Zero-knowledge scaling company StarkWare has introduced a novel solution for know-your-customer (KYC) compliance on its Starknet network. The system, called Private KYC, leverages zero-knowledge STARK proofs to allow users to verify specific identity attributes—such as being over 18 or holding a valid credential—without exposing their full passport, address, or other sensitive information. The announcement, made on Tuesday as a demonstration, aims to reduce the liability that comes with storing personal data.
StarkWare's approach addresses a fundamental flaw in traditional KYC processes: users are often required to hand over entire documents even when only a single fact is needed. “Identity checks today ask for your whole document when they only need one fact,” the Starknet team stated. By using cryptographic proofs, the system ensures that verifiers can confirm eligibility without ever seeing the raw identity data. This reduces the risk of data breaches, which have become increasingly costly and frequent.
According to the latest data, the United States recorded 3,322 data compromises in 2025—a 79% increase over five years—while the global average cost of a data breach reached $4.4 million, as reported by StationX. In the healthcare sector alone, more than one billion records have been breached, with an average cost of $7.42 million per incident. The crypto industry has not been immune; the 2020 Ledger database hack exposed over 270,000 customer records, leading to ongoing phishing campaigns.
StarkWare's Private KYC works through a straightforward process on the user's smartphone. First, the user scans their passport using the phone's camera and NFC chip, which reads the document's embedded data and verifies its authenticity by checking the cryptographic signature from the issuing authority. Next, the user encrypts the identity data directly to their Starknet wallet, registering specific attributes (such as age or nationality) in a public onchain registry. Finally, when a verifier needs to confirm a particular condition—for example, that the user is over 18—the user submits a zero-knowledge proof that demonstrates the fact without revealing any additional information. The verifier can then confirm the proof by reading the public registry, without ever accessing the underlying personal data.
This model is similar to World ID, the identity system developed by Sam Altman's Worldcoin project, which also uses zero-knowledge proofs to verify humanness via iris scans. However, World ID has faced criticism for its centralized biometric custody, whereas StarkWare's self-custody approach ensures that users retain full control over their personal information. StarkWare emphasized that corporations should not collect full identities, because “every identity database becomes a liability the moment it exists.”
The Private KYC system is built on Starknet's STRK20 privacy features, which incorporate zk-STARKs (zero-knowledge succinct non-interactive arguments of knowledge). These proofs allow a prover to convince a verifier that a statement is true without revealing any information beyond the validity of the statement itself. In the context of KYC, that means a user can prove they hold a valid passport issued by a certain country without showing the passport number, expiry date, or even the passport photo. The underlying cryptographic technology has been developed over years by StarkWare, which is known for scaling Ethereum through validity rollups.
The implications for the broader crypto and fintech industry are significant. As regulatory pressures increase, especially in jurisdictions requiring rigorous KYC for decentralized finance (DeFi) platforms and exchanges, solutions like Private KYC could become essential. They offer a way to comply with anti-money laundering (AML) and counter-terrorism financing (CTF) rules without compromising user privacy. Moreover, they reduce the operational burden on companies that must otherwise store and protect vast amounts of sensitive data.
StarkWare's move also aligns with a growing trend toward privacy-preserving compliance tools. Earlier this year, other projects like Sui have explored confidential transfers that are compliant with regulators. The key innovation in StarkWare's system is the separation of verification from data collection: a verifier can confirm that a user meets a certain requirement (like being on a whitelist or being over 18) without ever needing to see the user's ID. This is achieved through a combination of onchain registries and off-chain zero-knowledge proofs.
One of the most compelling use cases for Private KYC is in decentralized autonomous organizations (DAOs) and token-gated communities. DAOs often need to verify that members are accredited investors or citizens of a particular jurisdiction before allowing participation in certain activities. With traditional KYC, the DAO would have to collect and store personal data, creating a target for hackers. With Private KYC, the DAO can simply check a public proof that the user is accredited, without any risk of data exposure. Similarly, a platform that restricts access to users over 18 can verify age without learning a user's exact birth date or address.
The technical implementation relies on Starknet's account abstraction and the ability to manage cryptographic keys directly from a wallet. Users can store encrypted identity data on their device and only decrypt it when generating a proof. This ensures that even if the onchain registry is compromised, the actual identity data remains encrypted and useless to an attacker. The system also leverages Starknet's low transaction costs and high throughput, making it feasible to verify proofs for millions of users.
StarkWare's announcement comes at a time when data privacy regulations like the European Union's General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA) are imposing stricter rules on data collection and storage. Companies that fail to protect user data face heavy fines. Private KYC offers a path to compliance that minimizes the data footprint, reducing both legal risk and the cost of security measures. StarkWare noted that the system is still in demo mode, but the underlying technology is ready for integration by third-party applications.
In contrast to centralized identity verification services that rely on document uploads and manual checks, StarkWare's solution is fully automated and preserves anonymity. The company has published open-source libraries for generating and verifying the zero-knowledge proofs, encouraging developers to build their own verification flows. This could lead to a standardized, privacy-first KYC framework across the Starknet ecosystem and beyond.
The response from the crypto community has been largely positive, with many praising the balance between compliance and privacy. However, some critics note that the system still requires users to trust the initial scan of their passport on their phone, though the NFC verification ensures the document is genuine. Additionally, the system does not prevent the user from being tracked through the onchain registry, though StarkWare has integrated privacy features to obscure patterns. Future updates may include more advanced privacy techniques like zero-knowledge proofs for the registry itself.
StarkWare's Private KYC represents a significant step forward in the quest for self-sovereign identity. By decoupling verification from data exposure, it offers a model that could be adopted across industries, from banking to healthcare. As the cost of data breaches continues to climb and regulatory scrutiny increases, solutions that reduce data liability are likely to become the norm. StarkWare has demonstrated that privacy and compliance are not mutually exclusive—they can coexist through careful cryptographic design.
Source:Cointelegraph News