Zero-Knowledge Compliance on Libre
Gherman Nicolisin
How Libre transforms on-chain compliance while maintaining integrity and privacy of investors.
As part of its decentralisation efforts, Libre integrates RiscZero Zero-Knowledge Virtual Machine (ZKVM) and Ethereum Attestation Service (EAS) into its core protocol. These integrations enable Libre to issue on-chain Zero-Knowledge (ZK) credentials to its users while maintaining privacy.
Libre initially incorporated compliance checks directly into its on-chain logic. However, in order to enhance user privacy, the team recognised the need for a zero-knowledge-based system and proceeded to integrate these features into the protocol.
In researching different options, Libre’s development team decided to leverage the power of the Zero-Knowledge Virtual Machine for the following reasons:
- Inherent security. Designing and developing custom ZK circuits is tedious, verbose, and results in an increased attack vector. ZKVM is able to inherit the security guarantees of the underlying ZK system and only focus on the business logic.
- Rapid development. Focusing on the business logic and leaving the proving part to the ZKVM enables more rapid and test-driven use of the logic.
Libre also integrates the Ethereum Attestation Service, which provides an on-chain infrastructure to issue attestations and leverage them across protocols. Libre uses EAS to issue unique on-chain credentials to investors to grant them access to the protocol and the set of instruments for which the access has been requested.
How Does Libre Use Zero-Knowledge Proofs?
To issue credentials, Libre needs to execute specific compliance checks that account for an investor’s regulatory eligibility to interact with the protocol and access available investment funds for the purpose of investment. These checks are executed off-chain and a Zero-Knowledge Groth16 proof is generated to attest to the validity of the execution. The public output of the proof (also referred to as the commitment) includes:
- an expiry date of the compliance check, e.g. when a compliance check should be re-executed and new credentials generated; and
- a set of instruments an investor should have access to, together with corresponding expiry dates for access.
The proof alongside the commitment is then supplied to the smart contract, which verifies the proof and issues the EAS attestation based on the commitment data.
The Journey
In RiscZero ZKVM, Zero-Knowledge programs are called “guests”. Guests are computations written in a high-level programming language that get executed and proved by the ZKVM.
Each financial instrument made available to investors via the Libre platform has its unique set of compliance checks that an investor must meet based on personal information (personal flags). The specification of these checks is stored on-chain and then retrieved by the guest for execution.
However, it is not sufficient that on-chain data is simply retrieved and provided to the guest program since any such data may be compromised during transmission. To address this risk, RiscZero has developed Steel, a view call library that helps prove the integrity of an on-chain state and bypass gas limitations. Steel operates by requiring the host (i.e. the main program, also referred to as the guest) to query the on-chain state via a RPC call. The response to such a query will thus contain both the payload and the EVM Storage Proof introduced in EIP-1186, which are then supplied to the guest to grant it access to the requested on-chain state and prove its validity.
RiscZero uses RISC-V ISA for its Virtual Machine. As with traditional computing, the complexity of an execution is measured in execution cycles. Whereas it was previously computationally expensive to execute EVM storage proof verification due to a high cycle count, the 1.2.0 release of RiscZero ZKVM introduced a tiny-keccak pre-compile.
This introduction operates as an acceleration plugin that contributes to a lower cycle count. The figures below depict an approximate 5.5x reduction in a cycle count following the implementation of tiny-keccak acceleration. This implementation also results in a significant improvement in Groth16 generation times, resulting in ~80 seconds for g6e.4xlarge instances.
Closing Thoughts
By integrating with RiscZero, Libre’s investors can access all of the offered investment funds on-chain while maintaining the privacy of their personal information. By using the RiscZero ZKVM, Libre has managed to integrate the solution in a remarkably short time frame without compromising security.
Libre sees this integration as a first step towards sovereign identity based on the ZK Decentralised Identities (ZK-DIDs) in the Libre protocol. ZK-DIDs will enable external compliance parties to issue credentials to investors with full ownership, which investors can subsequently provide to the protocol to gain access.
About Libre
Libre provides blockchain infrastructure that connects asset managers with digital distribution channels, expanding institutional and accredited investor access to alternative investment funds. The platform also facilitates additional services, including collateralised lending and automated rebalancing. Libre’s tokenised funds are exclusively available to institutional and accredited investors. The Libre Gateway is set to introduce additional services throughout 2025, further enhancing on-chain asset management, facilitating secondary market transactions, and expanding access to collateralised lending solutions.
For more information about Libre, please visit https://www.librecapital.com
About RiscZero
RISCZero is transforming ZK app development as the creator of the world's first RISC-V ZKVM. By enabling developers to write zero-knowledge proofs in familiar languages like Rust or Solidity, RISC Zero makes ZK accessible and practical for any developer. Their industry-leading ZKVM unlocks new possibilities for scalable, secure computation across any blockchain.
For more information about RiscZero, please visit https://risczero.com
