There is a common misconception about Web3: many people think that Wall Street will conduct most of its business on fully permissionless blockchains. Honestly, this idea is too idealistic.

The crypto community talks about "decentralization" every day, but once it involves RWA—real-world assets, a trillion-dollar market—decentralization becomes a false proposition. Banks must verify your identity, which is a strict requirement for anti-money laundering (AML). But here’s the problem: if they collect user information directly on-chain, they immediately violate privacy regulations like GDPR. It’s a contradiction, right? On one hand, they need to verify identities to comply, but on the other hand, they cannot expose private data.

Dusk Network’s Citadel protocol aims to solve this dilemma: verifying identity and protecting privacy can be achieved simultaneously.

**Why do institutions need this?**

In traditional thinking, data is a goldmine, but for Web3 financial institutions, plain-text identity data is actually a hot potato. The main purpose for institutions using Dusk is simple—meet regulatory requirements, prove that investors are qualified, but without bearing the legal burden of storing sensitive information themselves. If the business process doesn’t require identity verification, just signing with a regular Ethereum address is enough; there’s no need to complicate things.

Dusk’s application scenarios are actually very focused: serving those institutions that are stuck due to regulation. These institutions need to prove "who is trading," but also need to ensure they "cannot see" the specific identities involved.

**How does the Citadel protocol work?**

Dusk achieves a "ghost-like" access mechanism through Self-Sovereign Identity (SSI) technology. The traditional KYC process of uploading passports and filling out forms is completely changed here…