Reso / docs /ARCHITECTURE.md
sal
Add Reso ZK compliance SaaS scaffold, architecture docs, and brand assets
e522f98
|
Raw
History Blame Contribute Delete
2.82 kB

Architecture

Actors

  • Issuer: a company issuing a stablecoin/token on Stellar (e.g. a MoneyGram-style MGUSD issuer, an anchor, an RWA platform).
  • Compliance Officer: a non-technical staff member at the issuer who configures rules via the dashboard.
  • User: a wallet holder transacting in the issuer's token.
  • Regulator/Auditor: reviews aggregate compliance evidence without seeing individual user data.

Data flow

  1. Rule configuration: Compliance Officer uses the no-code dashboard to define rules (e.g. "block sanctioned wallets", "cap daily transfer at $10,000", "require KYC tier 2 above $1,000"). Rules are stored and compiled into circuit parameters.
  2. Sanctions/KYC data ingestion: The oracle service periodically pulls a sanctions/PEP list (simulated here) and KYC attestations, builds a Merkle tree, and publishes the current Merkle root on-chain (or to a location the contract can read).
  3. Proof generation: When a User initiates a transfer, their wallet (or a client-side proving service) generates a zero-knowledge proof that:
    • their address is NOT in the current sanctions Merkle tree (non-membership proof), AND
    • they hold a valid KYC credential of the required tier, AND
    • the transaction amount is within their configured limit. None of the underlying identity data or exact balance is revealed — only that the proof is valid.
  4. On-chain verification: The Soroban compliance hook contract (SEP-0057-style) verifies the proof using Stellar's native pairing-check host functions before allowing the token transfer to proceed.
  5. Audit reporting: The dashboard aggregates verification events (pass/fail counts, thresholds triggered) into a regulator-facing report — without ever exposing which specific user triggered which event.

Why Stellar specifically

  • Protocol 25 "X-Ray": native BN254 pairing operations + Poseidon hashing make ZK proof verification a first-class, low-level operation instead of an expensive custom implementation.
  • SLP-4: cut non-refundable Soroban resource costs and roughly halved/quartered typical invocation costs, making per-transaction ZK verification commercially viable.
  • Anchor network: 170+ country cash-in/cash-out network means KYC/compliance attestations can eventually be tied to real-world onboarding points, not just crypto-native wallets.

Components in this repo, mapped to the flow above

Step Component
Rule configuration dashboard/index.html (no-code rule builder)
Sanctions ingestion + Merkle root oracle/sanctions-feed.js
Proof generation (spec) circuits/sanctions_proof/CIRCUIT_SPEC.md
On-chain verification contracts/compliance_hook/src/lib.rs
Audit reporting dashboard/index.html (audit tab)