← Back to context

Comment by amwet

4 days ago

I have some experience with zkp, so I’ll try to answer your question to the best off my ability. First on the terminology, the “attester” in this case I assume is whoever is anchoring the data or issued the credential you’re trying to prove. For the canonical example, let’s say you’re trying to prove age >= n via a government ID.

1. The site does not know who you are. This is the whole point. You generate a mathematical proof you possess a valid government ID that says “age >= n”

2. Yes. You are generating a zkp based on information anchored by the attester. In this case the ID issuing gov. That attester can be something other than a gov, but zkps are a bit useless if the site doesn’t know what exactly is being proved. In this case you are proving “I possess a government ID saying age >=n”. You must know about the government to care about this proof.

3. Not in this case. The attester only knows it has issued you an ID, but does not need to be further consulted. You could certainly construct a scheme such that you require a ZKP of recent written permission from some entity, but this is not inherent to ZKPs.

4. This is a UX question. If the ZK wallet and website are implemented in such a way that it’s always displayed when a credential is requested and what credential that is, then yes.

Does the "attester" knows who is requesting the information?

Can they map which places requests which person?

  • The attestor gives you a credential once. You can think of it as a dob (in e.g. days since 1900) with a digital signature.

    Then when you want to access something age gated, you locally generate a proof that says “I have a credential signed by X, with DoB N, and N < CutOff date” where X and the CutOff date are public but the credential and the value N are hidden through the ZkP.

    The attestor isn’t involved so doesn’t learn anything. The Verifier only learns the public information, and generally won’t be able to tell if two proofs are made with the same credential.

  • AFAIK, If the scheme is designed properly, then no. The attestor only knows who they have issued certificates to and the verifier only knows that they have a user that has been verified by that user. Neither the attestor or the verifier can link the two any further than that, even if they collaborate.

  • That depends on the setup but is not related to the ZKP part. “who is requesting the proof that person X has a gov ID where age >= N” is irrelevant in the context of the proof.