Mystiko Auditable ZK Features Explained

Privacy is a basic human right, but not for malicious and illegal activities. To protect the basic privacy rights for users with legitimate reasons from the bad actors exploiting on-chain privacy, Mystiko designed the first decentralized auditing system for onchain private transactions.

Key highlights of Mystiko’s decentralized audit feature

  • What is the scope of auditing in Mystiko.Network? View only. Mystiko auditors will only be able to VIEW and audit transaction flow of suspicious deposits from bad actors, upon the request of regulators and the majority approval of the auditing committee. Mystiko auditors will only be able to VIEW the transaction history over a certain period of time upon the majority approval of the Mystiko auditing committee.
  • Only suspicious transactions, such as sanctioned assets, will be audited. Auditing process will only be kicked off when sanctioned assets/addresses are identified in Mystiko user pool
  • Your assets will always be secured by Mystiko. No one, not even Mystiko auditors, can intercept/temper private transactions in Mystiko.Network. Mystiko auditors will only be able to VIEW the transaction history over a certain period of time upon the majority approval of the Mystiko auditing committee.
  • Who should be the Mystiko auditors? Reputable and reliable auditing partners, such as NGO, IGO, global auditing firms, regulators with strong background and expertise in compliance, technology, and finance are ideal Mystiko auditing committee members. The final members for the committees are chosen by the Mystiko community. Suggest and vote for the auditing partners that you trust the most to ensure a sustainable web3 privacy future.
  • Who are the first batch of decentralized auditors? The public keys and contacts of the first 3 decentralized auditing committee candidates are:
    • 0x9f202888dea37bb3b98b4feae4509191b63f429d7ef36506d96f7468c87bc309
    • 0x0b0c53980592982b95d2738bf32e91f3734696c203d35e5dcf00c65f1d6fed4d
    • 0xa6f409fee17d9dcf0e4712f88cd55b98c5d6dab00dd8d05a4bbf6151a7c38ba0

How does Mystiko auditable zk privacy solution work?

  • Auditing committee foundation : Trusted auditors of Mystiko.Network, such as regulators, reputational financial institutions and auditing firms, will be authorized to create auditor secret keys, whose paired public keys that are used for private transaction data auditing.
  • Encryption: When a private deposit is withdrawn or transferred, while zero-knowledge proof is generated, the linkage between deposit and withdrawal/transfer will be split into multiple shares and encrypted with the public keys of auditors. Each auditor will have an encrypted secret share of the linkage data. [Tech reference: Shamir’s Secret Share]
  • Audit: In order to view the complete info of a private transaction, the auditing committee will have to reach an agreement by passing a majority vote to decrypt the encrypted transaction history, with their privately stored secret keys.

Why is the Mystiko auditing committee anonymous?

A trustworthy and reliable auditing committee is the foundation of the Mystiko ZK audit - Mystiko ZK auditors shall only kick off auditing process when receiving official legal request from regulators, and shall not breach user privacy when pressured/bribed by external parties without , and will not conspire with other auditors to pry on user privacy for personal interest.
At the early stage of the Mystiko auditing operation, when the Mystiko community and DAO are still developing, it takes time to build a well-decentralized mechanism to supervise ZK auditors. During this period, the identities of the first few Mystiko ZK auditors will remain anonymous, both to the public and between each other, in order to prevent the initial auditors from targeted attack/pressured/bribed by external interest groups, and to increase the difficulty for auditors to conspire internally. Meanwhile, the Mystiko tech team will also strictly regulate and control the scope of authority of Mystiko ZK auditors to ensure no Mystiko ZK auditors will abuse their power.
At the early stage of the Mystiko auditing operation, when the Mystiko community and DAO are still developing, it takes time to build a well-decentralized mechanism to supervise ZK auditors. During this period, the identities of the first few Mystiko ZK auditors will remain anonymous, both to the public and between each other, in order to prevent the initial auditors from targeted attack/pressured/bribed by external interest groups, and to increase the difficulty for auditors to conspire internally. Meanwhile, the Mystiko tech team will also strictly regulate and control the scope of authority of Mystiko ZK auditors to ensure no Mystiko ZK auditors will abuse their power.
As our decentralized auditing features evolve, and when our community is ready to take on greater responsibility to regulate and govern Mystiko ZK auditors, the identities of ZK auditors will be revealed and be supervised by the community.
Please be noted that, Mystiko team does not and will never own/take custody of ZK auditors’ private keys,starting from the day 1 of the ZK auditing operation. Mystiko will also take user privacy as our first priority and is dedicated to be the strongest support for our users. While the ZK auditing features, the Mystiko tech team will be strictly regulating and controlling the scope of authority of Mystiko ZK auditors to ensure no Mystiko ZK auditors will abuse their power.
If you have any suggestions and comments on how to increase the transparency and reliability of Mystiko ZK auditors, please reach out to ‘@mystiko.network’ anytime.