Anonymity Revoking
When a legal order requires amount disclosure, the UKRC (Universal Key Recovery Committee) process is triggered.
Requirements
These are the concrete compliance requirements we have today.
| # | Requirement | Notes | Status |
|---|---|---|---|
| 1 | Regulator request | Requests come from the Regulator in the EMI's jurisdiction | |
| 2 | Legal review by Guardian key holders | Each request is reviewed by lawyer teams who hold Guardian keys | |
| 3 | n-of-m threshold for reveal | At least N of M guardians must agree before any data is revealed | To confirm |
| 4 | Reveal must be specific | Only disclose what is needed for the specific case — no over-disclosure | |
| 5 | Reveal must be complete | Disclose the full path of funds through the system, not just a single step | |
| 6 | Compliance officer UI and report export | A UI where a compliance officer can open a case and generate a full report to pass on to the regulator | |
| 7 | All decryption events are logged and auditable | Immutable audit trail; prevents covert surveillance | To confirm |
| 8 | EMI must be able to demonstrate compliance without mass decryption | Privacy-preserving compliance model | To confirm |
Effect on ZKP layers
| Component / Feature | How |
|---|---|
| ERC20 token | Trivial, everything is public |
| Encrypted Balance (EB / ElGamal) | Transfer amounts reveal |
| UKRC / Threshold Decryption | Full path reveal |
Assumptions
| # | Assumption | Impact if Wrong |
|---|---|---|
| A1 | Regulators accept privacy features as long as UKRC decryption exists | If regulators require plaintext amounts, EB model breaks for that jurisdiction |
| A2 | Guardians are lawyer teams holding keys; N-of-M threshold is regulator-accepted | If regulators require different threshold or guardian composition, model may need adjustment |
| A3 | Legal order → UKRC decryption can complete within regulatory SLAs (e.g., 48h) | If guardians are slow to respond, EMI may breach response deadlines |
Open Questions
| # | Question | Context | Answer |
|---|---|---|---|
| Q1 | Do we need to provide full path through EB and shielded pool at the same time? | "Complete" = whole path of money — if flow crosses both L2 (EB) and L3 (shielded), must report include both? | |
| Q2 | Have regulators in target jurisdictions confirmed they accept the UKRC model? | Critical — if not, the entire compliance model needs rethinking | |
| Q3 | What are the SLAs and deadlines for the process? | Regulator request → report delivered; guardian response time; regulatory deadlines; per-step SLAs | |
| Q4 | What is the operations process around guardians? | Who selects and governs? Who are the lawyer teams (identity, jurisdiction, independence)? Who is the contact (EMI compliance officer, separate liaison)? | |
| Q5 | What technical support do guardians need? | How do they hold the key (HSM, secure enclave, multi-sig)? Client for partial decryption, secure channel, audit logging? | |
| Q6 | How does cross-border regulatory cooperation work? | Multiple NCAs with different requirements — which jurisdiction's rules apply? | |
| Q7 | What are the data retention requirements? | How long must UKRC decryption logs be kept? | |
| Q8 | How does cross-chain tracing work? | When funds move across different chains (e.g. L2, L2 rollup, mainnet), can one warrant trace the full path? Do guardians need to coordinate across chains, or is each chain a separate jurisdiction? | |
| Q9 | What must the compliance officer report contain, and in what format? | Required fields (sender, recipient, amounts, path), standard template, regulator expectations for the export passed on from the UI. |