Reconciliation is one of the oldest problems in accounting and one of the least glamorous: two parties each hold their own version of a set of records — invoices, balances, transactions — and someone has to confirm the two versions agree. The conventional way to do that is to move the data. One side sends its ledger to the other, or both send to a trusted intermediary, who lines the records up and flags the differences. That works, but it has a structural cost that has nothing to do with the arithmetic: to check whether the numbers match, somebody has to see everybody's numbers. A newly published patent application takes aim at exactly that cost. It describes a decentralized audit in which the parties confirm their records reconcile without sharing the records themselves.

The hero record is US20260172254A1, "Method and Apparatus for Decentralized Privacy Preserving Audit Based on Zero Knowledge Proof Protocol," published June 18, 2026 and assigned to PwC Product Sales LLC. The application describes a system in which a first local system receives instructions from an orchestrator system to perform a local audit, then runs what the disclosure calls a "local audit model epoch": it analyzes information from its own data sources, requests and receives input from a second local system through a privacy preserving communication framework, and determines whether its local records are reconciled against that input. If they are not, it runs another epoch. The orchestration is central; the data is not. Each side keeps its own records local and exchanges only what the privacy-preserving framework lets through.

Provided herein are systems and methods for decentralized privacy preserving audits comprising receiving by a first local system, from an orchestrator system, instructions to perform a local audit; executing, by the first local system, in response to receiving the instructions to perform the local audit, a first local audit model epoch, wherein executing the first local audit model epoch comprises: analyzing information from one or more data sources from a local data set; receiving first input information from a second local system through a privacy preserving communication framework in response to requesting the first input information; determining whether information from the one or more data sources from the local data set is reconciled based on the first input information.— Method and Apparatus for Decentralized Privacy Preserving Audit Based on Zero Knowledge Proof Protocol, US20260172254A1

What the zero-knowledge part actually buys

The phrase doing the heavy lifting in the title is "zero knowledge proof protocol," and it is worth being precise about what that means, because the term gets used loosely. A zero-knowledge proof is a cryptographic exchange in which one party (the prover) convinces another (the verifier) that a statement is true while revealing nothing beyond the truth of that statement. The canonical statement is something like "I know a value that satisfies this condition" — and the verifier comes away convinced, without ever learning the value. Map that onto reconciliation and the appeal is immediate. The statement a party wants to prove is, in effect, "my records reconcile with yours under the agreed rules," and the zero-knowledge framing lets the other side verify that claim without seeing the line items behind it. The CPC classifications on the record line up with that reading: the lead class is H04L 9/3221, which covers interactive zero-knowledge proof protocols, alongside H04L 9/083 for key distribution involving a central trusted party and H04L 63/0428 for transmitting an encrypted payload. Read together, those classes describe an orchestrated, encrypted, proof-carrying exchange — not a data dump.

This is where the "decentralized" label earns its place rather than just riding a trend. In a centralized audit, trust is concentrated in whoever holds the combined data; in the disclosed approach, the orchestrator coordinates the process but the substantive data stays distributed across the local systems, and the guarantee that the comparison is honest comes from the proof protocol rather than from any one party's custody of the records. That is the same trust-minimizing instinct that drives distributed-ledger and decentralized-identity designs, and the application's own description situates the technique alongside on-chain settings — its disclosure references reconciliation contributors being incentivized in a manner familiar from blockchain and Ethereum Virtual Machine environments. The engineering point is not that an audit must run on a chain, but that the audit can be structured so that no participant has to expose its data to anyone, which is exactly the property a multi-party, low-trust setting needs.

Where it sits in the field — and in the assignee's recent work

Privacy-preserving computation is not new as a field. The state of the art spans secure multi-party computation, homomorphic encryption, federated learning, and zero-knowledge systems, all of which chase the same general goal: compute something useful over data without centralizing or exposing it. What the application contributes is the application of that machinery to the specific, mundane, high-volume problem of audit reconciliation, framed as an iterative "epoch" loop in which a local system keeps running rounds until it can determine reconciliation against input received over the privacy-preserving channel. The "model epoch" vocabulary signals a learning-style iterative procedure rather than a single one-shot check — the audit converges over rounds rather than resolving in one pass.

Placed against the assignee's other recently published applications, the through-line is clear, and it runs from centralized AI document handling toward distributed, privacy-respecting reconciliation. The same inventor team behind the hero record — Li, Cheng, Flavell, Hamer, Davies and others — also appears on US20250209092A1, an "AI-Augmented Composable and Configurable Microservices for Record Linkage and Reconciliation," which describes identifying related data values across multiple datasets and classifying them as reconciled or non-reconciled using similarity and confidence scores. That earlier application solves the reconciliation problem with the data brought together; the new one solves it with the data kept apart. The same lineage shows up in US20250182217A1, an "AI-Augmented Auditing Platform" for automated document processing, and in US20250165537A1 on knowledge representation and reasoning in accounting — both describing machinery for ingesting and reasoning over financial documents centrally.

The reasoning-and-retrieval substrate appears too: US20250231971A1 describes an AI-assisted virtual consultant that scores query similarity against stored cases, and US20250322170A1 and US20250328830A1 describe machine-learning data merging and language-model-driven insight generation over operational data. Across that recent cluster, the arc is recognizable: a body of work on getting structured, reconcilable meaning out of enterprise data, with the newly published application adding the layer that lets that reconciliation happen across organizational boundaries without anyone surrendering the data.

An informed reader should hold the tradeoffs in view rather than the promise. Replacing data-sharing with proof-sharing is a genuinely different security posture: if a comparison can be verified without exposure, the audit stops being a place where confidential records pile up, which matters anywhere counterparties are wary of each other or bound by data-handling rules. But zero-knowledge and privacy-preserving protocols carry real engineering costs — proof generation and verification are heavier than comparing two spreadsheets, the iterative "epoch" loop has to actually converge, and the orchestrator and key-distribution layer (H04L 9/083) introduce coordination and trust assumptions of their own. The published abstract describes the architecture and the privacy-preserving exchange; it does not spell out the proof-system parameters or the performance envelope.

The load-bearing caveat is the usual one, and it is the right altitude for a technology read: US20260172254A1 is a published application, not a granted patent, and it describes an invention, not a shipping product. It tells us how the disclosed approach is meant to work and where it sits in the field — not what has been built or what claims will ultimately issue. For a reader interested in the engineering, that is enough. The interesting fact is not who filed it but what it describes: an audit reframed as a cryptographic conversation, in which two parties can agree their books reconcile without either one ever opening them.