Grant, Verify, Revoke: A User-Centric Pattern for Blockchain Compliance

TL;DR

This paper introduces ZK-Compliance, a zero-knowledge proof-based framework that enhances user privacy and control in blockchain compliance by enabling selective attribute disclosure and revocable permissions.

Contribution

It presents a novel user-centric pattern for blockchain compliance that decouples identity verification from data disclosure using browser-based zero-knowledge proofs.

Findings

Client-side proof generation under 200ms on standard hardware

Enables dynamic, revocable compliance sessions

Restores user sovereignty in regulated blockchain interactions

Abstract

In decentralized web applications, users face an inherent conflict between public verifiability and personal privacy. To participate in regulated on-chain services, users must currently disclose sensitive identity documents to centralized intermediaries, permanently linking real-world identities to public transaction histories. This binary choice between total privacy loss or total exclusion strips users of agency and exposes them to persistent surveillance. In this work, we introduce a Selective Disclosure Framework designed to restore user sovereignty by decoupling eligibility verification from identity revelation. We present ZK-Compliance, a prototype that leverages browser-based zero-knowledge proofs to shift the interaction model, enabling users to prove specific attributes (e.g., "I am over 18") locally without revealing the underlying data. We implement a user-governed Grant, Verify, Revoke lifecycle that transforms the user's mental model of compliance from a permanent data handover into a dynamic, revocable authorization session. Our evaluation shows that client-side proof generation takes under 200ms, enabling a seamless interactive experience on commodity hardware. This work provides early evidence that regulatory compliance need not come at the cost of user privacy or autonomy.