ZK-Compliance Oracle

Keyring facilitates our compliance oracle. This is what allows us to confirm users' compliance, without having to store their data on-chain.

In order to use Portal Gate, users must complete a zero-knowledge compliance check. Users are directed to Keyring, which checks that the user is Know Your Customer (KYC) and Know Your Business (KYB) compliant.

Users are required to have at least two non-custodial wallets: one authentication wallet and one or more trading wallet(s). To be able to maintain anonymity, users must ensure that these wallets are absolutely separate - they must have never transacted or interacted with each other.

1) The Authentication/Master Wallet:

Used to be able to confirm the user's off-chain compliance information at the beginning, and further on if required.

2) The Trading Wallet(s):

Used for on-chain interactions. Note that your Master Wallet is automatically one of your trading wallets.

When a new user joins Portal Gate, they will be prompted to connect their Authentication Wallet to their account. They will also need to disclose any Trading Wallets. An identity Commitment is created linking all Wallets, as well as any admission policies required.

The user will then be required to submit any information required by Keyring in order to complete their compliance check, which are automatically sent to and encrypted by a secure vault operated by third-party Basis Theory (BT). Such data is also sent to one of Keyring's third-party Compliance Partners, which for Portal Gate will be the user's choice between Shufti Pro and ComplyCube, and they will complete the off-chain checks.

The off-chain compliance checks include static and dynamic checks.

1. Static checks identify and confirm the user's identity and are completed during the initial onboarding process, but may occasionally be required to repeated or added to, for example in cases of changes in jurisdiction or if the user is identified as a risk in dynamic checks. These checks also match users to a unique identifier.

2. Dynamic checks assess the risk that the potential user poses, and are completed on an ongoing basis.

On-chain dynamic compliance checks are also completed in order to monitor smart contracts or any interaction with wallets identified to be compromised or tainted. However, these checks do not occur at initial onboarding but rather at the smart contract level.

The user-selected Compliance Partner is responsible for completing the required checks. The process can take up to 3 days for individuals and 5 days for businesses, but is usually close to instantaneous.

After the third-party Compliance Partners have completed their checks, the following information is sent to Keyring's network:

• The Authentication Wallet's signature

• The claim put forward by the Compliance Partner about if the Wallet complies with each admission policy

• A timestamp of when the checks were completed

Keyring must then confirm that the Wallet does indeed comply with each of the admission policies the compliance partner claims it does. If sensitive information or personally identifiable information is required, Keyring will connect with the Basis Theory vault. If dynamic parts without any identifiable data are required, Keyring will connect with the Keyring AWS Vault. If the user is not identified as compliant, they will have to resolve this through Zendesk.

Once this has been confirmed, Keyring will verify the Identity Commitment generated at onboarding, and add this to the map of all valid network users. This is contained within an encrypted Merkle Tree. Any of the user-specific data added to this Merkle Tree can be accessed on Orbit DB by the user only*

Upon being added to the network of valid users, the user is then permitted to use their trading wallet(s). For each Keyring-guarded contract they wish to interact with, Keyring will confirm that the wallet was initially disclosed by the user and that the authentication wallet is contained within the Merkle Tree. A credential is then made for each trading wallet used, which is stored on-chain.

Keyring stores these credentials within a Wallet Check Whitelist, and so if a check must be performed on the Trading Wallet, Keyring simply sends the wallet address to its third-party Compliance Partners to complete a KYW (Know Your Wallet) check. This helps maintain user anonymity.

Each time a user wants to complete an action that requires proper compliance, the Keyring Guard will confirm that the Trading Wallet is included in the Wallet Check Whitelist and that it has the required on chain Credential.

*Please note, while Keyring does not have the ability to see who is behind a certain wallet, law enforcement may. Users will be able to be de-anonymised in case of subpoena.