πŸ‘©β€πŸ’»
Galactica Network Dev Documentation
  • πŸ“™Galactica Network Overview
  • 🧬Galactica Concepts
    • ⛓️Blockchain Base
    • 🧾Zero-Knowledge KYC
      • Holder Commitment
      • DApp specific HumanID
      • Verification SBT
      • KYC Guardian
      • Galactica Investigation Module
      • Privacy Precautions
    • 🌟Reputation
    • πŸ›‚Contingent Transactions
  • βš™οΈGalactica Components
    • 🦊Galactica Snap for Metamask
    • 🌳Root Contracts
  • πŸ—οΈBuilding a Galactica DApp
    • Example DApps
      • Compliant ERC20
      • Cypherbook
      • Compliant DEX
      • Sybil resistant airdrop
    • Front End
      • Guided Example
        • Connect to Galactica Snap
        • Prepare ZK proof generation
        • Generate and submit ZK proof
        • Handle Verification SBTs
      • Galactica Snap JSON-RPC API
    • Smart Contracts
    • Custom Zero Knowledge Disclosures
  • πŸ“Guardian Guide
    • Setup to become a Guardian
    • Create and issue ZK certificate
      • πŸͺͺzkKYC (GIP-1)
      • Arbitrary ZK data certificate (GIP-2)
      • X/Twitter ZK certificate (GIP-3)
      • REY X/Twitter Score ZK certificate (GIP-4)
      • Decentralised Exchange (DEX) ZK certificate (GIP-5)
      • Centralised Exchange (CEX) ZK certificate (GIP-6)
      • Telegram ZK certificate (GIP-7)
  • ⛏️Validator Guide
    • πŸ”§Installation
    • πŸ”—Become a Validator
    • πŸš€galacticad CLI Usage Cheat Sheet
    • πŸ”’Security Best Practices
  • πŸ§ͺTestNet: Reticulum
    • Release Notes
  • πŸ§ͺDevNet: Andromeda
    • Release Notes
  • πŸ“ŽChangelog
Powered by GitBook
On this page
  • Purpose and context
  • Trade-off
  • Security precautions
  • Process
  • 1. Requirement definition by DApp builders
  • 2. Secret sharing during user verification
  • 3. Investigation request, decryption and reveal

Was this helpful?

  1. Galactica Concepts
  2. Zero-Knowledge KYC

Galactica Investigation Module

PreviousKYC GuardianNextPrivacy Precautions

Last updated 9 months ago

Was this helpful?

Purpose and context

The main purpose of the Galactica Investigation Module and secret sharing tech is retroactive compliance. Meaning the possibility to investigate illicit activity after it happened. Example cases are hacks or abuse of undercollateralized loans.

Galactica’s zero-knowledge technology completely hides undisclosed private information. Jurisdictions requiring access to KYC data for investigations therefore need an additional mechanism.

The base concept of combining zero-knowledge certificates with compliance originates from this . The integration into Galactica as a whole is described in more detail in the .

Trade-off

Providing fraud investigation capabilities to legal authorities obviously has disadvantages because it can be misused to compromise privacy. Justifying such measures requires a sufficient amount of advantages and mitigation. Compliance benefits include clarity to involved actors, compatibility for traditional industries and long term stability.

Security precautions

Decentralizing access with secret sharing

A central authority should not control the investigation process unchecked. If a DApp requires fraud investigation data to be included in a zkKYC proof, Galactica can split it into shares that are distributed to multiple institutions. Similar to a Multisig, a configurable number of those institutions have to work together to decrypt the data. The algorithm used for this is Shamir's secret sharing. It has two parameters. n for the number of shares the secret was split into, and k for the minumum amount of shares needed to reconstruct the secret. The secret itself only includes the zkKYC DID and provider. Therefore legal authorities still have to query personal data from the provider after reconstructing the secret. The personal data is not available on-chain.

Transparency and awareness

Galactica's zkKYC protocol ensures transparency about rules and involved parties. The smart contract fixes the rules and defines the requirements for the ZKP as well as the investigation institutions. Whenever a user creates a ZKP, the Galactica Snap shows what statements are proven by the ZKP and what investigation institutions are involved.

Process

The fraud investigation process is divided into the following three sub-processes for different steps in the lifecycle of a DApp and user interaction on Galactica.

1. Requirement definition by DApp builders

2. Secret sharing during user verification

3. Investigation request, decryption and reveal

Before a user can interact with a DApp requiring the possibility of fraud investigations, they create a ZKP for verification. The ZK circuit computing the ZKP discloses the zkCert DID and provider DID to the consortiium of investigation institutions. It uses to split this information into n shares, one for each institution. So that it can be only constructed if at least k institutions agree to recover the information. The ZK circuit also encrypts each share with the public key of the institution receiving it. The encrypted shares are submitted as public inputs of the ZKP and saved on the blockchain in the verification SBT data.

🧬
🧾
paper
whitepaper
Shamir's secret sharing
DApp builders choose the requirements of their DApp based on what they want to comply to. This includes selective disclosures and a set of investigation institutions depending on the jurisdiction they want to work in.
In the case of alleged fraud, a prosecutor sends a request to involved institutions. If k of them agree, they can recover the user's zkCert DID using Shamir's secret sharing. With this DID, the personal data of the user can be queried from the guardian that issued the zkCert.