Why Soulbound Tokens Need Confidentiality to Succeed

A public Soulbound Token (SBT) for a university degree or employment credential permanently links a wallet to a real-world identity. This creates systemic risks:\n- Sybil attacks become trivial: adversaries can map and target high-value wallets.\n- Discrimination vectors are encoded on-chain (e.g., membership in a specific DAO).\n- Permanent leakage violates data protection laws like GDPR, making protocols legally toxic.

Proven by zkSNARKs or similar proofs, zk-Creds allow a user to prove a property (e.g., "I have a degree from Stanford") without revealing the credential itself or their wallet address. This enables:\n- Selective disclosure: Prove you're over 18 without revealing your birthdate.\n- Unlinkable attestations: A credential issuer cannot track where or how often you use your proof.\n- Composability: Proofs can be combined privately (e.g., degree + DAO membership) for complex gating.

Full on-chain privacy is computationally expensive. Practical systems use hybrid architectures, similar to zkSync or Aztec for private state. Key components include:\n- Off-chain attestation registries: Hold raw credentials, managed by issuers.\n- On-chain verifier contracts: Cheaply validate ZK proofs of credential ownership.\n- State channels for updates: Allow credential revocation or expiry without public broadcasts. Projects like Sismo and Semaphore pioneer this model.

The killer app for private SBTs is decentralized finance. A user can prove a credit score > 750 or consistent salary payments without exposing their transaction history or identity. This enables:\n- Non-exploitative underwriting: Lenders assess risk without extracting and selling user data.\n- Portable reputation: Build a private financial identity composable across Aave, Compound, and new lending markets.\n- Regulatory compliance: Proofs can include KYC/AML validity without exposing the underlying documents.

Private credentials are only as secure as the keys that control them. Losing a wallet means losing your provable identity. Solutions must address:\n- Social recovery: Systems like Ethereum's ERC-4337 smart accounts enable guardian-based recovery without custodians.\n- Hardware security: Integration with Ledger or Trezor for signing ZK proofs.\n- Interoperability: Recovery mechanisms must work across the private credential ecosystems of Polygon ID, Circle's Verite, and others.

Isolated private credential systems have limited utility. The end-state is a network where a proof minted on one chain is verifiable on any other, creating a web of trust without a central issuer. This requires:\n- Standardized proof formats: Like W3C Verifiable Credentials, adopted by chains and rollups.\n- Universal verifier contracts: Deployed on Ethereum L1, Arbitrum, Optimism, etc.\n- Bridge integration: LayerZero and Axelar could transmit proof validity states, not user data.

Permanent, public on-chain records create immutable baggage and invite discrimination. This kills mainstream utility.

• Sybil-resistance is useless if users fear linking all activity to a single public identity.
• Reputation systems (e.g., for lending or governance) fail if scores are visible to all competitors.
• Adoption ceiling: No enterprise or individual will onboard sensitive credentials (diplomas, employment) to a public ledger.

Prove credential validity without revealing the credential itself. This is the core primitive for usable SBTs.

• Selective Disclosure: Prove you are "over 21" or "a accredited investor" without showing your passport.
• Privacy-Preserving Sybil Resistance: Protocols like Worldcoin can verify uniqueness without creating a public graph of connections.
• Composability: ZK proofs enable private reputation to flow through DeFi (e.g., Aave, Compound) and DAOs.

Full confidentiality requires moving sensitive data and computation off-chain. The chain becomes a verification layer.

• Minimize On-Chain Footprint: Store only commitment hashes (e.g., in a zkSNARK or zkSTARK) or use systems like Semaphore.
• Leverage Co-Processors: Projects like Axiom or RISC Zero enable trustless off-chain computation for complex reputation logic.
• Scale & Cost: Keeps gas fees low and enables complex credential logic impossible in an EVM smart contract.

Sismo builds modular ZK attestations, demonstrating the stack needed for confidential identity.

• ZK Badges: Non-transferable, private tokens that prove membership or reputation from source platforms (e.g., Gitcoin, ENS).
• Data Aggregation: Creates a unified, private identity from multiple fragmented Web2 & Web3 data sources.
• User Sovereignty: Users hold proofs in a vault, choosing when and where to generate ZK proofs for dApps.

Total anonymity invites regulatory backlash. The winning systems will offer auditability for authorized entities.

• Programmable Privacy: Use zk-proofs with view keys (like Aztec) or FHE to allow regulatory oversight under specific conditions.
• Avoiding Tornado Cash Fate: Designs must allow for lawful intervention without breaking user privacy for all other use cases.
• Enterprise Requirement: Institutions need to prove compliance (e.g., KYC/AML) without exposing customer data on-chain.

Confidential SBTs become the trust layer for the next generation of applications, moving beyond DeFi.

• Private Governance: DAOs like Optimism can run token-weighted voting without exposing individual stakes or decisions.
• Under-Collateralized Lending: Private credit scores enable protocols like Goldfinch to underwrite loans on-chain.
• The Social Graph: Projects like Lens Protocol or Farcaster can enable private social networks and curated communities.

SBTs aim to prove unique humanity, but public attestations enable Sybil farming via correlation. Adversaries can scrape social graphs to reverse-engineer and replicate legitimate identity clusters, defeating the core purpose.

• Risk: Public SBTs make Sybil attacks cheaper, not harder.
• Solution: Zero-knowledge proofs (ZKPs) to verify uniqueness without exposing the underlying graph, akin to Semaphore or zkEmail for anonymous signaling.

A public, immutable record of credentials becomes a permanent negative reputation jail. A single failed loan or guild expulsion becomes a globally visible scarlet letter, chilling participation.

• Risk: Permanent stigma destroys the "redeemability" essential for functional reputation systems.
• Solution: Selective disclosure via ZKPs. Prove you have a credential meeting a threshold (e.g., "credit score > 700") without revealing the exact score or history.

Linking high-value SBTs (e.g., executive role at Aave, Uniswap delegate) to a public address creates a target for extortion, phishing, and physical threats. This disincentivizes key individuals from participating in governance.

• Risk: Real-world safety threats and governance attrition.
• Solution: Confidential credentials using zk-proofs or fully homomorphic encryption (FHE) models like Fhenix or Aztec, allowing private voting and attestation.

Public SBTs that map to real identities automatically violate GDPR's "right to erasure" and similar global data protection laws. This invites enforcement actions and bans, crippling protocol growth.

• Risk: Legal non-compliance by design, blocking mainstream institutional adoption.
• Solution: Privacy-by-default architectures that keep personal data off-chain or encrypted on-chain, treating the blockchain as a verification layer, not a publication layer.

Public financial SBTs (income, credit score) enable perfect price discrimination and exclusion. Lenders like Aave or Compound could offer worse rates based on immutable on-chain history, creating a predatory system.

• Risk: Automated, immutable redlining and loss of competitive markets.
• Solution: ZK-verified ranges for DeFi underwriting. Prove eligibility for a rate tier without revealing the exact data point, similar to zkKYC proofs used in Mina Protocol.

While composability is a superpower, public SBTs create unintended and irreversible data composites. A gaming SBT + a DeFi SBT + a social SBT paints a complete portrait, enabling profiling far beyond any single application's intent.

• Risk: Loss of contextual integrity and emergent surveillance from Ethereum's global state.
• Solution: Context-bound ZK proofs and data minimalism. Each application gets only the proof it needs, preventing cross-context aggregation. Frameworks like Sismo's ZK badges point the way.

Public SBTs broadcast your credit score, employment history, and DAO voting record. This creates systemic risks:\n- Sybil attacks become trivial by copying public reputation graphs.\n- Discrimination vectors emerge (e.g., loan denial based on public health SBT).\n- Reputation laundering markets incentivize selling/renting attested identities.

Prove you hold a credential without revealing its content. This enables private reputation checks for DeFi, governance, and access control.\n- Selective disclosure: Prove you're over 18 without revealing your birthdate.\n- Aggregate reputation: Prove you have >1000 Gitcoin Passport points without listing each grant.\n- Unlinkability: Use a credential across apps without creating a persistent identity graph.

Immutable, public SBTs are a permanent record. A single mistake or outdated affiliation becomes an inescapable on-chain tattoo.\n- Innovation stifled: Developers avoid experimenting with new protocols for fear of permanent failure record.\n- Social ossification: DAOs cannot evolve past early, controversial decisions.\n- No right to be forgotten conflicts with global regulations like GDPR.

Confidentiality enables practical revocation and expiration mechanisms without public shaming.\n- Ephemeral attestations: SBTs for event access auto-expire and leave no public trace.\n- Off-ramps: Issuers can revoke compromised credentials without broadcasting the reason.\n- User-controlled sunsetting: Individuals can deprecate old credentials, enabling personal growth.

Without private credit history, all DeFi lending requires >100% collateral. SBTs could enable undercollateralized loans, but only if a borrower's full financial history isn't public.\n- Public SBTs = frontrunning: Competitors see your loan requests and business deals.\n- No risk-based pricing: Lenders can't offer better rates to good actors without exposing their portfolio.\n- Capital inefficiency: $50B+ locked in over-collateralized positions that could be unlocked.

Borrowers can prove a credit score falls within a range (e.g., >700) or that they have a clean repayment history from a private credit oracle like Credora or EigenLayer attestation.\n- Risk-based rates: Lenders offer better terms without seeing underlying data.\n- Composability: Private score can be reused across Aave, Compound, Morpho without linkage.\n- Regulatory compliance: Proofs can satisfy KYC/AML requirements without exposing personal data.