Soulbound Tokens are inherently leaky. Publishing credentials like diplomas or health records on-chain creates permanent, public data exhaust. This violates GDPR and makes SBTs legally toxic for real-world use.
zero-knowledge-privacy-identity-and-compliance
Blog
Why Selective Disclosure is the Key to Unlocking Soulbound Tokens
Soulbound Tokens (SBTs) are a powerful primitive for on-chain identity, but their default public nature renders them useless for sensitive applications. This analysis argues that Zero-Knowledge (ZK) proofs for selective disclosure are the essential missing layer, enabling private, composable reputation and unlocking real-world use cases.
introduction
THE IDENTITY LOCK
Introduction: The Soulbound Paradox
Soulbound Tokens (SBTs) fail without selective disclosure, creating a privacy paradox that blocks mainstream adoption.
The core paradox is immutability versus privacy. Vitalik Buterin's original SBT vision requires permanence, but real-world identity demands context-specific revelation. A DAO vote does not need your medical history.
Current solutions are primitive. Zero-knowledge proofs (ZKPs) from zkPass or Sismo enable verification without exposure, but they lack a universal standard. Verifiable Credentials (W3C VC) provide a framework but not blockchain-native enforcement.
Selective disclosure is the mandatory gateway. Without it, SBTs remain a niche tool for pseudonymous DeFi sybil resistance, not a foundation for on-chain reputation or societal-scale identity.
thesis-statement
THE SELECTIVE DISCLOSURE IMPERATIVE
The Core Argument: Privacy is a Feature, Not a Bug
Soulbound Tokens require selective disclosure to move beyond a dystopian reputation panopticon.
SBTs without privacy fail. Public, permanent on-chain credentials create a reputation prison that discourages experimentation and enables predatory targeting. This is the antithesis of a decentralized identity system.
Zero-Knowledge Proofs are the unlock. Protocols like Sismo and Polygon ID enable users to prove credential attributes without revealing the underlying data. This shifts the paradigm from data exposure to proof of claim.
Selective disclosure enables composability. A user can prove they are a Gitcoin Passport holder to a DeFi protocol for a yield boost, while simultaneously proving KYC compliance to a CEX, without linking those two identities.
Evidence: The ERC-7231 standard explicitly defines a binding between an identity and a verifiable credential, creating the technical foundation for privacy-preserving, composable reputation.
key-trends
WHY PRIVACY IS NOT AN OPTION
The Three Fatal Flaws of Public-By-Default SBTs
Soulbound Tokens (SBTs) promise a web of trust, but exposing all credentials on-chain creates systemic risks that cripple adoption.
01
The Permanence Paradox
Public SBTs are immutable ledgers of your past, creating a permanent reputation debt. A single revoked credential or a bad actor's attestation becomes a permanent, public stain.\n- No Right to be Forgotten: GDPR and similar regulations are impossible to comply with.\n- Reputation Stagnation: Users cannot evolve their on-chain identity, freezing them in past states.
0%
Regulatory Compliance
Permanent
Data Lifespan
02
The Sybil Attack Amplifier
A public graph of social connections is a cheat sheet for attackers. By analyzing linkages, they can reverse-engineer sybil resistance algorithms used by protocols like Optimism's Citizen House or Gitcoin Grants.\n- Targeted Manipulation: Fake accounts can be crafted to mimic legitimate connection patterns.\n- Collusion Mapping: Entire sybil clusters can be identified and copied, not avoided.
100%
Graph Exposure
Easier
Attack Surface
03
The Context Collapse
A credential's meaning depends on context. A public SBT revealing a "Gold Trader" attestation to everyone collapses its utility. It should be disclosed only to a DeFi protocol for a leverage loan, not to a DAO voting on art grants.\n- Zero Nuance: All verifiers see the same data, enabling discrimination and manipulation.\n- Broken ZK Use Case: The value of zk-proofs for selective disclosure (e.g., zk-SNARKs, zk-STARKs) is completely nullified.
1
Context For All
0%
ZK Utility
PRIVACY-UTILITY TRADEOFF
Public SBTs vs. Selective Disclosure: A Feature Matrix
A first-principles comparison of on-chain identity models, quantifying the limitations of public SBTs and the capabilities unlocked by selective disclosure mechanisms.
| Feature / Metric | Public SBTs (Base Model) | Selective Disclosure (ZK Proofs) | Selective Disclosure (Delegated Attestations) |
|---|---|---|---|
Verification Privacy | Full on-chain exposure | Zero-knowledge proof of claim | Trusted third-party query |
Data Minimization | |||
Revocation Capability | Permanent (burn token) | Real-time (proof invalidation) | Real-time (attester control) |
Cross-DApp Composability | Unlimited (public state) | Permissioned (proof per verifier) | Permissioned (API key per verifier) |
Gas Cost for User Verification | 0 (read-only) | ~500k-1M gas (proof gen) | 0 (attester pays) |
Trust Assumption | Trustless (blockchain) | Trustless (cryptography) | Trusted (attester integrity) |
Example Protocols / Standards | ERC-721S, Masa | Sismo ZK Badges, Polygon ID | EAS, Verax, Gitcoin Passport |
deep-dive
THE VERIFIABLE DATA LAYER
How Selective Disclosure Actually Works: The ZK Stack
Selective disclosure uses zero-knowledge proofs to let users prove specific claims from a credential without revealing the underlying data.
Selective disclosure is not encryption. It is a verifiable computation that proves a statement about private data is true. A user proves they are over 18 from a passport credential, but the ZK proof reveals only the boolean result, not their birth date or document number.
The ZK stack separates data from proof. Protocols like Sismo and Polygon ID issue verifiable credentials to user-held vaults. Applications request proofs, not raw data, shifting the security model from trusting APIs to verifying cryptographic statements on-chain.
This enables composable reputation. A proof of a Gitcoin Passport score or a Worldcoin verification becomes a portable, privacy-preserving asset. Unlike opaque Soulbound Tokens (SBTs), ZK-backed credentials prevent unwanted correlation and data leakage across dApps.
Evidence: Sismo's ZK Badges require a ZK-SNARK proof for each usage, ensuring the underlying attestation data from Ethereum Attestation Service (EAS) or Gitcoin never touches the destination chain, mitigating privacy risks inherent in standard SBT designs.
protocol-spotlight
PRIVACY-PRESERVING CREDENTIALS
Builders in the Arena: Who's Solving This?
Selective disclosure requires cryptographic primitives and infrastructure that didn't exist in Web2. These teams are building the core components.
01
Sismo: The ZK Attestation Protocol
Sismo builds Zero-Knowledge Proofs (ZKPs) for granular credential disclosure. Users aggregate data from multiple sources (e.g., Ethereum, GitHub) into a single, private Sismo Badge.
- Proves reputation without revealing underlying wallets or accounts.
- Stateless ZK Badges enable gasless, chain-agnostic verification.
- Modular architecture allows any app to be a data source or consumer.
100k+
ZK Badges Minted
Gasless
Verification
02
Verax: The Shared Attestation Registry
A public good registry on Ethereum L2s (like Linea) for storing and querying verifiable credentials. It provides the canonical source of truth for SBT schemas.
- Decouples issuance from storage, reducing vendor lock-in.
- Standardizes schemas (EAS-compatible) for interoperability across dApps.
- On-chain proof of existence with ~$0.01 attestation costs on L2.
~$0.01
Attestation Cost
EAS Native
Interop
03
Ethereum Attestation Service (EAS): The Schema Standard
The base layer schema registry and attestation primitive. It doesn't enforce privacy but defines the data structure that ZK systems like Sismo build upon.
- Permissionless schema creation enables infinite credential types.
- On-chain & off-chain attestations for flexibility.
- Becoming the de facto standard, integrated by Optimism, Base, and Arbitrum.
1M+
Attestations
L2 Native
Integration
04
The Problem: All-or-Nothing Data Dumps
Traditional SBTs or Verifiable Credentials often leak entire identity graphs. Showing you're over 18 shouldn't reveal your birthdate, wallet address, and every DAO you've ever voted in.
- Privacy Leakage: A single credential exposes the entire linked data set.
- Poor UX: Users must share sensitive data or abstain from participating.
- Security Risk: Creates permanent, public attack surfaces for phishing and sybil attacks.
100%
Data Exposure
High Risk
Sybil Surface
05
The Solution: Zero-Knowledge Proofs & On-Chain Registries
Selective disclosure combines ZKPs for privacy with public registries for trust. You prove a property (e.g., "has a GitHub account >5yrs old") without revealing which account.
- Minimal Disclosure: Prove specific predicates, not raw data.
- Trust Minimized: Verification logic is cryptographically enforced, not delegated.
- Composable: Credentials from multiple sources are aggregated into a single private proof.
Zero-Knowledge
Proof
Granular
Control
06
The Endgame: Portable Reputation Graphs
The stack (EAS schemas + Verax registry + Sismo ZK) enables user-owned, context-aware reputation. Your professional credentials unlock one set of doors, your gaming achievements another, without cross-contamination.
- Anti-Sybil: Protocols can gate access based on provable, unique humanity.
- DeFi Credit: Under-collateralized loans based on verifiable income streams.
- Governance: Vote weighting based on proven expertise, not just token holdings.
User-Owned
Identity
Context-Aware
Access
counter-argument
THE PRAGMATIC LENS
The Counter-Argument: Isn't This Just Over-Engineering?
Selective disclosure is not a feature; it is the foundational requirement for SBTs to function in a world with real people and regulations.
Zero-knowledge proofs (ZKPs) are the only mechanism that enables selective disclosure without compromising the integrity of the underlying credential. This solves the binary choice between full public exposure and useless privacy.
The alternative is irrelevance. Without this capability, SBTs become either toxic data liabilities or inert on-chain artifacts. Protocols like Verax and Sismo are building precisely for this use case, proving market demand.
Compare it to HTTPS. No one calls TLS over-engineering; it is the minimum viable security for web commerce. Selective disclosure via ZKPs is the TLS for on-chain identity, enabling compliant DeFi, verifiable credentials, and reputation-based access.
Evidence: The Ethereum Attestation Service (EAS) schema registry shows over 70% of new attestation types are designed for privacy-preserving use cases, indicating clear developer preference for this architecture.
takeaways
SOULBOUND TOKEN PRIMER
Key Takeaways for Builders and Investors
Soulbound Tokens (SBTs) have stalled due to an all-or-nothing privacy model. Selective disclosure is the cryptographic primitive that unlocks their utility.
01
The Privacy vs. Utility Dilemma
Traditional SBTs are either fully public (a privacy nightmare) or fully private (useless for applications). This binary choice has prevented adoption.
- Public SBTs expose sensitive data like credit scores or health records.
- Private SBTs cannot be used for underwriting, sybil resistance, or reputation-based access.
0%
Adoption
100%
Leak Risk
02
Zero-Knowledge Proofs as the Enabler
ZKP-based selective disclosure allows a user to prove a specific claim about their SBT without revealing the underlying data. This is the core primitive for functional identity.
- Prove you are over 21 without revealing your birthdate.
- Verify a DAO membership credential without exposing your wallet address.
- Show a credit score range for a loan without disclosing the exact number.
ZK-SNARKs
Tech Stack
<1KB
Proof Size
03
The Verifiable Credential (VC) Standard
W3C Verifiable Credentials provide the data model and ZKPs provide the proof layer. This combo creates portable, private, and machine-verifiable attestations.
- Interoperability: Credentials can be issued on one chain and used on another.
- Selective Disclosure: Cryptographic minimization of shared data.
- Revocation: Issuers can invalidate credentials without a central registry.
W3C
Standard
Portable
Data Model
04
Market Opportunity: Underwriting & Access
The first killer apps will be in decentralized finance and exclusive access, moving beyond simple NFT gating.
- Under-collateralized Lending: Prove income or creditworthiness privately to protocols like Goldfinch or Maple Finance.
- Sybil-Resistant Airdrops: Distribute tokens based on proven, unique personhood (e.g., Worldcoin integration).
- Tiered DAO Access: Grant voting power or entry based on proven contribution history.
$100B+
DeFi TVL
New Markets
Addressable
05
Build the Issuer Infrastructure
The bottleneck isn't wallets—it's trusted, compliant issuers. The winning startups will be the Plaid or Checkr for web3.
- KYC/AML Providers: (e.g., Persona, Parallel Markets) can issue SBTs post-verification.
- Professional Credentials: Universities, employers, and licensing boards as issuers.
- Revenue Model: Fee-per-verification or subscription for issuers, not users.
Issuer-First
Strategy
B2B2C
Business Model
06
Avoid the Compliance Trap
Storing raw personal data on-chain is a GDPR/CCPA liability. Selective disclosure architectures are privacy-by-design and regulator-friendly.
- Data Minimization: Only the ZK proof is shared; personal data stays with the user.
- User Sovereignty: Users control when and with whom credentials are shared.
- Audit Trail: Immutable proof of issuance and verification without leaking PII.
GDPR
Compliant
User-Held
Data Control
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall