Privacy-Preserving Compliance on Public Ledgers via Selective Disclosure Authorization Schemes
Pith reviewed 2026-06-26 17:24 UTC · model grok-4.3
The pith
Selective Disclosure Authorization Schemes bind zero-knowledge proofs to specific ledger contexts and senders for revocable compliance without exposing private attributes.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
The paper formalizes Selective Disclosure Authorization Schemes (SDAS) as a cryptographic primitive enabling granular and revocable compliance checks on public ledgers without revealing the underlying witness. It introduces Ledger-Bound Attribute Unlinkability and Context-Aware Sender Binding to ensure valid proofs stay tied to their intended authorization context and executing sender. The ZK-Compliance construction on Ethereum operationalizes a user-controlled lifecycle with a 14-constraint circuit that anchors proofs to the on-chain sender address, achieving sub-200 ms browser generation and 240512 gas verification.
What carries the argument
Selective Disclosure Authorization Schemes (SDAS) with the Ledger-Bound Attribute Unlinkability and Context-Aware Sender Binding properties, which bind proofs to authorization contexts and on-chain addresses.
If this is right
- Compliance checks become possible on public ledgers without disclosing the private attributes being checked.
- Proofs generated for one authorization cannot be reused by other parties due to sender and context binding.
- Users retain control over granting, verifying, and revoking access through the defined lifecycle.
- The construction runs with low enough gas cost and generation time to be usable in existing smart contract environments.
Where Pith is reading between the lines
- The binding mechanism could be adapted to other public ledger platforms that expose sender addresses in transactions.
- Regulatory bodies might use similar schemes to audit ledger activity while respecting data minimization rules.
- Further circuit optimizations could reduce verification costs even more for high-volume compliance use cases.
Load-bearing premise
The new security properties fully prevent proof reuse and front-running risks that arise when proofs are generated off-chain and later submitted on-chain.
What would settle it
A demonstration that one valid SDAS proof can be successfully submitted and accepted from a different on-chain sender address than the one it was generated for.
Figures
read the original abstract
Public distributed ledgers enforce integrity through radical transparency, creating tension with data minimization principles required for regulatory compliance. While Zero-Knowledge Proofs (ZKPs) offer a theoretical privacy solution, existing constructions often overlook adversarial constraints in smart contract environments. Specifically, the asynchronous decoupling of off-chain proof generation from on-chain submission introduces front-running and proof-reuse risks in public mempools. In this work, we formalize Selective Disclosure Authorization Schemes (SDAS), a cryptographic primitive for granular and revocable compliance checks on public ledgers without revealing the underlying witness. We define a security model for SDAS, introducing Ledger-Bound Attribute Unlinkability and Context-Aware Sender Binding to capture how valid proofs remain bound to their intended authorization context. To validate sender binding, we present ZK-Compliance, an Ethereum-based instantiation that operationalizes a user-controlled "Grant, Verify, Revoke" lifecycle. We implement the sender-binding component using a 14-constraint Circom circuit that anchors the zero-knowledge proof to the executing on-chain sender address. Our Sepolia evaluation confirms practical viability: browser-based proof generation executes in under 200 ms, and on-chain verification costs 240,512 gas, neutralizing proof reuse by different callers while preserving strict attribute privacy.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper formalizes Selective Disclosure Authorization Schemes (SDAS) as a cryptographic primitive enabling granular, revocable compliance checks on public ledgers via zero-knowledge proofs without revealing the witness. It introduces a security model with two new properties—Ledger-Bound Attribute Unlinkability and Context-Aware Sender Binding—to address front-running and proof-reuse risks arising from asynchronous off-chain proof generation and on-chain submission. The work presents an Ethereum instantiation (ZK-Compliance) using a 14-constraint Circom circuit that binds proofs to the on-chain sender address, along with a 'Grant, Verify, Revoke' lifecycle and Sepolia evaluation results showing sub-200ms browser proof generation and 240,512 gas verification cost.
Significance. If the new security properties can be shown to hold for the construction, the framework would offer a targeted approach to reconciling ledger transparency with data-minimization requirements in regulated environments. The concrete instantiation and performance numbers indicate practical deployability on Ethereum, and the emphasis on sender binding directly targets a realistic adversarial setting in public mempools.
major comments (2)
- [Abstract / Security Model] Abstract and security model section: The manuscript defines Ledger-Bound Attribute Unlinkability and Context-Aware Sender Binding to mitigate proof-reuse and front-running, yet provides no game-based definition, reduction, or even informal argument demonstrating that the 14-constraint Circom circuit satisfies these properties against a mempool adversary capable of reordering or replaying transactions. Without such an argument the central claim that the new properties adequately bind proofs to their authorization context remains unverified.
- [Implementation / Evaluation] Implementation and evaluation section: The claim that the circuit 'anchors the zero-knowledge proof to the executing on-chain sender address' and thereby neutralizes reuse by different callers is stated without the circuit source, constraint details, or a security argument linking the 14 constraints to Context-Aware Sender Binding. This omission makes it impossible to assess whether the binding holds under the stated threat model.
minor comments (1)
- [Abstract] The abstract refers to 'raw evaluation data' and 'circuit code' being omitted; including at least the circuit source or a link to a public repository would improve verifiability.
Simulated Author's Rebuttal
We thank the referee for their careful review and constructive feedback. We address each major comment below, agreeing that additional details are required to fully substantiate the security claims.
read point-by-point responses
-
Referee: [Abstract / Security Model] Abstract and security model section: The manuscript defines Ledger-Bound Attribute Unlinkability and Context-Aware Sender Binding to mitigate proof-reuse and front-running, yet provides no game-based definition, reduction, or even informal argument demonstrating that the 14-constraint Circom circuit satisfies these properties against a mempool adversary capable of reordering or replaying transactions. Without such an argument the central claim that the new properties adequately bind proofs to their authorization context remains unverified.
Authors: We agree that the security model would be strengthened by an explicit argument. The manuscript introduces the properties at a conceptual level but omits a game-based definition or informal reduction showing satisfaction by the circuit against a mempool adversary. In the revised manuscript we will add an informal security argument explaining how the sender address binding prevents proof reuse and front-running under the stated threat model; a game-based definition will be included if space allows or provided in an extended version. revision: yes
-
Referee: [Implementation / Evaluation] Implementation and evaluation section: The claim that the circuit 'anchors the zero-knowledge proof to the executing on-chain sender address' and thereby neutralizes reuse by different callers is stated without the circuit source, constraint details, or a security argument linking the 14 constraints to Context-Aware Sender Binding. This omission makes it impossible to assess whether the binding holds under the stated threat model.
Authors: We acknowledge the omission of detailed circuit information. The manuscript provides only a high-level description of the 14-constraint circuit. We will revise the implementation section (or add an appendix) to include the full constraint list, the mechanism by which the sender address is incorporated as a public input, and a direct link to Context-Aware Sender Binding, enabling assessment against the threat model. revision: yes
Circularity Check
No significant circularity; security model and instantiation are independently defined
full rationale
The paper defines SDAS and introduces Ledger-Bound Attribute Unlinkability and Context-Aware Sender Binding as new properties in its security model, then describes a Circom circuit instantiation that anchors proofs to the on-chain sender. No quoted step reduces a claimed result to a fitted parameter, self-citation chain, or definitional equivalence by construction. The derivation remains self-contained against standard cryptographic assumptions and empirical evaluation, with no load-bearing reduction to inputs.
Axiom & Free-Parameter Ledger
axioms (2)
- standard math Standard cryptographic assumptions on zero-knowledge proofs (soundness, completeness, and zero-knowledge property) hold for the underlying proof system.
- domain assumption The 14-constraint Circom circuit correctly anchors the proof to the on-chain sender address without introducing additional vulnerabilities.
invented entities (3)
-
Selective Disclosure Authorization Schemes (SDAS)
no independent evidence
-
Ledger-Bound Attribute Unlinkability
no independent evidence
-
Context-Aware Sender Binding
no independent evidence
Reference graph
Works this paper leans on
-
[1]
Almasi, Sirvan and Knottenbelt, William J. , title =. Proceedings of the Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) , year =. doi:10.14722/madweb.2020.23016 , url =
-
[2]
International workshop on socio-technical aspects in security , pages=
Sok: Evaluating privacy and security vulnerabilities of patients’ data in healthcare , author=. International workshop on socio-technical aspects in security , pages=. 2022 , organization=
2022
-
[3]
International workshop on selected areas in cryptography , pages=
Pairing-friendly elliptic curves of prime order , author=. International workshop on selected areas in cryptography , pages=. 2005 , organization=
2005
-
[4]
Federated TON IoT Windows Datasets for Evaluating AI-Based Security Ap- plications,
Belchior, Rafael and Putz, Benedikt and Pernul, G. SSIBAC: Self-Sovereign Identity Based Access Control , booktitle =. 2020 , pages =. doi:10.1109/TrustCom50675.2020.00264 , url =
-
[5]
Acm Computing Surveys (CSUR) , volume=
A survey on blockchain interoperability: Past, present, and future trends , author=. Acm Computing Surveys (CSUR) , volume=. 2021 , publisher=
2021
-
[6]
IEEE Transactions on Dependable and Secure Computing , volume=
Circom: A circuit description language for building zero-knowledge applications , author=. IEEE Transactions on Dependable and Secure Computing , volume=. 2022 , publisher=
2022
-
[7]
23rd USENIX Security Symposium , pages=
Succinct \ Non-Interactive \ zero knowledge for a von neumann architecture , author=. 23rd USENIX Security Symposium , pages=
-
[8]
Journal of Computer Security , volume=
Computational soundness of symbolic zero-knowledge proofs , author=. Journal of Computer Security , volume=. 2010 , publisher=
2010
-
[9]
Bernabé, J. B. and Cánovas, J. L. and Hernández‐Ramos, J. L. and Moreno, R. T. and Skarmeta, A. , title =. IEEE Access , year =
-
[10]
2020 IEEE Symposium on Security and Privacy (SP) , pages=
Zexe: Enabling decentralized private computation , author=. 2020 IEEE Symposium on Security and Privacy (SP) , pages=. 2020 , organization=
2020
-
[11]
Bridging the privacy gap: Enhanced user consent mechanisms on the web , author=. Proc. NDSS Workshop on Measurements, Attacks, and Defenses for the Web (MAD-Web@ NDSS) , year=
-
[12]
2016 , month = jan, day =
Buterin, Vitalik , title =. 2016 , month = jan, day =
2016
-
[13]
International conference on the theory and applications of cryptographic techniques , pages=
An efficient system for non-transferable anonymous credentials with optional anonymity revocation , author=. International conference on the theory and applications of cryptographic techniques , pages=. 2001 , organization=
2001
-
[14]
ACM Transactions on Information and System Security (TISSEC) , volume=
Efficient attributes for anonymous credentials , author=. ACM Transactions on Information and System Security (TISSEC) , volume=. 2012 , publisher=
2012
-
[15]
2017 IEEE European Symposium on Security and Privacy (EuroS&P) , pages=
Privacy-preserving user-auditable pseudonym systems , author=. 2017 IEEE European Symposium on Security and Privacy (EuroS&P) , pages=. 2017 , organization=
2017
-
[16]
Journal of Cybersecurity , volume =
Catherine Carpentier-Desjardins and Masarah Paquet-Clouston and Stefan Kitzler and Bernhard Haslhofer , title =. Journal of Cybersecurity , volume =. 2025 , pages =. doi:10.1093/cybsec/tyae029 , url =
-
[17]
32nd USENIX Security Symposium (USENIX Security 23) , year =
Federico Cernera and Massimo La Morgia and Alessandro Mei and Francesco Sassi , title =. 32nd USENIX Security Symposium (USENIX Security 23) , year =
-
[18]
Open Questions in Cosmic-Ray Research at Ultrahigh Energies.Front
Cheng, Raymond and Zhang, Fan and Kos, Jernej and He, Warren and Hynes, Nicholas and Johnson, Noah and Juels, Ari and Miller, Andrew and Song, Dawn , year=. Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , url=. doi:10.1109/eurosp.2019.00023 , booktitle=
-
[19]
IEEE communications surveys & tutorials , volume=
A survey on security and privacy issues of bitcoin , author=. IEEE communications surveys & tutorials , volume=. 2018 , publisher=
2018
-
[20]
arXiv preprint arXiv:2605.02979 , year=
Towards a Risk-Cost Model for Financial Adaptive Authentication , author=. arXiv preprint arXiv:2605.02979 , year=
-
[21]
Your Doctor is Spying on You
“Your Doctor is Spying on You”: An Analysis of Data Practices in Mobile Healthcare Applications , author=. 2025 Conference on Building a Secure & Empowered Cyberspace (BuildSEC) , pages=. 2025 , organization=
2025
-
[22]
2021 , url =
Dai, Wei , title =. 2021 , url =
2021
-
[23]
Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability , year=
Daian, Philip and Goldfeder, Steven and Kell, Tyler and Li, Yunqi and Zhao, Xueyuan and Bentov, Iddo and Breidenbach, Lorenz and Juels, Ari , booktitle=. Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability , year=
-
[24]
Journal of Peer Production , year =
De Filippi, Primavera , title =. Journal of Peer Production , year =
-
[25]
2016 , note =
Vitalik Buterin , title =. 2016 , note =
2016
-
[26]
32nd USENIX Security Symposium (USENIX Security 23) , pages=
Proxy hunting: Understanding and characterizing proxy-based upgradeable smart contracts in blockchains , author=. 32nd USENIX Security Symposium (USENIX Security 23) , pages=
-
[27]
2017 , howpublished =
Christian Reitwiessner , title =. 2017 , howpublished =
2017
-
[28]
2017 , howpublished =
Vitalik Buterin and Christian Reitwiessner , title =. 2017 , howpublished =
2017
-
[29]
2019 , howpublished =
Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers , author =. 2019 , howpublished =
2019
-
[30]
and Kumar, Nitin , title =
Feng, Qiang and He, Derong and Zeadally, Sherali and Khan, Mohsin K. and Kumar, Nitin , title =. Journal of Network and Computer Applications , year =
-
[31]
Proceedings of the nineteenth annual ACM symposium on Theory of computing , pages=
The complexity of perfect zero-knowledge , author=. Proceedings of the nineteenth annual ACM symposium on Theory of computing , pages=
-
[32]
Proceedings of the Ninth Workshop on Technology and Consumer Protection (ConPro ’25) , year=
Privacy-preserving Age Verification based on Improved Verifiable Credentials Framework , author=. Proceedings of the Ninth Workshop on Technology and Consumer Protection (ConPro ’25) , year=
-
[33]
International Conference on Cryptology and Network Security , pages=
Simulation extractable versions of Groth’s zk-SNARK revisited , author=. International Conference on Cryptology and Network Security , pages=. 2020 , organization=
2020
-
[34]
2024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) , pages=
Decentralized commit-reveal scheme to defend against front-running attacks on Decentralized EXchanges , author=. 2024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) , pages=. 2024 , organization=
2024
-
[35]
Annual International Cryptology Conference , pages=
The algebraic group model and its applications , author=. Annual International Cryptology Conference , pages=. 2018 , organization=
2018
-
[36]
IEEE network , volume=
A survey on zero-knowledge proof in blockchain , author=. IEEE network , volume=. 2021 , publisher=
2021
-
[37]
2024 , eprint=
A Survey of Blockchain-Based Privacy Applications: An Analysis of Consent Management and Self-Sovereign Identity Approaches , author=. 2024 , eprint=
2024
-
[38]
30th USENIX Security Symposium (USENIX Security 21) , pages=
Poseidon: A new hash function for \ Zero-Knowledge \ proof systems , author=. 30th USENIX Security Symposium (USENIX Security 21) , pages=
-
[39]
2016 , howpublished =
Regulation (EU) 2016/679 (General Data Protection Regulation) , author =. 2016 , howpublished =
2016
-
[40]
Goldwasser, S and Micali, S and Rackoff, C , title =. 1985 , isbn =. doi:10.1145/22145.22178 , booktitle =
-
[41]
On the Size of Pairing-Based Non-interactive Arguments
Groth, Jens. On the Size of Pairing-Based Non-interactive Arguments. Advances in Cryptology -- EUROCRYPT 2016. 2016
2016
-
[42]
Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) , year =
Huyghe, Maxime and Quinton, Clément and Rudametkin, Walter , title =. Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) , year =. doi:10.14722/madweb.2025.23017 , url =
-
[43]
GitHub repository , howpublished =
snarkjs: zkSNARK implementation in JavaScript & WASM , year =. GitHub repository , howpublished =
-
[44]
Ethics and Information Technology , year =
Ishmaev, Georgy , title =. Ethics and Information Technology , year =. doi:10.1007/s10676-020-09563-x , url =
-
[45]
Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) , year =
Kancherla, Gayatri Priyadarsini and Bichhawat, Abhishek , title =. Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) , year =. doi:10.14722/madweb.2025.23021 , url =
-
[46]
2016 IEEE symposium on security and privacy (SP) , address =
Hawk: The blockchain model of cryptography and privacy-preserving smart contracts , author=. 2016 IEEE symposium on security and privacy (SP) , address =. 2016 , publisher=
2016
-
[47]
Cryptology ePrint Archive , year=
Scalable multi-party computation for zk-SNARK parameters in the random beacon model , author=. Cryptology ePrint Archive , year=
-
[48]
Sensors , volume=
Self-sovereign identity: a systematic review, mapping and taxonomy , author=. Sensors , volume=. 2022 , publisher=
2022
-
[49]
International Workshop on Data Privacy Management , pages=
Auditable credential anonymity revocation based on privacy-preserving smart contracts , author=. International Workshop on Data Privacy Management , pages=. 2019 , organization=
2019
-
[50]
International Conference on Security and Cryptography for Networks , pages=
Solving revocation with efficient update of anonymous credentials , author=. International Conference on Security and Cryptography for Networks , pages=. 2010 , organization=
2010
-
[51]
Iconic Res
Enhancing digital identity and financial security in decentralized finance (DeFi) through zero-knowledge proofs (ZKPs) and blockchain solutions for regulatory compliance and privacy , author=. Iconic Res. Eng. J , volume=
-
[52]
Computer Science Review , volume=
A survey on decentralized identity management systems , author=. Computer Science Review , volume=. 2025 , publisher=
2025
-
[53]
Journal of Computer Information Systems , volume=
On the security risks of the blockchain , author=. Journal of Computer Information Systems , volume=. 2020 , publisher=
2020
-
[54]
Computers & Security , volume=
A zero-knowledge-proof-based digital identity management scheme in blockchain , author=. Computers & Security , volume=. 2020 , publisher=
2020
-
[55]
arXiv preprint arXiv:2502.07063 , year=
Zero-Knowledge Proof Frameworks: A Systematic Survey , author=. arXiv preprint arXiv:2502.07063 , year=
-
[56]
Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society , pages=
Scalable revocation scheme for anonymous credentials based on n-times unlinkable proofs , author=. Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society , pages=
2016
-
[57]
Krul, Evan and Paik, Hye-young and Ruj, Sushmita and Kanhere, Salil S. , year=. SoK: Trusting Self-Sovereign Identity , volume=. Proceedings on Privacy Enhancing Technologies , publisher=. doi:10.56553/popets-2024-0079 , number=
-
[58]
2016 IEEE international conference on data science and advanced analytics (DSAA) , pages=
Uncovering the bitcoin blockchain: an analysis of the full users graph , author=. 2016 IEEE international conference on data science and advanced analytics (DSAA) , pages=. 2016 , organization=
2016
-
[59]
Proceedings of the 2013 conference on Internet measurement conference , pages=
A fistful of bitcoins: characterizing payments among men with no names , author=. Proceedings of the 2013 conference on Internet measurement conference , pages=
2013
-
[60]
2020 , doi =
Lesavre, Lo\"ic and Varin, Priam and Mell, Peter and Davidson, Michael and Shook, James , title =. 2020 , doi =
2020
-
[61]
Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) , year =
Qu, Zihan and Qu, Xinyi and Shen, Xin and Liang, Zhen and Yu, Jianjia , title =. Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) , year =. doi:10.14722/madweb.2025.23016 , url =
-
[62]
International conference on financial cryptography and data security , pages=
Quantitative analysis of the full bitcoin transaction graph , author=. International conference on financial cryptography and data security , pages=. 2013 , organization=
2013
-
[63]
2014 IEEE Symposium on Security and Privacy , pages=
Zerocash: Decentralized anonymous payments from Bitcoin , author=. 2014 IEEE Symposium on Security and Privacy , pages=. 2014 , organization=
2014
-
[64]
International Conference on the Theory and Applications of Cryptographic Techniques , pages=
Lower bounds for discrete logarithms and related problems , author=. International Conference on the Theory and Applications of Cryptographic Techniques , pages=. 1997 , organization=
1997
-
[65]
Frontiers in Blockchain , volume =
Shrestha, Ajay Kumar and Vassileva, Julita and Deters, Ralph , title =. Frontiers in Blockchain , volume =. 2020 , pages =. doi:10.3389/fbloc.2020.497985 , url =
-
[66]
Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) , year =
Suzuki, Iori and Pat, Yin Minn Pa and Anh, Nguyen Thi Van and Yoshioka, Katsunari , title =. Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) , year =. doi:10.14722/madweb.2025.23019 , url =
-
[67]
ACM Computing Surveys (CSUR) , volume=
Security and privacy on blockchain , author=. ACM Computing Surveys (CSUR) , volume=. 2019 , publisher=
2019
-
[68]
2022 , month=
Verifiable Credentials Data Model v1.1 , author=. 2022 , month=
2022
-
[69]
What is DC‑API? — Digital Credentials API (DC‑API) , year =
-
[70]
Proceedings of the 2024 CHI Conference on Human Factors in Computing Systems , articleno =
Yu, Yaman and Sharma, Tanusree and Das, Sauvik and Wang, Yang , title =. Proceedings of the 2024 CHI Conference on Human Factors in Computing Systems , articleno =. 2024 , isbn =. doi:10.1145/3613904.3642534 , abstract =
-
[71]
International Conference on Financial Cryptography and Data Security , pages=
Zether: Towards privacy in a smart contract world , author=. International Conference on Financial Cryptography and Data Security , pages=. 2020 , organization=
2020
-
[72]
2015 , eprint=
Enigma: Decentralized Computation Platform with Guaranteed Privacy , author=. 2015 , eprint=
2015
-
[73]
Timestamp Dependence , author =
-
[74]
2006 , publisher=
Robust composition: Towards a uni ed approach to access control and concurrency control , author=. 2006 , publisher=
2006
-
[75]
Ieee Access , volume=
RBAC-SC: Role-based access control using smart contract , author=. Ieee Access , volume=. 2018 , publisher=
2018
-
[76]
32nd USENIX Security Symposium (USENIX Security 23) , pages=
Confusum contractum: Confused deputy vulnerabilities in ethereum smart contracts , author=. 32nd USENIX Security Symposium (USENIX Security 23) , pages=
-
[77]
2026 , note =
Access. 2026 , note =
2026
-
[78]
Iden3 Protocol Specifications (Version 0) , howpublished =
-
[79]
Introducing Polygon ID, Zero-Knowledge Identity for Web3 , year =
-
[80]
2025 , howpublished =
Privado ID Documentation: Credential Revocation Status , author =. 2025 , howpublished =
2025
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.