Architecture & Trust Model
This document outlines the design intent and privacy mechanisms of the SatyaStack infrastructure. It is intended for compliance officers, regulators, and technical evaluators.
Executive Summary
SatyaStack is a privacy-preserving compliance infrastructure currently in its pilot / pre-production phase. It addresses a critical conflict in the digital economy: the need for rigorous compliance (AML/KYC) versus the fundamental right to data privacy.
The core architectural principle of SatyaStack is "Verify without Exposure". The system is designed to enable regulated institutions to cryptographically verify user data (such as identity or financial status) without ever receiving, storing, or transmitting the raw Personally Identifiable Information (PII).
High-Level System Architecture
User Device
Local Vault & Prover
- Stores Encrypted PII
- Generates ZK Proof
SatyaStack
Infrastructure
Verifier (Bank)
Compliance Check
System Actors
Conceptual Walkthrough
Data Origin & Storage
Raw data (PII) originates from an Issuer and is transmitted securely to the User Device. It is stored in local storage, encrypted continuously.
The 'Air Gap' for PII
When a Verifier requests a check (e.g., Age > 18), the User Device inputs the raw data into a Zero-Knowledge Circuit locally. The raw data never leaves the device during this process.
Transmission of Proof
Only the generated ZK-Proof (a small cryptographic string) is transmitted to the SatyaStack Infrastructure or the Verifier.
Logging
The Verifier logs the successful verification result for audit purposes. This log contains metadata (timestamp, proof ID) but zero PII.
Data Custody & Trust Model
| Actor | What They Store | What They NEVER See |
|---|---|---|
| User Device | Full PII (Encrypted locally) | N/A (Has full access) |
| SatyaStack | Circuit Logic, Public Keys | No PII, No User Identity |
| Verifier (Bank) | Decision Logs ("Approved") | No Raw PII (No DOB, No Address) |
| Regulator | Audit Logs & Traces | No Raw PII |
* Assumption: User device is not compromised. See Security Model below.
Conceptual Proof Flow
User downloads specific credentials (e.g. Aadhaar hash, Pan verification) from an Issuer into their SatyaStack-compatible wallet.
Platform requests a specific proof from User: 'Prove you are Indian Resident AND Age > 18'.
User's device runs the ZK Circuit against stored credentials. This computationally intensive step happens client-side.
The generated proof is sent to the Verifier. Verifier checks proof validity mathematically.
A tamper-evident log is created recording that a valid proof was presented at Timestamp T.
Security & Threat Model
Infrastructure Compromise
Scenario: SatyaStack's servers are breached.
Device Compromise
Scenario: User phone is physically stolen and unlocked.
Regulatory Alignment
Aligned with Data Minimization principles. Businesses only collect what is strictly necessary (the proof), not the underlying PII.
Provides a verifiable Audit Trail. While data is private, the fact that compliance was checked is cryptographically undeniable.
Designed to fit within existing KYC Master Directions by acting as a Tier-2 Technology Service Provider aiding in verification.
What SatyaStack Does NOT Do
- ✕SatyaStack does not store user PII.
- ✕SatyaStack does not have an "admin view" of identities.
- ✕We do not enable anonymous transactions for illicit activity (KYC is enforced, just privately).
- ✕We do not bypass KYC; we upgrade its privacy.
Pilot Phase Status
As of early 2026, SatyaStack is in a Pilot / Private Beta stage.
- Our cryptographic circuits are being tested for performance and security.
- We are running closed pilots with select fintech partners.
- The platform is not yet generally available for production banking workloads.
Frequently Asked Questions
Is this legal in India?
SatyaStack is designed to comply with the DPDP Act 2023. For regulated entities (REs), implementation models are being developed to ensure full alignment with sector-specific regulators (RBI, SEBI).
Can SatyaStack decrypt user data?
No. By design, SatyaStack does not possess the private keys required to decrypt user data stored on user devices.
Does this work on slow phones?
We are optimizing our ZK circuits to generate proofs efficiently on mid-range smartphones. Performance benchmarking is a key part of our current pilot phase.
Conceptual Integration Flow (Pilot Phase)
Purpose of This Section
This section clarifies the intended interaction model for banks and fintech partners participating in the pilot program. It describes the conceptual flow of a verification request without defining specific technical implementation details, as these may vary by pilot partner.
Verification Initiation (Conceptual)
The flow begins when a Verifier (e.g., a Bank App) requires a specific compliance check to proceed with a user action (e.g., opening an account).
- The Verifier conceptually asks: "Does User X meet Criteria Y?" (e.g., Is Resident AND Age > 18?).
- The Verifier does not ask for the underlying document (e.g., "Send me the Passport").
User Consent & Proof Generation
The user is prompted on their device to approve the request.
- The SatyaStack-compatible user application accesses the locally stored encrypted credential.
- A Zero-Knowledge Proof is generated locally on the device.
- Crucial: The raw PII data never leaves the device during this calculation.
Proof Presentation & Validation
The generated cryptographic proof is presented for verification, either directly to the Verifier or via SatyaStack infrastructure, depending on pilot configuration. The validation function returns a simple TRUE or FALSE.
Compliance Logging & Oversight
Upon successful verification, an immutable audit record is created.
- Included: Timestamp, Proof ID, Circuit ID, Result (Success/Fail).
- Excluded: User Identity, PII, Raw Credential Data.