Zero-knowledge KYC, and the potential of Secret.network (reposted after Substack error)

The need for pro-privacy smart contract infrastructure in DeFi-to-real-world lending has never been greater. The Secret Network offers a potential solution

<plug> This was cross-posted to my content partner StakingRewards’s State of Stake newsletter. Check them out for everything staking-related, we make a great team and we’ll be delivering more content there soon. </plug>

A well-known algostable protocol was recently weighing pros and cons of integrating KYC (Know Your Customer) rules into a module for investors who’d be comfortable sharing their personal information, for the opportunity to invest in real-world asset pools where the law requires KYC disclosure.

“We don’t want to touch anything involving individual KYC,” the protocol rep said.

“Why?” I replied. “Anybody can opt in. If it’s each person’s own choice, who cares? Do you think a lot of your users are, like, tax evaders or something?”

“No, it’s not like that. Imagine if you had a bunch of depositors who wanted to invest in a pool, and shared their KYC info through a firm like Securitize. Then one day, the US government declares that we’re dangerous because we’re an uncontrollable stablecoin. They know Securitize has doxxing info on a bunch of our depositors, since we told them they could invest in this pool through a permissioned investment pool that required doxxing. So the US goes to Securitize and tells them to give up all that info, which they do. The US government indicts and sanctions a bunch of our protocol’s depositors.

“What do you think happens to our stablecoin when a partnership that we endorsed results in a bunch of our depositors getting arrested, or even named? It would destroy our whole brand. Crisis of confidence. Run on the bank. It would be game over.”

The question of marrying DeFi deposits and its ~7% zero-maturity deposit rates with real-world assets has taken on a new urgency in the bear market of 2022. DeFi needs to find ways to back real world assets to prove its viability as a new, self-sovereign financial system. Sustainable yields are in, ponzicoin APYs are out.

However, as the protocol rep understood, integrating genuinely pseudonymous money with real world assets creates huge potential liabilities. To back a real world asset like a car loan or a mortgage, the investor needs to take on all the disclosure requirements and regulations of traditional finance: marrying the freedom of programmatic law with the fetters of fiat law.

DeFi backers of these contracts would have to dox themselves to regulators, who could then harass these individuals if anything ever went wrong. Doxxed individuals would become a collective point of failure for protocols whose populations had disproportionately doxxed themselves to invest in real world assets. The smart contracts themselves would have to somehow be cognizant of each local jurisdiction’s rules around each particular real-world contract. Expensive fiat lawyers would have to somehow oversee the implementation of smart contracts. (But wait—what’s the point of smart contracts if lawyers have to oversee everything?)

In other words, as crypto gets closer to backing fiat transactions, DeFi-to-real-world lending in developed markets very quickly starts to look like a very expensive form of fiat.

Algostables and privacy

The last 12 months has seen an explosion of interest in algorithmic stablecoins, such as LUNA, FRAX, USDN, DAI, and others. A major source of algostables’ appeal has been their censorship resistance, which is perceived as directly proportional to that algostable’s treasury exposure to USDC (ranging from UST at ~10% to DAI’s 55%+) and that algostable’s exposure to “regulated assets” (for example, DAI purchased a US broker-dealer, which makes it an asset subject to forfeiture and thus increases their fiat-law exposure). Real-world assets, as much as they might offer a new source of yield for a protocol’s treasury or an individual investor, would unfortunately fall under this latter “censorship-resistance-destroying” category.

Thus, algostables especially, and crypto more generally, have a scalability problem. To take market share where the money is (competing directly with banks in real-world underwriting), they’d have to check their “censorship resistance” at the door. If a user KYC’ed himself for a few real-world-asset investments, his entire subgraph of censorship-resistant algostables would be doxxed, and his algostable investment in real-world assets would be subject to seizure or loss at any time. In other words, the same things that make algostables especially attractive (and crypto in general an attractive refuge from punitive taxation) would be rendered valueless. Furthermore, if a small to medium minority of an algostable’s users exposed themselves to real world assets, it would create unquantifiable, systemic risk to an algostable protocol.

If you’re bound to unscalable, capricious fiat laws, the costs of programmable money are not outweighed by scalability benefits for the foreseeable future. You can’t offer big yields on the next $1 trillion of DeFi without getting big returns on the other side of the ledger, but in that arena, you’re at a cost disadvantage (crypto has higher transaction costs), an execution disadvantage (you can’t reverse mistaken transactions), and a fiat-law legal disadvantage (the legal liabilities of programmable money run amok are unquantifiably large when that money’s tethered to the real world.)

zkKYC

But what if crypto offered a true middle road, which would tick all the legal requirements of fiat KYC (proof of real ID, proof of real address) while concealing the broader subgraph of that user’s assets and transactions, restricting the liability around a transaction to only the point of origin of that transaction and also allowing pro-privacy protocols to integrate with the real world, without sacrificing broader user anonymity?

Theoretically, such a protocol is possible. Specifically, this pro-privacy-KYC protocol would have the following current and future capabilities:

• Shielded address transactions: any “doxxed transaction” would only reveal the counterparty of that transaction, without revealing any other transactions on that user’s subgraph.

  • To anyone other than the user, every single transaction would have the equivalent of a single-use wallet address.

  • KYC verification could be done using zero-knowledge proofs, also known as zkKYC.

  • The zkKYC function (vetting that an individual’s credentials are accurate) could be done today by a participating KYC firm. Finding such a firm would be a challenge, but I’m sure one could be found.

  • Could KYC credentials themselves could be vaulted in a smart contract, never to be accessed unless the KYC-requiring entity consented to a specific government subpoena, over time?

• Instead of the public-blockchain compute cycle (propose → validate → transact), the cycle would feature point-to-point encryption of addresses and amounts, to shield every user’s broader subgraph: propose → encrypt → validate → encrypt → transact.

  • Under this structure, the validators themselves wouldn’t know what they’re validating, they’d just know (via zero knowledge) that whatever they were verifying was in fact an agreed transaction between an unknown sender and receiver for an unknown but mutually agreed amount; only the sender and receiver would know the actual amount transacted, or smart contract executed.

• Somehow, the above is executed while keeping transaction costs for common use cases low: sending tokens to another user, swapping tokens on a Dex, etc.

• The protocol would be built via a common crypto language (Rust or Solidity), to scale developer adoption

• Integration capability with encryption-enabled wallets, to accelerate adoption without sacrificing anonymity

It turns out that a protocol with all the above capabilities already exists: the Secret Network.

Secret.network was originally founded as Enigma in 2014, and rebranded itself as Secret.network in 2017 after the SEC attacked them for raising money as an ICO.

Secret brands itself as “Ethereum/Cosmos’s smart-contract interoperability with Monero’s privacy.” It’s probably better described as Cosmos + Monero, since it has much more in common with Cosmos than Ethereum.

Transaction costs are amazingly low - even lower than Terra’s.

• Sending SCRT to another user costs US $.01.

• A swap on SecretSwap, the Secret dex, costs roughly $.07.

• Wrapping SCRT into sSCRT (“secret SCRT,” the single-use-wallet-address, super-private version of SCRT) costs $.10.

Finally, Secret’s UX is quite simple and intuitive relative to Monero.

“If SCRT is so great, why didn’t it take off already?”

SCRT’s business development roadmap has done all of the right things without any recent glaring mistakes.

• Staking rewards: Their staking tokenomics are broadly aligned with the Tendermint norm, at 15-20% today, giving believers an attractive place to park their asset.

• Rational, positive-sum tradeoffs: Secret has made very small sacrifices to privacy in exchange for very large gains in scalability, which tend to enrage privacy maxis while being eminently sensible real-world decisions. One example of this is their use of TEEs (trusted execution environments) for off-chain computations. Another example would be Secret’s use of bridges, to onboard more SCRT investors.

• Active ecosystem funding. SCRT has a stated $225m ecosystem fund to build an actual dapp economy around SCRT.

Secret’s transaction activity trends also seem very healthy relative to their token price.

Daily SCRT transactions: +100% YTD (the 9.47k number represents the incomplete data for the most recent day, and should be disregarded)

Daily SCRT smart contract transactions

Unfortunately for Secret, the “smart contracts for privacy maxis” pitch has turned out to be a much smaller niche than cryptocurrency privacy maximalists expected. Why would anybody want to shield and disappear smart-contract transactions in a space that thrived on open-source accountability?

To outsiders, Secret doesn’t offer the same transparency or big-whale theatrics of nakedly public blockchains such as Ethereum. To open-source developers, Secret represented a big shift up in complexity without corresponding demand. To criminals, privacy maxis, and other people placing an extremely high premium on privacy, Monero and its cousins zCash (ZEC) and Tornadocash (TORN) were always much more widely used, and their privacy much more battle-tested. Secret’s marketing tagline arguably brought them the worst of both worlds: SCRT wasn’t good enough for criminals and privacy supermaximalists who favored XMR and TORN, its privacy features were too complex for developers used to ETH, Terra, or Cosmos to use, and its lower transparency made the network harder to understand for outsiders.

After quite a bit of my own research, I asked the Secret Discord about their own thoughts on SCRT’s adoption. Their assessment was that Secret’s documentation is poor; for a complex product like theirs, good documentation is essential for onboarding new developers. (This is a very common problem in crypto, especially for protocols trying to do many genuinely new things at once.) They’re in the process of overhauling their docs.

Thesis: Secret.network will be the rails of zkKYC, and a key bridge between DeFi and real-world assets

The vast majority of crypto users value privacy and anonymity to some degree. Protocols that have gained significant market share recently, such as Terra, have strong pro-privacy or anti-censorship characteristics. As these protocols gain market share, they need to find a way to integrate with real-world sources of yield without increasing their parent protocol’s systemic exposure to KYC liabilities, such as compromising the protocol’s perceived privacy, censorship resistance, or immunity to government harassment.

As DeFi-to-RWA bridges become a bigger focus in DeFi’s hunt for yield, Secret’s architecture offers a path forward for increasing exposure to cashflow-positive yields while allowing privacy-forward protocols such as Terra to bridge their hefty deposits to real-world assets in a way that compartmentalizes loss of anonymity to single transactions.