🤖 AI Summary
This work addresses the tension between the transparency of public distributed ledgers and the data minimization principle, particularly the vulnerability of existing zero-knowledge proof schemes in smart contracts to front-running and proof-replay attacks. We propose a Selective Disclosure Authorization Scheme (SDAS) that enables fine-grained, revocable, and privacy-preserving compliance checks through a user-controlled “authorize–verify–revoke” mechanism without revealing underlying credentials. We formalize a security model for SDAS, introducing ledger-bound attribute unlinkability and context-aware sender binding to ensure proofs are valid only within authorized contexts. Our Ethereum-based ZK-Compliance implementation employs a 14-constraint Circom circuit to anchor proofs to on-chain sender addresses. Evaluations on Sepolia show browser-side proof generation under 200 ms and on-chain verification costing 240,512 gas, effectively preventing proof reuse while rigorously preserving attribute privacy.
📝 Abstract
Public distributed ledgers enforce integrity through radical transparency, creating tension with data minimization principles required for regulatory compliance. While Zero-Knowledge Proofs (ZKPs) offer a theoretical privacy solution, existing constructions often overlook adversarial constraints in smart contract environments. Specifically, the asynchronous decoupling of off-chain proof generation from on-chain submission introduces front-running and proof-reuse risks in public mempools. In this work, we formalize Selective Disclosure Authorization Schemes (SDAS), a cryptographic primitive for granular and revocable compliance checks on public ledgers without revealing the underlying witness. We define a security model for SDAS, introducing Ledger-Bound Attribute Unlinkability and Context-Aware Sender Binding to capture how valid proofs remain bound to their intended authorization context. To validate sender binding, we present ZK-Compliance, an Ethereum-based instantiation that operationalizes a user-controlled "Grant, Verify, Revoke" lifecycle. We implement the sender-binding component using a 14-constraint Circom circuit that anchors the zero-knowledge proof to the executing on-chain sender address. Our Sepolia evaluation confirms practical viability: browser-based proof generation executes in under 200 ms, and on-chain verification costs 240,512 gas, neutralizing proof reuse by different callers while preserving strict attribute privacy.