Palm: zkKYC

Background on ICO 2.0: ICOs have made a comeback. They give retail participants access to the risk/return profile of investing in early-stage companies at private market valuations embodying crypto’s core ethos of permissionless access and democratized capital formation.

This time around, ICOs and private sales are different in two aspects:

1. Platforms: Major raises and token distributions are conducted on platforms like Uniswap CCA, Echo, Legion, MetaDAO etc. These platforms help projects design compliant sale mechanics, market offerings, and provide clean interfaces and disclosures that allow participants to understand risks, terms, and allocation mechanics before committing capital.
2. KYC: Crypto ICOs KYC participants because selling tokens to the public often triggers securities, AML, and sanctions laws under SEC, FinCEN, EU AML, FATF etc. KYC lets projects prove they excluded restricted jurisdictions, complied with anti-money-laundering rules, and took steps to avoid unregistered securities violations. It is also often required by exchange listing teams, institutional investors, banking services, and reduces legal risk for founders.

Problem: Token Sales + KYC Token launches need KYC, but current solutions are broken: Users are forced to re-KYC for every sale, repeatedly uploading passports, selfies, and sensitive personal information to multiple centralized providers, creating friction that limits capital formation and access.

Crypto participants are widely averse to KYC for good reason:

1. Security Risk: Centralized identity databases, repeated document uploads, and weak access controls have led to major breaches—even at reputable firms like Coinbase and Ledger—resulting in identity theft, targeted phishing, fraud, and even physical safety risks.
2. Privacy Risk: KYC conflicts with crypto’s core privacy ethos, exposing users’ financial activity to surveillance by governments or intermediaries and creating risks of tracking, censorship, or discrimination, especially in restrictive regimes.

Incumbents Fall Short:

• Predicate What it does: Wallet sanctions screening Key limitations: Not real KYC; trust-based attestations; operators see wallet addresses Palm advantage: Cryptographic ZK proofs; real KYC verification; on-chain verifiable with no wallet exposure
• ZK Passport What it does: Passport-based zero-knowledge identity Key limitations: Requires biometric passport, NFC-enabled phone, and dedicated app; cannot reuse existing KYC Palm advantage: Email-only UX; reuses existing KYC; works fully in-browser
• Custom KYC Hooks (Sumsub, Persona, Onfido) What it does: Per-project KYC integrations Key limitations: Bespoke builds; provider lock-in; repeated KYC; project teams see user data Palm advantage: One universal plug-and-play hook; portable proofs; zero identity exposure
• Exchange KYC (Binance, Coinbase) What it does: Centralized exchange verification Key limitations: Siloed; not reusable on-chain; custody and surveillance risk Palm advantage: Converts existing exchange-grade KYC into reusable on-chain access

Solution: Palm

In the palm of your hand: identity you hold, but choose not to show.

Palm is a universal, privacy-preserving KYC verification layer for on-chain token auctions.

Palm provides one reusable Uniswap validation hook that works with any email-based KYC provider, powered by zero-knowledge proofs. Instead of submitting identity data on-chain or re-verifying for every sale, users cryptographically prove that approved KYC already occurred — without revealing who they are.

Regarding compliance, Palm does not replace KYC or bypass jurisdictional restrictions — projects choose which providers to accept, and Palm only cryptographically proves that approved KYC was completed.

Why CCA: Uniswap's new Continuous Clearing Auction (CCA) mechanism is becoming the standard for major token launches. Eg. Aztec just raised $59M through CCA with 16,741 participants. CCAs offer projects fair, continuous price discovery without gas wars and enable modular compliance via hooks, while enforcing KYC at the auction layer to provide cleaner auditability and smoother exchange and institutional approval.

User Flow:

1. Users complete KYC on any provider whitelisted by Project (Sumsub, Legion, Echo, etc.) Users export the "KYC approved" confirmation email from their inbox into Palm.
2. A zero-knowledge proof is generated that proves: "I have a legitimate KYC approval from a real provider" — without revealing who they are, their email, or any personal data using Groth 16 proof system
3. The user submits a bid to the token auction, using LiFi for funding from any chain.
4. The CCA contract verifies the KYC proof associated with the user's wallet, and the bid is accepted.

Project Flow:

1. Project creates a CCA token auction on Uniswap or via Palm interface
2. Project selects Palm as the validation hook and chooses which KYC providers to accept
3. Done — Palm handles all verification. No custom code needed.

Value Proposition:

• Zero identity exposure: No emails, names, documents, or addresses ever touch the blockchain — only irreversible cryptographic proofs.
• Reuse existing KYC: Users avoid repeated verification and reduce security risk.
• Universal, provider-agnostic: One hook supports many providers; projects choose who they trust.
• Sybil-resistant: Each KYC email generates a unique nullifier usable only once across all auctions.
• Client-side proving: Proofs are generated entirely in-browser; emails never leave the device. Streamlined UX: Unified discovery, compliance, investing, and portfolio tracking (WIP)

Market Sizing: Modern token sales represent a rapidly growing market, with ~200–400 token sales annually across launchpads and auction platforms, 70–90% of which require KYC. These sales raised an estimated $4–7B in 2024, with average raises of $10–30M and large launches exceeding $50M. Active participants often repeat KYC 5–10+ times per year due to fragmented compliance systems, while exchange listings, institutional capital, and banking access increasingly mandate provable KYC. Palm targets hundreds of KYC-gated sales annually, billions in capital formation, and millions of redundant identity checks.

Every email sent on the internet carries a DKIM signature — a cryptographic stamp from the sending server that proves the email is authentic and unaltered. This is the same technology that stops spam and phishing.

Palm leverages this existing infrastructure to prove:

• The email is real — DKIM signature proves it came from (e.g.) [email protected], not a forgery
• It says "approved" — the proof verifies the email contains KYC approval text, without revealing anything else
• It's tied to one person — a unique fingerprint (nullifier) is derived from the recipient email address, preventing reuse
• It's tied to one wallet — the proof is bound to the user's Ethereum address, preventing someone else from using it

All four properties are proven simultaneously in a single zero-knowledge proof. If any one is false, the proof fails.

Tech Stack

• Uniswap v4 CCA for auction mechanics and modular compliance hooks
• zk-email (MIT licensed, audited) for zero-knowledge DKIM verification
• Circom + Groth16 for efficient proof generation and ~2s on-chain verification
• Poseidon hashing for nullifier generation and Sybil resistance

Palm integrates directly with Uniswap v4’s Continuous Clearing Auction (CCA) by implementing the IValidationHook interface. Each auction bid includes a Groth16 proof passed via hookData; the hook verifies the proof on-chain before accepting the bid. This allows KYC enforcement to happen cleanly at the auction layer with no custom sale contracts and no per-project KYC infrastructure.

Further Exploration:

1. KYC Gated DeFi: Palm’s architecture is intentionally general. The same ZK email proof pattern can be extended beyond CCAs to any gated on-chain action, including:

• Gated liquidity pools — only verified participants
• Compliant DAOs — voting restricted to KYC'd members
• Regulated DeFi — meeting compliance requirements without sacrificing privacy
• Any on-chain access control that needs identity verification without identity exposure

1. Unified ICO Aggregator: Deal discovery, disclosures, investment portals, and token claiming are currently scattered across platforms. Palm can extend into a unified ICO and private sale interface that aggregates dealflow from Echo, Legion, Uniswap CCA, Impossible Finance, and exchanges; enables seamless cross-chain investing via LiFi; provides a single portfolio view across platforms; and consolidates token claiming and optimal selling.

2. Implementation refinement / edge case acknowledgement

• Nullifier expiry: Projects or users can optionally set expiration windows on Palm KYC proofs.
• Revocation: Projects can revoke acceptance of specific nullifiers if compliance requirements change.
• Email spoofing: Fake approval emails are prevented by verifying DKIM signatures against a registry of whitelisted provider DNS records selected by the project; registry updates are required if providers rotate domains.
• Email forwarding attacks: .eml forwarding risks can be mitigated through client-side facial verification or device-bound checks, without introducing on-chain identity exposure. Note, this is a risk existing platforms face in the form on selling KYC or KYC’d accounts