Comment by snackbroken
21 hours ago
> The point of this is that you can use the credentials on your phone to prove that you are an adult to a website using zero-knowledge proofs to avoid disclosing your identity to anybody.
It is my understanding that this is not possible. I would be happy to be shown to be wrong, but to me it seems like you can either prevent people from lending out their credentials, or you can preserve the anonymity of the user, but not both.
You can use 0KP to prove you have a signed certificate issued by your government that says you are an adult, but then anyone with such a certificate can use it to masquerade as however many sock puppets they like and act as a proxy for people who aren't adults. You can have the issuing government in the loop signing one-time tokens to stop Adults-Georg from creating 10k 18+ attestations per day, but then the issuing government and the service providers have a timing side-channel they can use to correlate identities to service users. Is there some other scheme I'm missing that solves this dilemma?
> It is my understanding that this is not possible. I would be happy to be shown to be wrong, but to me it seems like you can either prevent people from lending out their credentials, or you can preserve the anonymity of the user, but not both.
This is not designed to prevent adults from coöperating with minors; that makes no sense as a design goal because any technical measure can always be bypassed with “download this for me and give me the file”. This is designed to prevent minors from being able to access systems without an adult.
Nothing prevents an adult from buying alcohol on behalf of minors; that doesn’t mean laws that prevent minors from directly buying alcohol are useless.
But laws against selling/giving alcohol to minors are moderately successful at curbing teen alcohol use because they carry with them a risk of punishment that grows with the scale of the operation. If all it took was one adult who thought "kids should be allowed to drink if they want" to provide all the kids in the country with free booze and that adult had no meaningful fear of repercussions, the laws would be nothing but sternly worded advice.
If the proof of adulthood scheme is truly anonymous, one adult with some technical chops who thinks "kids should be allowed to watch porn if they want" would be able to, say, run an adult-o-matic-9000 TOR hidden service that anyone can use to pinky promise that they are an adult without fear of repercussions. If such a service comes with a meaningful risk of being identified and punished, it is by definition not anonymous.
I suppose I'm just not convinced giving up some basic liberties for a law that converts into sternly worded advice if just one adult chooses to break it is a great idea.
That one adult could also just download and serve the content without an age gate. The security system on the original download seems irrelevant.
1 reply →
> You can use 0KP to prove you have a signed certificate issued by your government that says you are an adult, but then anyone with such a certificate can use it to masquerade as however many sock puppets they like and act as a proxy for people who aren't adults
The certificates in question can use a few mitigations: short lived, hardware stored (in a TPM, making distribution harder), be single use, have a random id which the service being accessed can check how many times has been used.
> but then the issuing government and the service providers have a timing side-channel they can use to correlate identities
That's not reallya concern, IMO. That would always exist as a risk - most people would probably have a flow of trying to do something, having to prove ID/age, doing that step, continuing with the something, which means you'd probably be able to time correlate the two sides quite often. The solution here is legal with strong barriers, not technical.
Can attestations be rate-limited or is that the timing side-channel you are talking about?
Precisely. To rate-limit attestations you either need government somewhere in the loop so that they get notified and can revoke certificates when they detect abuse (but then they can correlate requests to prove adulthood with the service provider), or you need the proof of adulthood to be tied to the certificate in some way that the service provider can tell if a certificate is being re-used. But then anyone with a copy of all the certificates (read: the government) can re-run the proof on their end and figure out who is who.