Privacy-Preserving Compliance for Security Tokens
Where Zero-Knowledge Meets Regulatory Compliance
Problem • How It Works • Architecture • Quick Start • Contracts • Team
MiCA requires identity verification. GDPR forbids storing it on-chain. Blockchain demands transparency.
Security tokens under MiCA (Markets in Crypto-Assets) regulation must comply with KYC/AML requirements. But storing personal identity data on a public blockchain violates GDPR. This creates an impossible trilemma:
┌─────────────────┐
│ COMPLIANCE │ ← MiCA requires investor verification
│ (KYC/AML) │
└────────┬────────┘
│
┌────────────┼────────────┐
│ │ │
▼ ▼ ▼
┌────────┐ ┌─────────┐ ┌──────────┐
│ PRIVACY│ │TRANSPAR- │ │ ON-CHAIN │
│ (GDPR) │ │ ENCY │ │ IDENTITY │
└────────┘ └─────────┘ └──────────┘
✗ ✗ ✗
Traditional approaches fail all three.
Keter solves this. Using zero-knowledge proofs, investors prove they meet compliance requirements without revealing any personal data on-chain.
Keter uses Noir circuits compiled and proven directly in the browser via NoirJS. No backend. No trusted server. Pure client-side ZK.
┌──────────────────────────────────────────────────────────┐
│ INVESTOR BROWSER │
│ │
│ ┌─────────────┐ ┌──────────────┐ ┌─────────────┐ │
│ │ KYC Data │───▶│ Noir Circuit │───▶│ ZK Proof │ │
│ │ (private) │ │ (NoirJS) │ │ (public) │ │
│ └─────────────┘ └──────────────┘ └──────┬──────┘ │
│ │ │
└─────────────────────────────────────────────────┼────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ ETHEREUM (SEPOLIA) │
│ │
│ ┌────────────────┐ ┌───────────────┐ ┌─────────────┐ │
│ │ UltraVerifier │ │ Registry │ │ KeterToken │ │
│ │ (verify proof) │──│ (store root) │──│ (ERC-20 ST) │ │
│ └────────────────┘ └───────────────┘ └─────────────┘ │
│ │
└──────────────────────────────────────────────────────────┘
- Investor inputs KYC data (name, age, address, investor type, etc.) in the browser
- Noir circuit hashes the data into a Poseidon Merkle leaf and generates a ZK proof of compliance
- Proof is submitted on-chain to the
UltraVerifiercontract - Registry validates the Merkle root and registers the investor's wallet
- KeterToken (security token) checks the Registry before allowing transfers
🔒 Zero personal data touches the blockchain. Ever.
keter/
├── circuits/ # Noir ZK circuits
│ ├── src/
│ │ └── main.nr # Compliance proof circuit
│ ├── Nargo.toml # Noir project config
│ └── Prover.toml # Prover inputs
│
├── contracts/ # Solidity smart contracts
│ ├── KeterToken.sol # ERC-20 security token
│ ├── Registry.sol # Compliance registry
│ └── UltraVerifier.sol # Auto-generated Noir verifier
│
├── frontend/ # React frontend (client-side proving)
│ ├── src/
│ │ ├── components/ # UI components
│ │ ├── hooks/ # NoirJS proof generation hooks
│ │ ├── circuits/ # Compiled circuit artifacts
│ │ ├── utils/ # Helpers & contract ABIs
│ │ └── App.tsx # Main application
│ ├── package.json
│ └── vite.config.ts
│
├── .env.example # Environment template
└── README.md
| Layer | Technology | Purpose |
|---|---|---|
| ZK Circuits |  |
Compliance proof generation |
| Proof Engine |  |
Client-side proof compilation & proving |
| Smart Contracts |  |
On-chain verification & token logic |
| Frontend |   |
User interface |
| Styling |  |
UI framework |
| Build |  |
Bundler |
| Wallet |  |
Wallet connection & tx signing |
| Network |  |
Deployment network |
| Hash |  |
ZK-friendly hashing (Merkle tree) |
Network: Ethereum Sepolia Testnet
| Contract | Address | Role |
|---|---|---|
| Registry | 0x4FF9F411b531a14Cd91e6ce0418A3C500E1951F9 |
Stores Merkle roots & compliance status |
| UltraVerifier | 0xEC3DE79cF2Dd56a5Ae637E03390e52b557C65f93 |
Verifies Noir ZK proofs on-chain |
| KeterToken | 0x270463352d42B4B891E0605CAC0f5B9Dd5437cF7 |
ERC-20 security token with compliance gates |
git clone https://github.com/your-org/keter.git
cd ketercp .env.example .envcd circuits
nargo compile
cd ..cd frontend
npm install
npm run devOpen http://localhost:5173 and connect your wallet.
# .env.example
# ── Network ──────────────────────────────────────
VITE_RPC_URL=https://eth-sepolia.g.alchemy.com/v2/YOUR_KEY
VITE_CHAIN_ID=11155111
# ── Contracts ────────────────────────────────────
VITE_REGISTRY_ADDRESS=0x4FF9F411b531a14Cd91e6ce0418A3C500E1951F9
VITE_VERIFIER_ADDRESS=0xEC3DE79cF2Dd56a5Ae637E03390e52b557C65f93
VITE_TOKEN_ADDRESS=0x270463352d42B4B891E0605CAC0f5B9Dd5437cF7
# ── Circuit ──────────────────────────────────────
VITE_CIRCUIT_PATH=./circuits/target/keter.jsonThe Noir circuit verifies that an investor:
- Is of legal age (≥ 18) without revealing their actual age
- Resides in an authorized jurisdiction without revealing their country
- Is an accredited investor type without revealing their classification
- Owns the wallet submitting the proof
All private inputs are hashed with Poseidon into a Merkle tree, and the circuit proves membership against a known root — without exposing any leaf data.
┌─────────────────────────────────────────────────┐
│ NOIR CIRCUIT: main() │
│ │
│ Private Inputs: │
│ ├── name: Field │
│ ├── surname: Field │
│ ├── age: Field │
│ ├── address: Field │
│ ├── wallet: Field │
│ ├── country_code: Field │
│ ├── investor_type: Field │
│ ├── salt: Field │
│ └── merkle_path: [Field; DEPTH] │
│ │
│ Public Inputs: │
│ ├── merkle_root: Field │
│ └── min_age: Field │
│ │
│ Constraints: │
│ ├── assert(age >= min_age) │
│ ├── assert(country ∈ authorized_set) │
│ ├── assert(investor_type ∈ valid_types) │
│ └── assert(merkle_verify(leaf, path, root)) │
│ │
└─────────────────────────────────────────────────┘
⚠️ Status: Not Implemented Yet
A planned module leveraging AI for automated KYC document verification. The AI model will:
- Extract identity fields from uploaded documents (passport, ID)
- Validate document authenticity
- Feed verified data directly into the Noir circuit for proof generation
All processing will remain client-side to maintain the zero-trust architecture.
| Regulation | Requirement | Keter Solution |
|---|---|---|
| MiCA | KYC/AML for crypto-asset transfers | ZK proof of identity compliance |
| GDPR Art. 17 | Right to erasure of personal data | No personal data stored on-chain |
| GDPR Art. 25 | Data protection by design | Privacy-first ZK architecture |
| MiFID II | Investor categorization | ZK proof of investor type |
|
0x7manny Smart Contract Engineer 
|
0x11semprez ZK Engineer 
|
Kamil AI / KYC Module 
|
keuchnotkush Security 
|
Built in 48 hours — February 20-22, 2026
Built with obsession for privacy and compliance.
Keter Protocol — Because privacy is not a feature, it's a right.
