← Back to context

Comment by somenameforme

2 hours ago

Can you give a brief explanation of how this is done with a zero-knowledge proof? That site is low information and painful to navigate, and it seems quite surprising to me that this is possible. ID verification, in the government sense, is ostensibly going to require matching an ID against a some other resource. If done locally then you can trivially spoof the result, akin to hacking a game, but if done remotely then it's not zero-knowledge.

I think a zero-knowledge system here would be quite desirable. But a centralized repository that is e.g. maintaining tabs on every single adult-authorization for every single person with verifiable details of them is, by contrast, a dystopic disaster waiting to happen because it will be hacked, leaked, and abused, sooner or later.

3 comments

somenameforme

Reply
brabel  1 hour ago

Most countries in the EU already have widely accepted identity proof apps mostly verified by the banks or the government itself. Once verified the identity app gets a certificate which is signed by the authority which issues the identity. We all know how that works as that’s how TLS works as well. The zero proof age check is based on verifiable credentials and the related verifiable presentation. Once you have a wallet with your identity it’s not hard to issue cryptographic proofs of some properties of your credentials, and age is a property of your identity credentials basically. To learn more about the technical details, search for the specifications I mentioned above: verifiable credentials, verifiable presentations.

  • somenameforme  16 minutes ago

    Ah, and the sites (or whatever else) can then verify the key is valid locally? Assuming that is the case, that'd make for a surprisingly nice system, further assuming that the produced credential is not reversible. I'm highly cynical and so I expected it to be a backdoor for surveillance as it feels like most things under the pretext of 'won't anybody think about the children' are.