Regulatory compliance is increasingly mandatory for decentralized finance and privacy-enhancing technologies. Current approaches rely on binary inclusion/exclusion lists or retroactive graph analysis by centralized blockchain intelligence firms. This approach strips honest users of their financial privacy, leads to false positives and negatives, and forces decentralized platforms to bear the burden of on-chain transaction monitoring. In this work, we propose a paradigm shift: moving from platform-side surveillance to user-side provenance. We introduce Proof of Source of Funds (PoSoF), a novel cryptographic framework that shifts the burden to the user. Rather than the platform tracing funds, the user locally generates a zero-knowledge proof demonstrating that their deposit originates exclusively from a set of compliant sources. The platform is thus relieved of chain-analysis duties, requiring a constant-time, O(1) verification to enforce admission control. We formulate a unified temporal Directed Acyclic Graph (DAG) abstraction that formalizes both UTXO and account-based ledger histories within a generalized value-flow model. Users extract a compliant sub-DAG of their transaction history and utilize Incrementally Verifiable Computation (IVC) to prove rigorous state-transition predicates that protect against various attack vectors. Crucially, PoSoF provides verifiable cryptographic provenance; it guarantees the legitimacy of the funds without leaking the intermediate transaction topology, intermediary addresses, or the specific origins utilized. We formally define the security properties of PoSoF and evaluate an Ethereum-compatible prototype. Our benchmarks demonstrate that fully private, proactive compliance is highly practical, requiring only ~1.8 s to incrementally update a user's PoSoF per new transaction, and a constant-time ~1.5 ms (~800k gas) for final on-chain EVM verification.

翻译：监管合规性正日益成为去中心化金融和隐私增强技术的强制性要求。当前方法依赖于中心化区块链情报公司的二元包容/排除列表或追溯图分析。这种方式剥夺了诚实用户的财务隐私，导致误报和漏报，并迫使去中心化平台承担链上交易监控的负担。本文提出一种范式转变：从平台侧监控转向用户侧溯源。我们引入资金来源证明（PoSoF），这是一种新颖的加密框架，将举证责任转移给用户。用户不再依赖平台追踪资金，而是在本地生成零知识证明，以证明其存款完全来源于一组合规来源。平台因此免除了链分析职责，只需通过常数时间O(1)的验证即可执行准入控制。我们构建了一个统一的时序有向无环图（DAG）抽象，该抽象将UTXO和基于账户的账本历史形式化为通用价值流模型。用户从其交易历史中提取合规子DAG，并利用增量可验证计算（IVC）证明严格的状态转换谓词，从而抵御各种攻击向量。关键之处在于，PoSoF提供了可验证的加密溯源能力；它保证资金的合法性，同时不泄露中间交易拓扑结构、中间地址或具体来源。我们正式定义了PoSoF的安全属性，并评估了一个兼容以太坊的原型。基准测试表明，完全隐私且主动的合规性高度实用：每笔新交易仅需约1.8秒即可增量更新用户的PoSoF，而最终的链上EVM验证仅需常数时间约1.5毫秒（约80万Gas）。