Proofs of Address Control (PoAC)

Veriscope address proofs were introduced in Veriscope v3 (November 2022) and are a major addition to the protocol. The proofs provide a mechanism for beneficiary VASPs (the receiving exchange) to prove that it controls the receiving (“destination”) crypto wallet address before customer information is sent, to ensure the right information is sent to the right VASP.

The proofs are the culmination of several months work and position Shyft Veriscope as the most advanced travel rule protocol that solves for both address attribution and secure data-transfer between VASPs.

With the current release, 10+ networks (blockchains) and 30+ address types including multisigs and forwarding contracts are supported. For the full list, see Address Proof Coverage.

Access & usage

The address proofs[1] are licensed to and accessible to all Veriscope users (VASPs) who sign the current Veriscope Trust Anchor agreement or an addendum if a prior agreement was signed. The license is granted for the duration of a VASPs usage of Veriscope.

The license does not permit users to use the proofs to build something incompatible with Veriscope. From more information, please refer to your Shyft Veriscope Trust Anchor agreement or contact your Veriscope representative.

Installation checklist

  • Sign the Veriscope Trust Anchor agreement or an addendum to your existing agreement that includes address proofs

  • Request access to the ShyftNetwork/addressproofs repo. The GitHub username that you provide will be added to the repo as a read-only collaborator.

  • Once you have access, generate a GitHub classic Personal Access Token (PAT) with scopes equal to repo (full access).

  • Install Veriscope either using the setup-script or Veriscope IaC

Genearl workflow

Beneficiary VASP

  • Generate address proofs for user deposit addresses and cache/store

  • When creating a new KYC template, include the address proof as a parameter coin_address_crypto_proof

Example 1. endpoint
`POST` {{baseUrl}}/api/v1/server/create_kyc_template
Example 2. params
...
...
...
"coin_address_crypto_proof": {"chain": "BTC-mainnet", "asset": "BTC", "address_type": "P2PKH", "address": "1MttnaN61XbVfTJRR9kbqWW6FdjKjgdRjj","trust_anchor_pubkey":"69266bec53b6e0e85aff809b89992dc0dfb2bd7721e34d52e745fc3f2aa86a322dea0bd4004ada6319e35134b6e65d951e74e3020c71d90819c402d22428b43f", "pubkey": "038af462c0aed31420f38bebd81cb2c9cbccf39c96267cc51d53982b7cd91668ff", "signature": "ILol1KixAXj2kSkd6jhGdg40MqW4O7T/wnKG2tMrgTgOeJ9K+Pe/WWs3hY0FEOg2Tcz2grQfXjgZfUcMgbqr09g="}

Originating VASP

  • On receiving a KYC template, check the status of the address proof. It will either be:

Address Proof status Description

BE_CRYPTO_PROOF_VERIFIED

Address proof was provided and sucessfully verified by Veriscope

BE_CRYPTO_PROOF_NOT_INSTALLED

Address proofs feature not installed on the Beneficiary side

BE_CRYPTO_PROOF_NOT_PROVIDED

Address proof was not provided by the Beneficiary VASP

Address proofs must be included in the initial (create) KYC template. At the current time, they cannot be incorporated or sent at a later point in the flow.

Address Proof Coverage

ADDRESS_TYPE_REGISTRY = [
   BitcoinMainnetP2PKHAddressOwnership,
   BitcoinMainnetP2WPKHAddressOwnership,
   BitcoinMainnetP2SHMultisigAddressOwnership,
   BitcoinMainnetP2WSHMultisigAddressOwnership,
   BitcoinMainnetBIP32P2PKHAddressOwnership,
   BitcoinMainnetBIP32P2WPKHAddressOwnership,
   BitcoinMainnetBIP32P2SHMultisigAddressOwnership,
   BitcoinMainnetBIP32P2WSHMultisigAddressOwnership,
   EthereumMainnetExternallyOwnedAccountOwnership,
   EthereumMainnetForwardFactoryOwnership,
   EthereumMainnetContractOwnership,
   EthereumUserWalletPatternOwnership,
   MoneroAddressOwnership,
   ZcashMainnetP2PKHAddressOwnership,
   LitecoinMainnetP2PKHAddressOwnership,
   DogecoinMainnetP2PKHAddressOwnership,
   DashMainnetP2PKHAddressOwnership,
   SolanaAddressOwnership,
   BNBAddressOwnership,
   BNBBech32AddressOwnership,
   RippleAddressOwnership,
   CardanoAddressOwnership,
   TronAddressOwnership,
   PolygonMainnetExternallyOwnedAccountOwnership,
   PolkadotAddressOwnership,
   AvalancheCChainAddressOwnership,
   AvalanchePChainAddressOwnership,
   AvalancheXChainAddressOwnership,
   CosmosAddressOwnership,
   NearAddressOwnership,
   StellarAddressOwnership,
   LiquidP2PKHAddressOwnership,
   LiquidP2WPKHAddressOwnership,
   RSKMainnetExternallyOwnedAccountOwnership,
]

Further reading - Prover & Verifier Roles

There is a prover (beneficiary VASP) and a verifier (originating VASP). The prover is responsible for creating an address ownership proof. The verifier verifies the address ownership proof against the expected address, expected message, and which VASP it is communicating against. Veriscope auto verifies proofs on behalf of originating VASPs.

The prover and the verifier use the same formatted message to prove ownership of the address. The prover creates a signature over the message, producing a signed message. Then the signed message is relayed over the network to the originating VASP who then verifies the validity of the proof.

The message includes the pubkey of the Veriscope trust anchor for the entity or VASP that owns or controls the cryptocurrency address. The message also includes the address itself. This message is then signed by the key that controls the scriptPubKey or address.

The library includes a number of unit tests that you can read to see how the library is meant to be used and how it works. Each unit test covers both the verifier and the prover for a given cryptocurrency address. There are also docstrings and the rest of this README for documentation.