Zero-knowledge scaling company StarkWare has introduced a novel solution called 'Private KYC' on its Starknet platform, designed to let users complete Know Your Customer (KYC) verification without exposing their full personal information. The system, demonstrated on Tuesday, utilizes STRK20 privacy features and zero-knowledge STARK proofs to enable selective attribute verification—for instance, proving that a user is over 18 or holds a valid credential without revealing their passport number, home address, or other sensitive details.
The concept directly addresses a critical flaw in traditional KYC processes. 'Identity checks today ask for your whole document when they only need one fact,' the Starknet team stated. By allowing users to prove only what is necessary, Private KYC reduces the amount of personal data that companies must collect, store, and protect—a significant liability in an era where data breaches are increasingly costly and frequent.
According to data cited by StarkWare, the United States experienced a record 3,322 data compromises in 2025, a staggering 79% increase over five years. The global average cost of a data breach now stands at $4.4 million, as reported by StationX. These figures underscore the urgent need for privacy-preserving verification methods, especially in industries like finance and healthcare where KYC is mandatory.
How Private KYC Works
StarkWare's Private KYC process begins with the user scanning their passport using their smartphone's camera and NFC chip. The device reads the passport's data and confirms its authenticity by verifying the digital signature from the issuing authority. Crucially, this step ensures that the document is genuine without requiring the user to upload a photo or scan to a centralized server.
Once the document is verified, the identity data is encrypted and stored in the user's Starknet wallet. Users can then register specific attributes (e.g., 'over 18' or 'valid credential holder') in a public on-chain registry, without revealing the underlying raw data. When a verifier—such as an exchange or a decentralized application—needs to confirm eligibility, they can submit a challenge that the user responds to with a zero-knowledge proof. The verifier checks the proof against the public registry and confirms the attribute without ever viewing the actual identity data. 'Contracts check the proofs, not the passports,' StarkWare explained.
This self-custody model contrasts sharply with other identity verification systems, such as Sam Altman's World ID (formerly Worldcoin). World ID uses zero-knowledge proofs to verify 'humanness' via iris scans performed on hardware orbs, but it has faced backlash over centralized biometric custody. StarkWare's approach ensures that users retain full control over their identity data at all times, mitigating the risk of mass surveillance or data leaks.
Data Breaches: A Growing Crisis
The timing of Private KYC's release is no coincidence. The global cost of data breaches continues to rise, with the average incident costing organizations $4.4 million as of 2025. In the healthcare sector, the situation is even more dire. According to Axis Intelligence, over 1 billion healthcare records have been breached, and the average cost per healthcare breach is $7.42 million. In the United States alone, 772 large healthcare data breaches were confirmed in 2025—the highest annual total ever recorded.
The crypto industry has not been immune to such incidents. One of the most damaging data breaches occurred at hardware wallet provider Ledger in 2020, when a massive database hack leaked more than 270,000 customer records. The fallout included a wave of persistent phishing attacks that continue to target affected users years later. Such breaches erode trust and highlight the need for verification methods that minimize data collection.
StarkWare's Private KYC aims to break this cycle. 'Corporations should not collect the full identity behind it, because every identity database becomes a liability the moment it exists,' the company said. By ensuring that verifiers only receive confirmation of specific facts—and never the raw data—Private KYC eliminates the temptation for companies to store sensitive information insecurely.
Zero-Knowledge Proofs: The Technical Foundation
At the heart of Private KYC is the zero-knowledge STARK (zk-STARK) proof system, which StarkWare has pioneered. Unlike zero-knowledge SNARKs, STARKs do not require a trusted setup and are resistant to quantum computing attacks. This makes them particularly well-suited for decentralized applications where trustlessness is paramount.
In the context of identity verification, zk-STARKs allow a user (the prover) to convince a verifier that a certain statement is true without revealing any information beyond the validity of the statement itself. For example, a user can prove that their birth date is before a certain threshold (i.e., they are over 18) without disclosing their actual birth date or any other personal details. The proof is succinct and can be verified almost instantly on-chain.
The integration with STRK20 privacy features on Starknet further enhances the system's capabilities. STRK20 provides infrastructure for private transactions and attribute storage, enabling users to maintain confidentiality while still interacting with public smart contracts. This combination of zk-STARKs and on-chain privacy creates a robust foundation for compliant but private verification.
Comparison with Existing Solutions
While other projects have explored zero-knowledge identity verification, StarkWare's approach differs in key aspects. World ID relies on biometric data collection via proprietary hardware, which introduces centralization risks and privacy concerns. Meanwhile, decentralized identity initiatives like the W3C's Verifiable Credentials often still require the user to share the credential itself, albeit in a digital format. StarkWare's Private KYC takes a step further by abstracting away even the credential—only the fact of holding a valid credential is proven.
Another notable project is Polygon ID, which also uses zero-knowledge proofs for identity. However, StarkWare's solution is tightly integrated with Starknet's existing infrastructure and benefits from the scalability and low fees of the Starknet layer-2 network. This makes it practical for high-volume verification tasks, such as onboarding thousands of users to DeFi platforms.
The system also addresses regulatory compliance. Financial regulations often require institutions to perform KYC checks, but they do not necessarily require the institution to store raw identity data. StarkWare argues that Private KYC satisfies regulatory requirements while minimizing the data footprint. 'An institution can confirm exactly what it needs without assembling another copy of someone's identity it then has to defend,' the company said.
Implications for Privacy and Compliance
The introduction of Private KYC could have far-reaching implications for the broader blockchain ecosystem. As decentralized finance (DeFi) and non-fungible token (NFT) platforms face increasing regulatory scrutiny, the ability to perform compliant verification without compromising user privacy will become a competitive advantage. StarkWare's solution may enable projects to operate in regulated markets while preserving the core ethos of self-sovereignty.
Moreover, the system's self-custody model aligns with the principles of Web3, where users control their own data. By encrypting identity data to their Starknet wallet, users retain the ability to revoke access or share specific attributes as needed. This flexibility is crucial for applications that require continuous compliance, such as decentralized exchanges that need to screen users for sanctions lists or age restrictions.
Privacy advocates have long argued that KYC as currently implemented—requiring users to upload scans of government-issued IDs—creates a honeypot of sensitive information. StarkWare's Private KYC offers a way to break that pattern, proving that verification and privacy are not a trade-off. 'Private KYC shows that verification and privacy aren't a trade-off,' StarkWare emphasized.
As the cost of data breaches continues to climb and regulatory demands intensify, solutions like Private KYC may become the new standard. The technology is still in its demo phase, but StarkWare plans to release it for wider use, potentially transforming how identity verification is conducted across the blockchain industry and beyond.
Source: Cointelegraph News