Decentralized Vaults

Fairway Vaults are off-chain, decentralized storage environments for KYC/AML data. They ensure compliance with FATF standards and GDPR/eIDAS while enabling privacy-preserving, proofs of compliance.

Compliance Context

FATF & AML Requirements

Customer Due Diligence (CDD) → Collect and verify customer identity documents.
Record Keeping → Maintain records for 5–10 years, available for regulators on request.
Sanctions Screening → Check against updated lists (UN, OFAC, EU, local).
Ongoing Monitoring → Reassess at regular intervals or when risk events occur.

KYC Regulations

Document Verification (passport, national ID, proof of address).
Risk-based Approach → Different levels (KYC1, KYC2, Enhanced Due Diligence).
Accreditation/Eligibility → Investor class checks for RWA access.

Data Minimization → only necessary data collected.
Right to Erasure / Portability → users can revoke and migrate.
Encryption & Scoped Access → Vault encrypts data at rest and in transit.
Separation of Concerns → Vault handles PII; blockchains only handle proofs & commitments.

Architecture

flowchart TD
  subgraph Off-Chain [Off-Chain Layer]
    U[User submits KYC data] --> V[Fairway Vault encrypted decentralized storage]
    V --> A[Fairway Cloud Agent Witness]
    A -->|ZK proof| M[Midnight Compact Circuit]
  end

  subgraph On-Chain [On-Chain Layer]
    M --> L[Midnight Ledger: Proof UTXO]
    L --> C[Cardano Merkle UTXO]
    L --> E[EVM EAS Attestation]
    C --> D[dApp/Protocol Guard]
    E --> D
  end

Data Lifecycle

Collection → user submits KYC docs to Vault (off-chain, encrypted).
Verification → Cloud Agent validates docs (document checks, sanctions screening, AML rules).
Proof Generation → Witness calls Cloud Agent and Compact circuit produces ZK-proof bound to a wallet address.
Recording → Proof stored as a UTXO on Midnight (immutable audit trail).
Reference → Merkle roots (Cardano) or EAS attestations (EVM) include midnight_ref and Fairway signature.
Usage → dApps only check eligibility flags; no direct access to PII.

Data Model (Vault Entry)

{
  "user_id": "uuid-v4",
  "wallets": ["addr1...", "0xabc..."],
  "kyc_level": 2,
  "jurisdiction": "EU",
  "accredited": true,
  "sanctions_status": "clear",
  "docs": {
    "passport_hash": "sha256:0x123...",
    "proof_of_address_hash": "sha256:0x456..."
  },
  "created_at": "2025-09-22T10:15:00Z",
  "updated_at": "2025-09-22T11:00:00Z"
}

Compliance Properties

FATF R.10 / R.11 (Recordkeeping) → Vault maintains secure audit trail; regulators can request full trace via midnight_ref.
AML Directives (AMLD5/6, EU) → sanctions screening + enhanced due diligence supported by Vault Agent workflows.
GDPR Articles 5 & 25 (Minimization, Privacy by Design) → only commitments/flags on-chain, never PII.
eIDAS → cryptographic signatures and proofs meet EU electronic trust service requirements.
Auditability → any midnight_ref can be checked against Vault + Issuer records under regulator supervision.

What Vaults Are (and Are Not)

✅ Are → encrypted, decentralized KYC data stores aligned with FATF/AML/GDPR.
❌ Are Not → on-chain databases (no PII ever published).
❌ Are Not → public APIs for dApps (only the Witness Agent reads them).
❌ Are Not → proof stores (ZK-proofs live on Midnight).

Benefits

Privacy-first → regulators can audit, but protocols see only “YES/NO”.
Regulatory alignment → satisfies FATF, AMLD, KYC, GDPR/eIDAS simultaneously.
Future-proof → Vault workflows adapt to new directives (e.g., FATF Travel Rule, MiCA).
Trust-minimized → Fairway signature + Midnight proofs decouple compliance checks from raw data custody.

Next Steps

See Witnesses → how Cloud Agents read Vaults and generate proofs. (Not public yet)
Learn Zero-Knowledge Proofs (Midnight).
Explore Compliance Guides for regulator mapping.

PreviousZero-Knowledge Proofs (Midnight)NextTrust Registries

Last updated 2 months ago

Was this helpful?