🏛️ COMPLIANCE ORACLE

Forced Compliance Audit

The compliance oracle can decrypt any transaction on the Obscura network — no user consent required. This access is built into the protocol: every note is encrypted twice, once for the oracle.

⚠️

Testnet — Oracle Key Is Public

On testnet the oracle secret is derived from a known seed for transparency. On mainnet, the oracle key is held in a ZKCompliance multisig controlled by authorized regulators only. Testnet key is pre-filled below.

Oracle Decryption

TESTNET

Decryption happens server-side — the oracle private key never leaves the server. On mainnet it will be stored in a hardware security module (HSM).

HOW FORCED COMPLIANCE WORKS

🔐

Every note is encrypted twice — by design

When any user shields or transfers funds, the protocol automatically creates two ciphertexts: enc_for_recipient (user key) and enc_for_compliance (oracle key). This is enforced at the circuit level.

🏛️

Oracle holds the master key

The compliance oracle holds the secret key for COMPLIANCE_ORACLE_PUBKEY. It can decrypt the enc_for_compliance blob of any note on the network without any user involvement.

🔑

User cooperation is optional

Users can share their personal viewing key for voluntary disclosure (see Audit page). But even if they refuse, the oracle can always access their transactions via enc_for_compliance.

⚖️

Mainnet: multisig controlled

On mainnet, the oracle private key is stored in a ZKCompliance multisig. Access requires M-of-N signatures from authorized regulators. Testnet uses a published deterministic key for transparency.

Voluntary disclosure (user shares their key):

Audit with Viewing Key →