Standards: How about we go with the W3C Verifiable Credentials 2? Sounds like a solid choice! So, just to give you a heads up, there’s this thing called 0 that's aiming to be a Recommendation by May 15, 2025. And then we've got SD-JWT, which is officially known as RFC 9901, and that's set to come out in November 2025. Both of these are pretty important for selective disclosure! These are totally current, easy for procurement teams to work with, and they get along well with Web2 identity systems. Take a look at this link: (w3.org). It's got some cool info on the Verifiable Credentials 2.0 specs that just got the W3C stamp of approval!
• Picking a Vendor: Look for a provider that lays out their verification service level agreements (SLAs) clearly and can handle Travel Rule interoperability. One great example is Sumsub. They've managed to keep their median onboarding time super quick, usually around 20-30 seconds. Plus, their fully automated non-doc flows are really impressive, coming in at just 4 seconds! 5-6 seconds. On top of that, they've got great turnkey Travel Rule support that works seamlessly with platforms like CODE, TRP, Sygna, and GTR. These stats are super important for understanding conversion rates and figuring out how effortlessly you can connect with partners. More info here: (sumsub.com).
• Claims design: Let’s keep it straightforward! Just throw in the essentials, like “is_over_18,” “is_EU_resident,” or “accredited_investor=US_506c.” It doesn’t have to be complicated! “Go ahead and set up revocation with the W3C Bitstring Status List version 1.” This way, you can quickly rotate or suspend credentials without the hassle of having to re-KYC everyone. Check out the full scoop right here: (w3.org). You'll find all the nitty-gritty on the Verifiable Credentials 2.0 specs that just got the W3C stamp of approval!

2) Privacy-preserving ZK proofs and attestations

• ZK frameworks we’ve actually rolled out in production:
• Polygon ID / iden3: This cool feature lets you show just the info you want, like proving you're over 18, without having to spill any other personal details. Pretty neat, right? We've got our contracts lined up with ZKP verifiers and Atomic Query validators (Sig/MTP), and all their addresses are ready to go on Polygon. We connect these to our gating modifiers. Take a look at this: github.com. You'll find some cool stuff!
• Sismo Connect: This tool is awesome for keeping your group memberships or reputation proofs under wraps. It’s like having a secret pass that lets you allowlist people without showing off their wallets. Super handy for KYC stuff or just fending off those pesky sybil attacks! If you're looking for more details, check out ethglobal.com. They've got you covered!
• Ethereum Attestation Service (EAS): If you're looking for on-chain attestations that make compliance simple and transparent, this is definitely the option you want to check out. If you're looking to issue basic attestations, you can expect to spend somewhere between 50k and 100k in gas fees. But the good news? Checking them out won’t cost you anything! Check out all the nitty-gritty details over at docs.oma3.org. You’ll find everything you need!
• Gas optimization and curve choices: So, if you're looking at the cost for a BN254 Groth16 verifier, you’re probably looking at around 207,700 plus an additional 7,160 multiplied by 'l' gas. To make things run smoothly, stick with the 3-pairing option instead of the 4-pairing one. And try to keep your l value between 2 and 4 by using those pre-hashed inputs. So, when you break it down, you're looking at about 220 to 235k gas for each proof on Layer 1. And if you head over to Layer 2s, it gets even more affordable! If you want to dive deeper, feel free to check it out here: hackmd.io. So, here’s the scoop: starting May 7, 2025, right after Post-Pectra, the EIP-2537 BLS12-381 precompiles are going to be up and running on the mainnet! Exciting times ahead! They've got some pairings that are a bit cheaper than what you’d find with BN254 and MSM precompiles when it comes to public inputs. However, the trade-off is that their calldata is larger. Just be sure to compare your calldata with the different pairing options available. If you're looking for more details, check out blog.ethereum.org. They've got all the latest info you need!

3) Travel Rule and Counterparty Integration

So, when we're working with our partners in the EU under MiCA and TFR, we always make it a point to include originator and beneficiary info by using protocol gateways. So, based on the EBA Guidelines, we’re able to manage messages off-chain. This basically means that any data needs to be sent along with the transfers--either ahead of time or right when the transfer happens. To make sure we connect with as many VASPs as we can, we’ve rolled out adapters for some of the most popular networks out there--like CODE, TRP, Sygna, and GTR.
If you want to dive deeper into this topic, feel free to check it out here. There's a lot of useful info waiting for you!

When it comes to unhosted wallets, we've set up verification processes that really match what the Guidelines are looking for. This involves doing some checks on ownership and assessing risks to make sure that transactions go smoothly and that we’re not collecting any extra data we don’t need. If you want to dive deeper into this topic, you can check it out here. Enjoy exploring!

Here’s what it looks like in code (using Solidity):

• If you're over 18, you can use the ZK gate with Polygon ID.

pragma solidity ^0.8.0;

import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
import "@openzeppelin/contracts/access/Ownable.sol";

contract ZKGate is ERC721, Ownable {
    uint256 public currentTokenId;

    // Event to emit when verification is successful
    event Verified(address indexed user, uint256 tokenId);

    constructor() ERC721("ZKGate", "ZKG") {}

    // Function to verify user's age
    function verifyUser(uint256 age) external {
        require(age > 18, "You must be over 18 years old.");
        
        currentTokenId++;
        _mint(msg.sender, currentTokenId);
        
        emit Verified(msg.sender, currentTokenId);
    }
}

Don’t forget to tweak your setup and dependencies before diving into the code! It’s super important for everything to run smoothly.

// Minimal example: ERC20 faucet gated by a Polygon ID proof (sig validator)
import {ZKPVerifier} from "iden3/contracts/verifiers/ZKPVerifier.sol";

contract AgeGatedFaucet is ZKPVerifier {
    address public immutable SIG_VALIDATOR = 0xd8946ddCD36Ae2552321769070bB263A275dcE35; // Polygon PoS v2.0.6 validator
    uint256 public constant REQUEST_ID = 1; // your configured query

    mapping(address => bool) public claimed;

    function claim(bytes calldata proof) external {
        require(!claimed[msg.sender], "Already claimed");
        _verifyProof(SIG_VALIDATOR, REQUEST_ID, proof); // reverts if proof invalid
        claimed[msg.sender] = true;
        // send tokens...
    }
}

Validator addresses and request wiring are basically two peas in a pod when it comes to official deployments. They really work together! We launch these using a feature flag and an environment map, which helps us support testnets and L2s effectively. Take a look at it on GitHub! You might find it really interesting!

Attestations Gate (EAS):

The Attestations Gate is a key component of the Ethereum Attestation Service (EAS), and it really helps with verifying data. It's like a gatekeeper that makes sure only verified information gets through.

• It’s all about running through a bunch of checks and double-checks to ensure everything meets the standards before it gets the green light for the blockchain.

If you want to really get into the nitty-gritty of how it all works, take a look at the official EAS documentation. It’s got all the details you need!

interface IEAS {
  function isAttestationValid(bytes32 uid) external view returns (bool);
}

contract KYCGated {
  IEAS public immutable eas;
  bytes32 public immutable schemaId; // e.g., "KYC: basic compliance v1"

  constructor(address eas_, bytes32 schemaId_) {
    eas = IEAS(eas_);
    schemaId = schemaId_;
  }
  function _isCompliant(bytes32 attestationUID) internal view returns (bool) {
    return eas.isAttestationValid(attestationUID);
  }
}

So, we take care of issuer allowlists off the blockchain, and we do our validation on it. What this means is that only the attestations from the issuers we’ve greenlit actually get through. So, if you're looking to issue something, you'll typically see gas fees ranging from 50k to 100k on layer 2 networks. But don’t worry, checking things out is totally free! For all the juicy details, feel free to dive into our documentation! You'll find everything you need there!

Implementation Checklist for DeFi Teams

Protocol and UX

Try to keep the public inputs in your SNARK circuits to a minimum--ideally, shoot for four or fewer. It helps streamline everything! To make things more efficient, let’s use pre-hash proofs of attributes. This will help reduce the amount of calldata we need and lighten the load on the MSM. If you want to dive deeper, you can find all the details here.

• Try using 3-pairing Groth16 verifiers. They're a solid choice! Don’t forget to check for malleability and run some subgroup tests while you’re at it! If you’re looking for more details, you can check this out here. When you're designing, remember to think about revocation. It's a good idea to use the W3C Bitstring Status List and keep those attestations short-lived. Instead of just locking things in with a "forever KYC" approach, consider more flexible options. If you want to dive deeper into it, check it out here. You’ll find some really useful info! Just make sure there's an easy way to sort things out if someone gets a false decline--like a straightforward process for re-KYC or appeals. It’s important to have that clear path!

Compliance and Travel Rule

Alright, let's talk about setting up that counterparty-VASP discovery and data exchange. It’s important not to just depend on those on-chain memo fields for the Transfer of Funds Reporting (TFR). So, remember, the EBA guidelines do give you the green light for off-chain transmission. However, they also stress the need for everything to stay in sync. Just a little heads up to keep things running smoothly! Get the details here. When dealing with unhosted wallets, make sure to handle ownership checks properly. And don’t forget to keep records handy for when the right authorities come asking for them! For more details on that, you can check it out here.

Vendor and Ops

When picking a KYC vendor, make sure they have straightforward SLAs and can easily connect with other protocols. Take Sumsub, for instance. They typically process things in just 20 to 30 seconds, and their KYC solutions can be reused. Plus, they've got these handy Travel Rule bridges that work across different networks. It's a solid choice! Make sure to set up alerts for those times when latency goes beyond the 90th percentile. It’s a good way to stay on top of things! Check them out here.

• Try to go for document-free processes wherever it's allowed; vendors have been saying that their processing times can really stretch out to four times longer than expected. We've seen some impressive results--like shaving off 5-6 seconds and boosting pass rates by more than 35%! And just to back that up, we’ve done A/B tests that confirm these findings. If you’re curious about what they offer, you can check it out here.

Security

Make sure to watch out for any possible linkage attacks between wallets. It's a good idea to use nullifier patterns, kind of like what Semaphore does, so you can maintain that unique touch without giving up on your privacy.

• Before we launch, we run audits on verifier contracts. You can find more about this in our security audit services.

Best Emerging Practices (2025-2026) We’re Shipping Now

• BLS12‑381 on Ethereum Mainnet (EIP‑2537) After Pectra: If you’re thinking about moving your circuits and signatures from BN254 to BLS12‑381, this is definitely a major upgrade! You'll enjoy better security margins and have access to those handy MSM precompiles. Just remember, though, this does mean that the calldata will be a bit bigger. Make sure to take a good look at it based on how you plan to use it. We’ve got some side-by-side gas models to help you decide which one’s right for you! (blog.ethereum.org).
• Stick to Off-Chain Verifiable Compliance When You Can: It’s a good idea to keep the important stuff off the chain whenever possible. Just focus on putting the essentials on-chain, like the attestation UID and nullifier. Let's keep the issuance and revocation processes in the VC/SD-JWT space. This should help reduce gas costs and make silent revocation a breeze. (w3.org).
• Take Advantage of L2s for Proof Verification: So, here's the scoop from some industry analyses: after the 4844 upgrade, posting a Groth16 proof (which is about 256 bytes) on L2s could cost you only a tiny fraction of a cent, especially when the blob space isn't jammed up. Pretty cool, right? Definitely worth considering! (medium.com).
• Permissioned Pools Done Right: Aave Arc has really proven that there’s a genuine need for this kind of setup. We tailor our allowlists using “proof of compliance” like attestations or ZK claims, rather than just relying on raw PII. This method really helps keep things private and also cuts down on any potential legal issues. (fireblocks.com).

GTM What Changes in Your Metrics

• Speedy onboarding means more conversions!
• We've typically seen that when we switch to automated processes, the time it takes from finishing KYC to making the first trade really speeds up--going from a few minutes down to less than 30 seconds! Vendors usually mention that their average verification times are around 20 to 30 seconds. Plus, we've noticed a pretty impressive increase in pass rates--over 35%--when they use database checks or non-document verification. When we run A/B tests, we usually see a nice bump in conversion rates--around 8 to 15%--from the moment someone kicks off their KYC process to when they actually make their first trade. It's pretty exciting to see those numbers! (sumsub.com).
• Reduced cost per user when scaled up. When it comes to on-chain verification, you're typically looking at about 220,000 to 235,000 gas for each Groth16 check that includes 2 to 4 public inputs. But if you're working with Layer 2 solutions, that cost isn't really a big deal at all. If we use aggregation along with 3-pairing templates, we can save around 32 to 34k gas with each call. That’s a pretty solid reduction! (hackmd.io).
• When it comes to off-chain KYC, automating the process definitely helps lighten the load of manual reviews. Vendors are seeing some pretty significant cuts in their KYC operations costs--up to 43%! Pretty impressive, right? On top of that, we've noticed actual savings can fall between 25% and 40%, depending on how much risk you’re willing to take and the current market situation. (sumsub.com).
• Less hassle with blocked transfers and more connections with partners.
• If you start using those Travel Rule connectors now, you can dodge those frustrating rejections from EU or regulated partners. Just a heads up, the TFR goes into effect on December 30, 2024, and the EBA guidance is already out there, so it’s a good idea to get ahead of the game! So, what this means is that you'll see fewer failed settlement attempts and a decrease in support tickets whenever you run those promotions and liquidity campaigns. (eba.europa.eu).
• Procurement-ready controls
• VC 2. 0 and SD-JWT provide your sales team with phrases and terms that really resonate with buyers. When you mix this with issuer allowlists and on-chain revocation that you can easily audit through EAS, it helps make procurement cycles a lot smoother. You can easily track “who confirmed what, when they did it, and whether it's still valid” -- and you can do all of this without showing any personal info. (w3.org).

Two Practical Implementation Patterns

When you start exploring software development, having a few reliable patterns up your sleeve can really make a difference. Let me share a couple of handy ways you can put things into action that’ll really simplify your life!

1. Model-View-Controller (MVC)

The MVC pattern is really about breaking your application down into three key parts.

• Model: Think of this as the cozy corner where all your data and business logic chill together.
• View: This is basically what users see and engage with. At the end of the day, it really comes down to the user interface.
• Controller: You can picture this as the go-between that takes input from the user, updates the model, and then makes sure the view gets refreshed to reflect those changes.

Using MVC is a great way to keep your code organized and make it way simpler to handle any changes that come up later on. On top of that, it really helps keep things organized and allows each part to focus on its own job. That’s definitely a big bonus!

If you want to really get into the nitty-gritty of MVC, you should definitely check out this resource. It’s got some great info!

2. Singleton Pattern

The Singleton pattern is a cool design approach that makes sure a class has only one instance while giving you easy access to it from anywhere in your code. It's like having a single source of truth that you can always rely on! This comes in super handy when you need to manage who gets to access shared resources, like a configuration object or a connection pool.

Sure thing! Here’s a quick little example in Python for you:

class Singleton:
    _instance = None

    def __new__(cls):
        if cls._instance is None:
            cls._instance = super(Singleton, cls).__new__(cls)
        return cls._instance

Using this pattern helps you manage your app's resources effectively without having to spin up a ton of different instances. It's a smart way to keep things running smoothly!

Hey there! If you’re curious about the Singleton pattern, you should definitely take a look at this article. It’s packed with great info and will help you get a solid grasp of the concept. Happy reading!

Using these patterns can really help you dodge a lot of headaches while you're working on and keeping your applications running smoothly. Happy coding!.

Pattern A -- “Compliance SBT + EAS”

• Flow:

1. The user starts things off by going through a quick automated KYC process with the vendor. 2. After everything's wrapped up, the vendor will give you a Verifiable Credential (VC) along with an off-chain SD-JWT. So, your issuer account goes ahead and creates an EAS attestation. This is connected to either a wallet or a rotating key--pretty cool, right? This attestation has just the right mix of claims and a specific expiration date. 3. Once you’re all set up, smart contracts jump in to do their thing! They check if the attestation is legit--like making sure it’s on the issuer's allowlist, hasn’t been revoked, and isn’t past its expiration date. If everything checks out, users can dive right into staking, liquidity pools, and various deals. Pretty neat, right?

• When to use:
• If you're looking for a straightforward and easy-to-follow compliance process, especially when dealing with institutional liquidity providers and market makers, that's the way to go!
• If you're looking for the smoothest way to read on-chain data (think minimal gas fees--like practically zero to read and only about 50-100k gas when you want to execute something on L2). Take a look at the details right here: docs.oma3.org. You’ll find everything you need!

Pattern B -- “zkKYC Proof at Point-of-Use”

• Flow:

1. So, the user has either a Verified Credential (VC) from their KYC provider or a zkKYC credential, which could be something like Polygon ID or zkMe. Pretty cool, right? 2. Before diving into any conversations or transactions, the user first creates a ZK proof. This proof basically says, “Hey, this wallet is owned by someone who’s passed KYC X, isn’t on sanctions list Y, and is good to go within the allowed jurisdiction Z.” And the best part? They do all of this while keeping their personal information completely private. Cool, right? 3. So, the contract kicks things off by checking the proof with a Groth16 verifier. After that, it gets down to business and applies whatever logic is needed, whether it’s minting new tokens, borrowing, or adding some liquidity.

• When to use:
• This is what you’ll want to use when you need to keep your identity under wraps but still want to prove you’re playing by the rules. It's great if you're looking to use your credentials across your whole setup without the hassle of going through KYC all over again. Vendors like zkMe are pushing the idea of zkKYC for permissioned DeFi, which sounds pretty cool. On the other hand, you’ve got Polygon ID offering some awesome open tools and contracts. Both have their perks, depending on what you're looking for! Give them a look over here: zk.me.

What We Ship for You, End to End

Architecture and Delivery

• Integration Blueprint: We're here to help with our KYC vendor SDK/API, and we’ve also got VC 2 for you! You're looking at the integration of 0/SD-JWT with EAS or Polygon ID verifiers.
• Gas Modeling and Benchmarking: We're going to dive into some comparisons, specifically checking out how BN254 stacks up against BLS12-381. Plus, we'll also take a look at the differences between Layer 1 and Layer 2. This way, we can tweak your verifier and make the calldata work just right for you. Want to dive deeper into this topic? Just head over to this link: eips.ethereum.org and explore more!
• Developer Ergonomics: We’re all about making life simpler for developers! That means we offer clearly labeled versions of schemas, handy request IDs, easy-to-access revocation registries, and feature flags that work seamlessly in every environment.

Engineering and Audits

• Smart Contracts, Indexers, and Dashboards: When it comes to our DeFi development services and dApp development, we’ve got you covered on all the techy stuff you might need.
• Verifier Hardening: We’ve got your back when it comes to making sure your system is tough as nails. We run through replay and malleability checks, plus we do thorough test runs on our end-to-end testnet. It’s all included in our handy security audit services.

Compliance and Partner Enablement

• Travel Rule Data Exchange Adapters: We’ve got your back when it comes to finding counterparties and assessing risk. Plus, we make it super easy to integrate everything into your existing tools with our blockchain integration.
• Documentation: We've got you covered with all the essential paperwork you'll need! This includes threat models, data flows, DPIA inputs, and governance details for attestation issuers. That way, your procurement and legal teams can breeze through the approval process and get everything squared away with a thumbs up!

Roadmap Accelerators (Pick-and-Deploy Modules)

Hey everyone! Just wanted to share some exciting news: we're launching an "Age Gate" ERC-20 airdrop, and it's powered by Polygon ID (MTP/Sig validators). Stay tuned for more details! We’re rolling out some cool features, including deep links and a better wallet experience. You can look forward to having it all set up by the second week! Feel free to dive into more info right here!

Now, let’s chat about the "Accredited Investor" flow. This part really taps into SD-JWT and some off-chain evidence. When it comes to on-chain stuff, we're just going to check the proof result and see if it’s been revoked using a Bitstring list. Simple as that! If you want to get into the nitty-gritty of the specs, check it out here. It’s got all the details you need!

• We’re excited to roll out the EAS issuer service! This includes schema governance, rotating issuers, and managing attestation expirations to ensure everything stays on track. On top of that, we’ve fine-tuned the read paths to keep storage and gas usage to a minimum. If you want to dive deeper, just check out this link for more details!
• Finally, we’re focusing on rolling out an L2-first deployment and making sure there are some gas protections in place for our verifiers. So, we've got three pairing templates, along with some nifty input compression, plus a little something called calldata-aware batching to make everything run smoother. If you're curious to dive deeper into this topic, check out 7 Block Labs. They've got some great insights waiting for you!

What “good” looks like after 90 days

In your key markets, users can zip through the KYC process in just 20 to 30 seconds, and whenever we can, we make it even easier by skipping the need for documents. You can expect to see a nice increase in conversions from “KYC started” to “on-chain action,” probably in the range of high single digits to low double digits. It’s definitely a positive trend! (sumsub.com).

When it comes to on-chain verification costs, they've got a nice predictability to them and are pretty low overall. For example, you can expect something like 220,000 gas for each proof on L1 using BN254 with two public inputs. And if you're working on L2, that number tends to drop even more. You can easily switch to BLS12‑381 verifiers whenever it fits your calldata or profile best. Just keep an eye on when it makes the most sense for you! (hackmd.io).

Hey there! So, your Travel Rule connectors really make everything run smoothly. They help prevent those annoying rejections from partners in EU transactions. Plus, discovering counterparties? It’s super easy right from the get-go! (eba.europa.eu).

You've got all the audit-ready documents you need! They’ve got you covered on topics like revocation, issuer governance, and data minimization. You can easily share "what's been confirmed" without giving away any personal info.

Where to start (and what to buy vs. build)

• Buy: When you're getting into user verification, pick a KYC vendor that provides VC/SD-JWT. And don't forget to add Travel Rule messaging along with sanctions and KYT screening to your toolkit!
• Team Up with Us: If you've got some unique requirements, why not think about creating ZK/attestation integration and verifier contracts together? You might want to think about tweaking gas optimizations or getting some allowlist and denylist settings in place for your token, AMM, or lending contracts. It could really help streamline things! Hey, just a quick reminder - make sure you automate your off-chain attestation issuer! It's super important!
• Take a moment to dive into our internal tools and resources! Check out our custom blockchain development services to see how we can assist you. And if you're looking into cross-chain compliance gating, we've got some awesome cross-chain solutions that could really make a difference.

Closing Thought

DeFi doesn’t have to choose between putting on a show for compliance and revealing user identities. With verifiable credentials, SD-JWT, and zk proofs all rolled into EAS or Polygon ID--plus those handy Travel Rule connectors--you can easily grant access to the right folks while still keeping their privacy intact and saving some bucks. It's a pretty neat setup! This method really boosts conversion rates, cuts down on blocked transfers, and gives you strong, ready-to-go proof for procurement.

Book a DeFi Scoping Call (15 Minutes)

Hey there! I’d love to chat about your 90-day KYC/Identity plan. How about we set up a quick 15-minute call to go over everything? Let me know what time works for you!