Mystiko Auditable ZK Features FAQ

Privacy is a basic human right, but not for malicious and illegal activities. To protect the basic privacy rights for users with legitimate reasons from the bad actors exploiting on-chain privacy, Mystiko designed the first decentralized auditing system for onchain private transactions.

Key highlights of Mystiko’s decentralized audit feature

  • What is the scope of auditing in Mystiko.Network? View only. Mystiko auditors will only be able to VIEW and audit transaction flow of suspicious deposits from bad actors, upon the request of regulators and the majority approval of the auditing committee. Mystiko auditors will only be able to VIEW the transaction history over a certain period of time upon the majority approval of the Mystiko auditing committee.

  • Only suspicious transactions, such as sanctioned assets, will be audited. Auditing process will only be kicked off when sanctioned assets/addresses are identified in Mystiko user pool

  • Your assets will always be secured by Mystiko. No one, not even Mystiko auditors, can intercept/temper private transactions in Mystiko.Network. Mystiko auditors will only be able to VIEW the transaction history over a certain period of time upon the majority approval of the Mystiko auditing committee.

  • Who should be the Mystiko auditors? Reputable and reliable auditing partners, such as NGO, IGO, global auditing firms, regulators with strong background and expertise in compliance, technology, and finance are ideal Mystiko auditing committee members. The final members for the committees are chosen by the Mystiko community. Suggest and vote for the auditing partners that you trust the most to ensure a sustainable web3 privacy future.

What is the goal of Mystiko decentralized auditing system?

  • Protect on-chain privacy of the majority good, not the minority bad.

  • Protect community users’ private assets from entangling with unclean/malicious assets and users, and fight for users' right of privacy in a secure and sustainable way.

How does Mystiko auditable zk privacy solution work?

  • In Mystiko’s design, the transactions of suspicious assets could be revealed and audited in a decentralized manner, by a trusted audit committee.

  • Step 1: Mystiko community will choose auditors and mark their unique auditor public keys for future auditing reference. Trusted auditors of Mystiko.Network, such as regulators, reputational financial institutions and auditing firms, will be authorized to create auditor secret keys and to generate public keys that will be used for future private transaction data auditing.

  • Step2: User will encrypt and distribute private transfer and withdraw data with auditors’ public keys. When a private deposit is withdrawn or transferred, while zero-knowledge proof is generated, the linkage between deposit and withdraw/transfer will be encrypted with the public keys of auditors. Each auditor will have a secret share of the encrypted linkage data. [Tech design reference: Shamir's Secret Share]

  • Step 3: Mystiko auditors will be able to audit encrypted suspicious transaction data based on decentralized majority votes of the auditors committee. In order to view the complete info of a private transaction, the auditing committee will have to reach an agreement to decrypt the transaction flow of suspicious private deposits with their privately stored secret keys, if such suspicious private deposits have been withdrawn.

Read more about Mystiko Auditable ZK design: https://medium.com/@Mystiko.Network/the-worlds-first-auditable-zero-knowledge-private-transaction-feature-is-now-live-on-mystiko-networ-df429d20e46

Why is the Mystiko auditing committee anonymous?

A trustworthy and reliable auditing committee is the foundation of the Mystiko ZK audit - Mystiko ZK auditors shall only kick off auditing process when receiving official legal request from regulators, and shall not breach user privacy when pressured/bribed by external parties without , and will not conspire with other auditors to pry on user privacy for personal interest.

At the early stage of the Mystiko auditing operation, when the Mystiko community and DAO are still developing, it takes time to build a well-decentralized mechanism to supervise ZK auditors. During this period, the identities of the first few Mystiko ZK auditors will remain anonymous, both to the public and between each other, in order to prevent the initial auditors from targeted attack/pressured/bribed by external interest groups, and to increase the difficulty for auditors to conspire internally. Meanwhile, the Mystiko tech team will also strictly regulate and control the scope of authority of Mystiko ZK auditors to ensure no Mystiko ZK auditors will abuse their power.

At the early stage of the Mystiko auditing operation, when the Mystiko community and DAO are still developing, it takes time to build a well-decentralized mechanism to supervise ZK auditors. During this period, the identities of the first few Mystiko ZK auditors will remain anonymous, both to the public and between each other, in order to prevent the initial auditors from targeted attack/pressured/bribed by external interest groups, and to increase the difficulty for auditors to conspire internally. Meanwhile, the Mystiko tech team will also strictly regulate and control the scope of authority of Mystiko ZK auditors to ensure no Mystiko ZK auditors will abuse their power.

As our decentralized auditing features evolve, and when our community is ready to take on greater responsibility to regulate and govern Mystiko ZK auditors, the identities of ZK auditors will be revealed and be supervised by the community.

Please be noted that, Mystiko team does not and will never own/take custody of ZK auditors’ private keys,starting from the day 1 of the ZK auditing operation. Mystiko will also take user privacy as our first priority and is dedicated to be the strongest support for our users. While the ZK auditing features, the Mystiko tech team will be strictly regulating and controlling the scope of authority of Mystiko ZK auditors to ensure no Mystiko ZK auditors will abuse their power.

If you have any suggestions and comments on how to increase the transparency and reliability of Mystiko ZK auditors, please reach out to ‘info@mystiko.network’ anytime.

What do Mystiko auditors need to do?

  • Do NOT leak or lose the auditor secret keys. Auditors could update their public keys anytime by aligning with the Mystiko core dev team, if their auditor secret keys are leaked/forgotten or just for better security.

  • Be responsive to auditing requests, and kick off auditing meetings.

When will the auditing process be kicked off?

  • Auditing process will only initiated when

    • Regulators submitted official legal notice to “legal@mystiko.network” with solid proof of funds involved with illegal activities, and required Mystiko to provide information of illegal assets.

    • Upon the scenario where a high-profile hacking incident occurs and the funds involved are deposited into Mystiko.Network, before regulators start taking action, Mystiko will immediately initiate an emergency user community vote to kick off the auditing process. The auditing process will be initiated when the majority of users support auditing.

  • Read more about Mystiko’s term of use and compliance guideline: Mystiko terms of use

How can auditors track/audit suspicious deposits in Mystiko decentralized auditing system?

  • When a suspicious deposit is identified by the auditing committee, the auditing committee will have the option to kick off the discussion on whether to monitor/audit the future withdrawal and transfer transactions of such deposit, to identify the outlet of such suspicious deposit.

  • But please be noted that auditors will only be able to view and audit the transaction flow of the suspicious deposit when such deposit has been withdrawn or transferred.

Will the auditors know the transaction flows of suspicious deposits if such deposits are not withdrawn or transferred?

  • No, the auditors view and audit the transaction flow of the suspicious deposit, ONLY when such deposit has been withdrawn or transferred.

Will Mystiko auditors be able to intercept/temper private transactions in Mystiko.Network?

  • No, Mystiko auditors will only be able to VIEW the transaction history over a certain period of time upon the majority approval of the Mystiko auditing committee.

Can a single auditor (or a minority group of auditors) decrypt and view transaction info with their own secret keys?

  • No, transaction data could only be decrypted and viewed with the input of the majority of the auditor secret keys

Once the auditing procedure starts, will the auditors be able to view the transactions of other users within the same period, besides the transactions that auditors wanna track?

  • Yes, the auditors will have access to all the transaction data, including the transactions to be audited.

How can Mystiko prevent user privacy leakage, in the event of auditor private key leakage?

  • Mystiko dev team could update and rotate the private of auditors in regular/random basis to ensure that even when auditors’ secret keys were stolen by bad actors, hackers will only have access to very limited private transaction history

What is the worst case scenario if the auditor keys are lost/stolen by the hackers?

  • Hackers might have visibility of the private transaction history related to the stolen auditor’s keys, but only over a limited window of time.

Will Mystiko be able to add/delete/update members of the auditor committee?

  • Yes, but only based on the request of the auditing committee and community

How can we prevent auditors from revealing users’ private transactions?

  • In Mystiko decentralized auditing design, transaction data could only be decrypted and viewed with the input of over 3 auditor secret keys. To prevent members of audit committees from revealing user privacy without the initiation of the auditing process, Mystiko will keep the identity of auditors confidential from the public and between auditors, so that auditors won't be able to work with each other to reveal private transactions of users.

Why should you join the Mystiko decentralized auditing committee?

  • Be in the frontline to push the boundary of on-chain privacy for all

  • Be the gatekeepers to protect the basic privacy right of users

  • Accelerate the massive adoption of blockchain and crypto adoption.

Last updated