DeFi dApps face a fundamental tension between KYC compliance and decentralized privacy preservation: existing permissioned solutions either leak user attributes or rely on centralized trust assumptions. To address this, we propose the first decentralized authorization framework supporting KYC compliance, integrating self-sovereign identity (SSI), zero-knowledge proofs (ZKPs), and attribute-based access control (ABAC). Our commit-and-prove architecture delegates credential verification outside the ZKP circuit, significantly improving proof generation efficiency. We further design an on-chain privacy-preserving permissioning mechanism enabling multi-scheme ZKP support and decentralized policy enforcement—eliminating implicit trust entirely. Experimental evaluation demonstrates substantial improvements over baseline approaches in verification latency, throughput, and scalability. The framework thus provides an efficient, privacy-safe, and fully decentralized implementation pathway for compliant dApps.

Decentralized applications (dApps) in Decentralized Finance (DeFi) face a fundamental tension between regulatory compliance requirements like Know Your Customer (KYC) and maintaining decentralization and privacy. Existing permissioned DeFi solutions often fail to adequately protect private attributes of dApp users and introduce implicit trust assumptions, undermining the blockchain's decentralization. Addressing these limitations, this paper presents a novel synthesis of Self-Sovereign Identity (SSI), Zero-Knowledge Proofs (ZKPs), and Attribute-Based Access Control to enable privacy-preserving on-chain permissioning based on decentralized policy decisions. We provide a comprehensive framework for permissioned dApps that aligns decentralized trust, privacy, and transparency, harmonizing blockchain principles with regulatory compliance. Our framework supports multiple proof types (equality, range, membership, and time-dependent) with efficient proof generation through a commit-and-prove scheme that moves credential authenticity verification outside the ZKP circuit. Experimental evaluation of our KYC-compliant DeFi implementation shows considerable performance improvement for different proof types compared to baseline approaches. We advance the state-of-the-art through a holistic approach, flexible proof mechanisms addressing diverse real-world requirements, and optimized proof generation enabling practical deployment.