Blog

Introducing ZIP-SRA-DISCLOSURE: Privacy Without Disclosure Is a Vault Without a Door

The SRA achieves privacy by default through Zcash's shielded pool. But privacy without a structured path to disclosure reproduces the very reset dynamic the architecture was designed to eliminate. ZIP-SRA-DISCLOSURE provides the structure.

ZIP Selective Disclosure Verification

The disclosure problem

ZIP-SRA-EVENTS defines how events are recorded on-chain. ZIP-SRA-KEYGEN defines how the RA constitutes its cryptographic identity. What remains is the question of how the RA opens windows into the shielded record -- how it shares viewing keys with the parties who need them, in a way that is deliberate, auditable, and calibrated to purpose.

If disclosure is ad hoc -- communicated through emails, PDF attachments, verbal assurances -- then the SRA reproduces the exact information fragmentation it was designed to eliminate. A viewing key transmitted without context, without stated purpose, and without an auditable record is only marginally better than a PDF certificate.

Disclosure packages: what a verifier receives

A Disclosure Package is the atomic unit of selective disclosure. It is a signed JSON object containing: the RA's public key and real-world bindings (so the verifier can validate institutional identity), the per-asset viewing key and summary metadata (so the verifier can scan the chain), and disclosure metadata including the stated purpose, verifier role, dossier tier, and any conditions.

The package is signed by the RA using the same FROST threshold key that signs on-chain events. A verifier who receives a signed Disclosure Package can confirm that it was produced by the same authority whose events appear on-chain. The package also includes an advisory expiry -- a social contract, not a technical control, since viewing keys cannot be revoked.

Ten verifier roles and calibrated access

Different parties interact with the registry for different reasons. A prospective buyer needs provenance continuity and title clarity. An insurer needs condition history, valuation, and theft status. A scholar needs exhibition history and attribution evidence. A museum registrar needs all of the above for loan processing.

The specification defines ten standardized roles: BUYER, CONSIGNOR, INSURER, LENDER, MUSEUM, SCHOLAR, CONSERVATOR, LEGAL, ALMA, and OTHER. These roles are advisory -- the RA assigns them based on its own judgment -- but they promote consistency across registries and enable future automated disclosure policies.

Four dossier tiers: from chain-only to full

The on-chain integrity chain is the same for all verifiers. What varies is the depth of off-chain documentary evidence the RA shares alongside it. The specification defines four tiers: CHAIN_ONLY (viewing key only, no supporting documents), SUMMARY (basic provenance outline, thumbnails, key dates), STANDARD (full provenance chain, exhibition history, full-resolution photography, conservation summary), and FULL (everything in STANDARD plus insurance valuations, expert opinions, confidential correspondence).

The art market operates on graduated trust. A preliminary inquiry does not warrant full financial disclosure. A scholarly inquiry does not require insurance valuations. An insurer assessing risk, however, needs everything. Tiered disclosure calibrates information flow to the verifier's actual need.

Irrevocability and its consequences

A viewing key, once transmitted, cannot be technically revoked. This is a fundamental property of Zcash's cryptographic design. The specification addresses this irrevocability through social and institutional mechanisms: advisory expiry dates, contractual non-redistribution clauses, and the Disclosure Ledger -- the RA's off-chain record of every disclosure grant.

If a viewing key is leaked or redistributed beyond its intended audience, the RA's ultimate recourse is Seed_RA rotation (specified in ZIP-SRA-KEYGEN), which re-derives all per-asset keys and invalidates all outstanding Disclosure Packages. This is an extreme measure reserved for systemic compromise. The specification is honest about this constraint: advisory expiry communicates the RA's expectations without pretending to enforce them technically.

How verification reports compound

After scanning the chain and reviewing documentation, a verifier may produce a structured Verification Report summarizing their findings: events verified, hash chain validity, signature validity, open disputes, and an overall integrity assessment (CONSISTENT, ANOMALOUS, or INCOMPLETE).

A signed Verification Report from one verifier can be presented to another party as evidence that independent verification was performed. This is the mechanism by which due diligence becomes reusable rather than episodic. An auction house that verifies provenance and produces a report can present it to a buyer, who can independently confirm the claims by scanning the chain themselves. The coordination tax shrinks with each successive verification.

Alignment with responsible art market principles

The Responsible Art Market (RAM) initiative presupposes that due diligence outputs are reusable -- that once provenance is verified, that verification persists. In practice, this assumption frequently fails because verification is conducted as private PDFs and internal memoranda that do not survive the transaction.

The SRA disclosure protocol renders RAM principles executable by providing the persistence layer RAM implicitly requires. Works with deep chain-of-custody logs, active RA bindings, and a history of independent Verification Reports become easier and cheaper to transact. This compliance premium makes disciplined participation economically rational: lower insurance premiums, faster consignment acceptance, stronger collateral potential, and greater institutional willingness to lend or exhibit.

Key takeaways

Read the full specification