Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.trusset.org/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Trusset KYC zk-STARK Proofs is an open-source tool that lets you commit verified customer identities to the blockchain without ever sharing the underlying records with Trusset or anyone else. You run it locally on your own machine, point it at your customer data, and it produces cryptographic proofs that satisfy on-chain compliance checks. The tool is public and free to use. It works for any institution that needs to bring verified investors on-chain: banks, asset managers, brokers, custodians, or fintechs.

Open source repository

github.com/Trusset/trusset-kyc-zk-proofs

Why it exists

Every other tokenization platform stores your customer data in their backend. This creates a regulatory dependency, expands your GDPR liability surface, and requires a Data Processing Agreement with the platform vendor. Trusset is different. With this tool, you stay the sole data controller. Your customer records — names, dates of birth, document numbers — never leave your infrastructure. Only cryptographic proofs and a single root hash are submitted to Trusset.

How it works

1

Export your customer data

Pull verified customer records from your existing systems into a CSV or JSON file. Most institutions already have this data from their core banking or onboarding stack.
2

Run the tool locally

The tool reads your records and generates a zero-knowledge proof for each customer attribute (date of birth, country, investor type, etc.) on your machine. Nothing is uploaded.
3

Submit proofs to Trusset

A root hash per customer plus a signed proof bundle is sent to the Trusset API. The Trusset identity contract is updated, and your customers become eligible to interact with tokenized assets.
4

Counterparties verify on demand

Other regulated parties (trading venues, custodians, supervisors) can verify the proofs cryptographically without ever requesting the underlying data.

What you can prove

Each customer attribute is bound to a predicate proof. The four predicates currently supported cover most institutional compliance needs.

Age threshold

Prove the customer is at or above a minimum age (e.g. 18) without revealing their date of birth.

Country allowlist

Prove the customer’s country or nationality is in your approved jurisdictions list.

Investor tier

Prove the customer meets a MiFID II tier threshold (Retail, Professional, or Eligible Counterparty).

Identity binding

Prove the cryptographic commitment binds to a unique customer record (name, document number).
More predicates — sanctions screening, PEP checks, residency proofs — are on the roadmap.

Quick start

You need Node.js 18+ and Rust 1.75+ installed. 
git clone https://github.com/Trusset/trusset-kyc-zk-proofs.git
cd trusset-kyc-zk-proofs
npm install
cp config.example.json config.json
export TRUSSET_KYC_MASTER_KEY=$(openssl rand -hex 32)
export TRUSSET_KYC_SIGNING_KEY=$(openssl rand -hex 32)
Place your customer records in the /input folder as JSON or CSV, then run: 
npm start
The tool will process every customer, generate proofs, and write the output to /output. A batched CSV index file in the output folder can be uploaded directly to the Trusset API for on-chain registration.
Full configuration and predicate setup is documented in the repository. The default config covers most institutional use cases out of the box.

What you get

For each customer, the tool produces:
  • A root hash that is published on-chain
  • A signed manifest binding the bundle to your operator key
  • Per-attribute proof files that counterparties can verify independently
  • An encrypted local secrets store for your records
A batched CSV is also generated so you can submit hundreds of customers to the Trusset API in a single request.

Common use cases

You have thousands of customers already verified through your core banking system. Export them, run the tool overnight, and submit the resulting batch to Trusset. No re-onboarding, no third-party ever sees the data.
After your standard KYC flow completes, generate a proof bundle for the new customer and register them on-chain. The proof becomes the cryptographic record of their eligibility.
A trading venue in another jurisdiction needs to confirm your customers meet MiFID II Professional Investor requirements before admitting them. They verify your proofs cryptographically — no DPA, no data transfer.
A supervisor asks you to demonstrate that all holders of a tokenized security were screened against an allowlist at the time of issuance. The proofs answer that question mathematically, without exposing any holder identities.

Security and reproducibility

All proving happens locally. There are no outbound network calls during proof generation, and the master key never leaves your host. Outputs are deterministic, meaning the same input produces byte-identical bundles, so external auditors can reproduce your proof generation against your original records. The cryptographic stack uses post-quantum-friendly primitives (Goldilocks field, Rescue-Prime hash, Winterfell STARK). External audit by Softstack is scheduled for Q3 2026.

Next steps

GitHub repository

Source code, full configuration reference, and detailed documentation.

Talk to us

Book a demo call to walk through your specific compliance setup.