Galactica Investigation Module
Last updated
Was this helpful?
Last updated
Was this helpful?
The main purpose of the Galactica Investigation Module and secret sharing tech is retroactive compliance. Meaning the possibility to investigate illicit activity after it happened. Example cases are hacks or abuse of undercollateralized loans.
Galacticaβs zero-knowledge technology completely hides undisclosed private information. Jurisdictions requiring access to KYC data for investigations therefore need an additional mechanism.
The base concept of combining zero-knowledge certificates with compliance originates from this . The integration into Galactica as a whole is described in more detail in the .
Providing fraud investigation capabilities to legal authorities obviously has disadvantages because it can be misused to compromise privacy. Justifying such measures requires a sufficient amount of advantages and mitigation. Compliance benefits include clarity to involved actors, compatibility for traditional industries and long term stability.
A central authority should not control the investigation process unchecked. If a DApp requires fraud investigation data to be included in a zkKYC proof, Galactica can split it into shares that are distributed to multiple institutions. Similar to a Multisig, a configurable number of those institutions have to work together to decrypt the data. The algorithm used for this is Shamir's secret sharing. It has two parameters. n for the number of shares the secret was split into, and k for the minumum amount of shares needed to reconstruct the secret.
The secret itself only includes the zkKYC DID and provider. Therefore legal authorities still have to query personal data from the provider after reconstructing the secret. The personal data is not available on-chain.
Galactica's zkKYC protocol ensures transparency about rules and involved parties. The smart contract fixes the rules and defines the requirements for the ZKP as well as the investigation institutions. Whenever a user creates a ZKP, the Galactica Snap shows what statements are proven by the ZKP and what investigation institutions are involved.
The fraud investigation process is divided into the following three sub-processes for different steps in the lifecycle of a DApp and user interaction on Galactica.
Before a user can interact with a DApp requiring the possibility of fraud investigations, they create a ZKP for verification. The ZK circuit computing the ZKP discloses the zkCert DID and provider DID to the consortiium of investigation institutions. It uses to split this information into n shares, one for each institution. So that it can be only constructed if at least k institutions agree to recover the information. The ZK circuit also encrypts each share with the public key of the institution receiving it. The encrypted shares are submitted as public inputs of the ZKP and saved on the blockchain in the verification SBT data.
k of them agree, they can recover the user's zkCert DID using Shamir's secret sharing. With this DID, the personal data of the user can be queried from the guardian that issued the zkCert. 