๐Ÿ‘ฉโ€๐Ÿ’ป
Galactica Network Dev Documentation
  • ๐Ÿ“™Galactica Network Overview
  • ๐ŸงฌGalactica Concepts
    • โ›“๏ธBlockchain Base
    • ๐ŸงพZero-Knowledge KYC
      • Holder Commitment
      • DApp specific HumanID
      • Verification SBT
      • KYC Guardian
      • Galactica Investigation Module
      • Privacy Precautions
    • ๐ŸŒŸReputation
    • ๐Ÿ›‚Contingent Transactions
  • โš™๏ธGalactica Components
    • ๐ŸฆŠGalactica Snap for Metamask
    • ๐ŸŒณRoot Contracts
  • ๐Ÿ—๏ธBuilding a Galactica DApp
    • Example DApps
      • Compliant ERC20
      • Cypherbook
      • Compliant DEX
      • Sybil resistant airdrop
    • Front End
      • Guided Example
        • Connect to Galactica Snap
        • Prepare ZK proof generation
        • Generate and submit ZK proof
        • Handle Verification SBTs
      • Galactica Snap JSON-RPC API
    • Smart Contracts
    • Custom Zero Knowledge Disclosures
  • ๐Ÿ“Guardian Guide
    • Setup to become a Guardian
    • Create and issue ZK certificate
      • ๐ŸชชzkKYC (GIP-1)
      • Arbitrary ZK data certificate (GIP-2)
      • X/Twitter ZK certificate (GIP-3)
      • REY X/Twitter Score ZK certificate (GIP-4)
      • Decentralised Exchange (DEX) ZK certificate (GIP-5)
      • Centralised Exchange (CEX) ZK certificate (GIP-6)
      • Telegram ZK certificate (GIP-7)
  • โ›๏ธValidator Guide
    • ๐Ÿ”งInstallation
    • ๐Ÿ”—Become a Validator
    • ๐Ÿš€galacticad CLI Usage Cheat Sheet
    • ๐Ÿ”’Security Best Practices
  • ๐ŸงชTestNet: Reticulum
    • Release Notes
  • ๐ŸงชDevNet: Andromeda
    • Release Notes
  • ๐Ÿ“ŽChangelog
Powered by GitBook
On this page

Was this helpful?

  1. Galactica Concepts
  2. Zero-Knowledge KYC

Privacy Precautions

Overview of how precautions to preserve user privacy

PreviousGalactica Investigation ModuleNextReputation

Last updated 1 year ago

Was this helpful?

Galactica's technology provides new ways to preserve user privacy. The main paradigm shift is using zero-knowledge cryptography to prove statements, such as being KYCed, without disclosing any more personal details, such as name, birthday, etc.

Galactica strives to make privacy the new default and to be simple enough to work in practice. But maintaining privacy is still a task that needs care and endurance. Here is a list of best practices and hints how to preserve privacy on the current version of Galactica:

  • Be cautious with public disclosures. ZKPs always disclose some statement about the user of a wallet address. Read the confirmation message in Galactica Snap for Metamask carefully to check what information is shared.

  • Selective disclosures submitted from a wallet stay publicly viewable on-chain. They can aggregate into a better picture of the person behind it. For example someone could guess the identity of a user, if the same wallet proves the birthday to DApp 1, the postal code to DApp 2 and the profession to DApp 3.

    • Users can prevent such aggregation by splitting on-chain activity over multiple wallets. This works well with the DApp specific HumanID concept because Human IDs on different DApps are not connected unless done so by the user.

    • ZkKYCs can be used from all wallets of a user. The authorization by the wallet holding a zkKYC is verified privately in the ZKP.

    • When splitting activity over different wallets, users need to take care to not obviously link them together by actions, such as direct fund transfers.

    • Be aware of general internet tracking threats that could link together wallet activity. This includes IP addresses, ISP and VPN services, cookies and the RPC node used to submit transactions.

    • Side note: Galactica's team is investigating automated wallet activity splitting and compliant mixers for fund transfers between them.

  • Depending on the use case, DApp builders can move zkKYC verification off-chain for improved privacy. See

  • Naturally, DApp builders should only require the minimum amount of selective disclosures. For example, proving to hold a valid zkKYC should be sufficient for KYC purposes. DApps do not need to gather more personal details to comply with KYC requirements.

  • Users should check the ZKP generation confirmation for details about fraud investigation. Especially which institutions are involved and if k of n secret sharing is used.

๐Ÿงฌ
๐Ÿงพ
Off-chain use