Comment by rockskon
20 hours ago
Zero Knowledge Proofs are worthless for this.
Either they validate so little information that a single homeless person can authenticate the entire country or they validate so much information as to not have a significant privacy guarantee.
There is no in-between for ZKP validating someone's age.
worthless is too strong.
the truth is that the two extremes you listed can be titrated.
if you use nullifiers you can trade some privacy for some security. basically you convert your true identity into a private token which you can use to authenticate aspects of yourself, the price being that the token can be tracked with some effort across services. better than just using your identity at least. if a token/nullifier is abused it can be revoked and then you have to jump through a bunch of hoops to get another.
there are some other trade offs that can be made.
Okay - so you verify age and what else?
What combination of details can you validate on that is meaningfully privacy-preserving and couldn't result in wide-spread re-use of tokens?
Additionally - what would prevent some kids from getting a homeless man in the city to hand them his ID, get a facial scan, and everything else you can think of to generate a token and then pass that token around?
ZKP are a cryptography-nerd's joy but are are categorically unsuitable for the purpose of age verification. I stand by this without the slightest reservation.
In Italy every citizen has an electronic ID card that contains a private key and can sign challenges. It also has state-signed credentials/certificates that bind the public key to info about the citizen (date of birth etc).
You can do this: when you want to log into a service, the service provider gives you a fresh challenge C, bound to that service/session. You sign the challenge, and then generate a zkp of the fact that:
1. you have the signed challenge C with a certain public key P 2. you have a state-signed credential/certificate that binds P with a person with birth date BD 3. current date - BD > 18 years 4. optionally, you derived a per-service nullifier, e.g. from the card/credential secret, the service origin and a time bucket, so the service can rate-limit abuse without getting a global cross-site identifier
You send the proof to the service provider, that verifies it, and learns nothing about you (except for the fact that you're of age).
An adult can of course give away the card/PIN, but you need to have it physically to sign fresh challenges, so it cannot be passed around as easily as a bearer token. Moreover he loses access to his actual ID, which is required for other services.
the same thing that prevents them from doing reuse right now: platform detection mechanisms. the difference is that right now the identity of the subject is known whereas with ZKP (nullifier approach) only the dirty token is known and where that token was used.
10 replies →