Togggle Documentation
  • Togggle Presentation
  • KYC Process
  • Integration Process
    • Webhook structure
    • Custom Fields
    • Successful Payload
    • Failure Payload
  • Decentralized Storage
    • Definitions
    • Types of Storages
    • Creation of the Personal Decentralized Storage
    • New User Verification Flow
    • One Click KYC
    • Company Dashboard
    • Authority Check
    • Data Deletion
  • B2B Dashboard
  • Reusable Credentials - One Click KYC
  • Product Information
  • Frequently Asked Questions
  • On-chain verifiable Proof-of-KYC
  • Wallet creation and VC
  • Architecture and Identity Flow
    • 🛡️ KYC Verification + AML Monitoring Flow
    • Data deletion - Right to be forgotten
Powered by GitBook
On this page
  • Introduction
  • KYC Soulbound Token issuance
  • Flow
  • AML on-chain

On-chain verifiable Proof-of-KYC

Introduction

Purpose

This document serves as a comprehensive technical guide for implementing an on-chain verifiable proof of KYC (Know Your Customer).

The guide outlines a robust method for proving that a given wallet address has successfully undergone a KYC process. It enables smart contract developers to seamlessly integrate KYC verification into their applications, allowing them to build custom business logic that consumes and acts upon this verified identity data while ensuring compliance and security.

Overview

The On-Chain Verifiable Proof-of-KYC (Know Your Customer) solution offers a privacy-preserving method to verify the identity of users without revealing sensitive information directly on the blockchain.

Togggle offers four distinct methods for implementing proof of KYC, each designed to provide different levels of anonymity and tailored to accommodate varying privacy requirements and implementation complexities:

  • KYC Soulbound Token issuance

  • Signed KYC Mint Voucher

  • Ethereum Attestation Issuance

  • W3C Verifiable Credentials

Key Components

Verifiable Credentials (VCs)

Verifiable Credentials represent identity information issued by Togggle after the KYC verification process. These credentials are cryptographically signed and attest that the user has undergone a KYC process. Each VC is associated with metadata, such as the issuer, date of issuance, and the type of verification performed (e.g., identity verification, proof of address, etc.).

Attestations

An attestation is a cryptographic proof that Togggle has validated a user’s identity. It is stored on-chain as an event or within a designated smart contract, ensuring that the verification is public but the actual KYC data remains off-chain.

Cryptographic Signatures

Cryptographic signatures are used to verify the integrity and authenticity of verifiable credentials. When Togggle issues a VC, it signs the credential with its private key. Smart contracts can then verify these signatures on-chain using the corresponding Togggle public key, ensuring that only credentials from trusted entities are accepted.

KYC Tokens

To ensure easy interaction with decentralized applications (dApps) and marketplaces, users who pass the KYC process can be issued a non-transferable token (e.g., a soulbound token). This token acts as a proof-of-KYC that is stored on the blockchain. While the token itself does not reveal any sensitive details, dApps can verify its existence to ensure the user has been KYC-verified by Togggle.

Smart Contracts

The core of the Proof-of-KYC solution is implemented using smart contracts that handle the validation of signatures and attestations. These contracts define the logic for:

• Issuing attestations upon verification.

• Validating cryptographic proofs when requested.

• Managing the lifecycle of the verifiable credentials, including issuance and revocation.

Signed KYC Mint Voucher

It’s a cryptographically signed message that a protocol can utilize within its smart contract. It provides smart contract developers with full flexibility to implement custom business logic on their side, such as issuing tokens, adding wallet addresses to a whitelist, or other actions based on the KYC verification.

KYC Soulbound Token issuance

In the KYC Soulbound Token Issuance solution, the user first connects and authenticates their wallet. Upon successful completion of the KYC process, our backend service issues a non-transferable Soulbound Token directly to the authenticated wallet. This token acts as an immutable on-chain representation that the KYC process has been completed, allowing decentralized applications (dApps) to verify the user’s KYC status without exposing any sensitive information.

Flow

KYC Soulbound Token issuanceSigned KYC Mint Voucher

In the Signed KYC Mint Voucher solution, the user first connects and authenticates their wallet. After successfully completing the KYC process, our backend service generates and signs a message that attests to the completion of the KYC. This signed message, similar to a JWT but using EVM-compatible data types, can be consumed by a smart contract on-chain. This approach provides developers with the flexibility to implement their own business logic, such as issuing tokens, whitelisting addresses, or other custom workflows.

AML on-chain

AML (Anti-Money Laundering) frameworks function fundamentally as a blacklist, as they are designed to identify and restrict specific users or entities associated with high-risk activities. This approach contrasts with KYC, which confirms an individual’s identity but does not assess their transactional history or potential risk indicators. In practice, a user who has successfully completed KYC verification may still be flagged within AML lists if they have been previously linked to suspicious activities. Thus, while KYC proves that an individual is known and verified, AML provides a separate layer of compliance focused on monitoring and preventing illicit activities, ensuring a robust defense against fraud and financial crimes even when dealing with KYC-verified users.

  • AML Screening Off-Chain The AML compliance process begins off-chain, where a user’s wallet address is checked against up-to-date AML lists. These lists, maintained by trusted entities, flag addresses associated with suspicious or high-risk activities, such as money laundering, fraud, or sanctions. If the address is clear, a cryptographic attestation is created to verify that the wallet has passed AML checks.

  • Issuing an AML Compliance Proof Once the wallet passes AML screening, we issue a cryptographic attestation indicating that the address is not blacklisted. This attestation acts as proof of AML compliance. It is often structured to be easily readable on-chain, like a signed message or a token with an AML compliance status attribute.

  • On-Chain Attestation Verification This cryptographic attestation is then stored in a way that makes it verifiable on-chain, typically as part of an event or a token issued to the user’s wallet. This proof does not disclose any sensitive details; it merely serves as an AML compliance “passport,” which other smart contracts can check without needing access to the full AML database.

  • Smart Contract Verification and Access Control When the user interacts with a decentralized application (dApp), the smart contract verifies the AML attestation by checking the validity of the cryptographic signature. If the signature is valid and from a trusted AML provider, it confirms that the wallet is not blacklisted. Based on this proof, the smart contract can permit or deny the user’s access, apply transaction limits, or trigger additional compliance measures.

More coming soon…

PreviousFrequently Asked QuestionsNextWallet creation and VC

Last updated 6 months ago