ZK proofs can provide anonymity, but they do not have to. Ever heard of linkable systems? They can detect when multiple proofs come from the same person, even if they can't identify who that person is. The system can force the reuse of the same secret.
Additionally, unique secrets can be tied to identity, too: for example if the ZKP is about knowledge of a secret key tied to your identity, then you can't just mint 5000 independent proofs unless you have 5000 different identities.
There is also something called "nullifiers" which is used in privacy-preserving identity protocols. It is a one-time marker derived from your identity secret that prevents double-use.
What I had in mind was zk-SNARK, FWIW, and zk-SNARK-based credentials, or verifiable credentials can prove "I am a unique registered person" without revealing which one. These systems bind uniqueness to the registration, so you can't just miraculously spawn 5000 fresh ZKPs that look like 5000 humans. There is also ring signatures with linkability, and biometric-based proofs.
Plenty of ways to counteract your "5000 creation of ZKPs" story (Sybil attack).
If you are being pedantic, you are right, ZKP alone does not ensure "one proof = one person", but ZKP + uniqueness enforcement (nullifiers, credentials, commitments) can, and that is what I had in mind.
Nice. I can create 5000 different proofs that I am a human and the site can't tell they're all for the same human.
Not necessarily.
ZK proofs can provide anonymity, but they do not have to. Ever heard of linkable systems? They can detect when multiple proofs come from the same person, even if they can't identify who that person is. The system can force the reuse of the same secret.
Additionally, unique secrets can be tied to identity, too: for example if the ZKP is about knowledge of a secret key tied to your identity, then you can't just mint 5000 independent proofs unless you have 5000 different identities.
There is also something called "nullifiers" which is used in privacy-preserving identity protocols. It is a one-time marker derived from your identity secret that prevents double-use.
What I had in mind was zk-SNARK, FWIW, and zk-SNARK-based credentials, or verifiable credentials can prove "I am a unique registered person" without revealing which one. These systems bind uniqueness to the registration, so you can't just miraculously spawn 5000 fresh ZKPs that look like 5000 humans. There is also ring signatures with linkability, and biometric-based proofs.
Plenty of ways to counteract your "5000 creation of ZKPs" story (Sybil attack).
If you are being pedantic, you are right, ZKP alone does not ensure "one proof = one person", but ZKP + uniqueness enforcement (nullifiers, credentials, commitments) can, and that is what I had in mind.