Blockchain technology was built on the premise that users should control their own data. Regulatory frameworks demand that service providers verify who those users are. These two imperatives are in direct tension, and the blockchain industry has spent years oscillating between them — either sacrificing privacy for compliance or sacrificing compliance for privacy, with both choices carrying significant consequences.

Zero-knowledge proofs offer an elegant resolution. A zero-knowledge proof allows one party to demonstrate the truth of a statement — "I am over 18," "I reside in a permitted jurisdiction," "I hold accredited investor status" — without revealing the underlying data that supports the claim. The verifier learns only that the statement is true. No birth date, no home address, no government identity number is disclosed.

Ludopoly Analytics integrates this cryptographic capability through its ZK-KYC module. The module enables dApp developers and compliance teams to enforce verifiable identity requirements on their users while preserving the privacy guarantees that make decentralised applications attractive in the first place. The implementation rests on two established proof systems — Groth16 and UltraPLONK — selected for their complementary strengths in a production blockchain environment.

The choice of proof system involves a fundamental tradeoff between proof compactness and setup flexibility. Groth16 produces extremely compact proofs — small enough to verify on-chain at minimal gas cost — but requires a trusted setup ceremony for each verification circuit. When the set of attributes to be verified is fixed (age verification, residency check), Groth16 is the optimal choice because the setup cost is amortised across millions of verifications.

UltraPLONK offers a universal setup that does not need to be repeated when new verification circuits are introduced. This makes it the better fit for complex, evolving policy requirements — such as multi-condition accreditation checks or tiered access control rules that change as regulatory frameworks evolve. The tradeoff is a slightly larger proof size and marginally higher verification gas cost.

Ludopoly Analytics supports both systems and selects the appropriate one based on the verification policy's complexity. Simple attribute proofs default to Groth16. Composite policies default to UltraPLONK. Developers who integrate the ZK-KYC module through the API can override this default if their use case demands a specific proof system.

Proof verification happens on-chain through smart contracts built on the ERC-2535 Diamond standard. The Diamond pattern allows new verification policies to be added as individual facets without redeploying the entire contract — a critical capability when regulatory requirements change and new attribute checks must be introduced rapidly.

The verification cost remains below 250,000 gas units per proof, making it economically viable for high-throughput applications. Any decentralised application can call the verifier contract directly, querying whether a given wallet address holds a valid proof for a specified attribute, without needing to integrate with Ludopoly's off-chain infrastructure. This composability transforms ZK-KYC from a proprietary service into a public infrastructure layer that any on-chain protocol can leverage.

The ZK-KYC module supports four progressive verification levels, each adding assurance depth while maintaining zero-knowledge privacy.

The first level provides basic wallet-level verification — confirming that a wallet is controlled by a human rather than an automated bot, using a lightweight proof-of-personhood mechanism.

The second level adds attribute verification — age, residency, accreditation status — through zero-knowledge proofs against verifiable credentials issued by trusted identity providers, fully compliant with W3C Decentralised Identifiers and Verifiable Credentials specifications.

The third level introduces enhanced due diligence, combining multiple attribute proofs with temporal validity checks and credential freshness requirements.

The fourth level provides full regulatory compliance verification, incorporating all lower levels plus jurisdiction-specific checks, continuous monitoring hooks, and AML cross-feeding integration where the identity module's output directly influences the compliance engine's risk assessment.