Architecture
AML – Anti-Money Laundering
KYC – Know Your Customer
VC – Verifiable Credential
ZKP – Zero-Knowledge Proof
Internal Components
Albus Protocol includes 3 layers: frontend, blockchain, and backend.
Frontend Layer
The frontend layer includes five accounts that provide their users with the following functionality:
End user account:
Obtain VCs
Delete VCs
Create ZK Proof Requests (Compliance Certificates)
Delete ZK Proof Requests (Compliance Certificates)
AML Officer account:
Define custom specifications for AML VCs
Perform AML checks
Issue AML VCs for users
Business user account:
Create policies
Delete policies
View ZK Proof Requests (Compliance Certificates) of end users
Trustee account:
Store key shares for retained user data
Provide key shares to verified authorised entities based on their disclosure requests
Authorised entity account:
Submit requests to disclose retained data to Trustees
Use key shares of Trustees to reconstruct a decryption key for decrypting retained user data
Blockchain Layer
The blockchain layer includes:
Encrypted VC (NFT): W3C Verifiable Credentials stored in encrypted form as NFT and controlled by end users.
Policy: a requirement or a set of requirements defined by a business user.
Circuit: cryptographic circuits compiled with circom.
ZK Proof request (Compliance Certificate): requests for ZK Proofs submitted by an end user. A ZK Proof is linked to retained user data and to a set of key shares that are used to reconstruct the decryption key for decrypting the retained user data.
AML VC requests: requests for AML VCs submitted by end users to an AML Officer.
Disclosure request: requests for retained user data disclosure submitted by an authorised entity to corresponding Trustees.
For detailed definitions, please refer to the Glossary.
Backend Layer
The backend layer includes the following methods:
VC methods
VP methods
ZK Proof methods
ZK Proof request methods
Policy methods
Circuit methods
For details, please refer to the Integration and CLI sections.
External Components
Albus interacts with the following external entities:
End user: an individual or an entity that obtains digital credentials by undergoing verification with an Issuer, and uses them to generate Zero-Knowledge Proofs (obtain Compliance Certificates) in order to prove compliance with a business user's policy.
Business user: a Web3 business that sets policies incorporating one or several requirements to verify that its end users comply with them.
AML Officer: a type of Issuer that conducts AML checks and issues Verifiable Credentials for AML-compliant users. It can be an in-house employee of a Web3 business or some other trusted entity.
Issuer: a trusted third-party entity that verifies end users and, in case of successful verification, issues Verifiable Credentials for them (e.g., KYC provider).
Issuer node: a Node.js node that issues Verifiable Credentials for users in case an Issuer cannot provide user data (claims) in the W3C Verifiable Credential format. It runs Adapters that fetch user data from an Issuer and convert it to the W3C Verifiable Credential format. Each Adapter is dedicated to a specific Issuer.
Trustee: a trusted compliance partner that holds a share of the key required to decrypt retained user data in case it is required by an authorised entity with a legitimate request.
Authorised entity: an individual or an entity authorised to access retained user data for a legitimate purpose (e.g., conduct an investigation or an audit).
For detailed definitions, please refer to the Glossary.
Last updated