Comment by fbrusch

In Italy every citizen has an electronic ID card that contains a private key and can sign challenges. It also has state-signed credentials/certificates that bind the public key to info about the citizen (date of birth etc).

You can do this: when you want to log into a service, the service provider gives you a fresh challenge C, bound to that service/session. You sign the challenge, and then generate a zkp of the fact that:

1. you have the signed challenge C with a certain public key P 2. you have a state-signed credential/certificate that binds P with a person with birth date BD 3. current date - BD > 18 years 4. optionally, you derived a per-service nullifier, e.g. from the card/credential secret, the service origin and a time bucket, so the service can rate-limit abuse without getting a global cross-site identifier

You send the proof to the service provider, that verifies it, and learns nothing about you (except for the fact that you're of age).

An adult can of course give away the card/PIN, but you need to have it physically to sign fresh challenges, so it cannot be passed around as easily as a bearer token. Moreover he loses access to his actual ID, which is required for other services.