Opening up ‘Zero-Knowledge Proof’ technology

Original Article ↗ Hacker News Discussion ↗

Age assurance, porn access, and broader regulation fears

  • Many see age-gating as the thin end of the wedge toward “internet usage permits” tied to government ID via corporate intermediaries.
  • Supporters argue that current reality—young kids rapidly reaching extreme porn or misogynistic content—is unacceptable, and some form of gatekeeping is needed.
  • Others warn that once infrastructure exists, “adult-only” classification can shift to LGBTQ topics, birth control, or other disfavored speech.

Parents vs state: who should protect kids online?

  • One camp: this is fundamentally a parenting problem; empower guardians with better device-level filters and education, not global identity systems.
  • Counterpoint: that only protects kids with “the right kind of parents”; schools, devices, and platforms undermine parental control, so legislation is a legitimate tool.
  • Some argue harsh criminal enforcement against producers/distributors (as with child sexual abuse material) is preferable to mass ID systems.

Architecture: MDOC, secure elements, and unlinkability

  • The scheme builds on existing digital ID formats (e.g., MDOC) issued by governments (DMV/passports) and stored on devices.
  • A secure element (phone chip, smartcard, or similar) holds a key that “binds” the credential to a device and biometric, preventing easy sharing.
  • The ZKP layer lets a site verify properties (e.g., “over 18”) without seeing extraneous attributes (e.g., name) and aims for “unlinkability”: repeated uses can’t be tied to the same person, even if site and issuer collude.
  • Revocation is a hard unsolved tradeoff: real‑time checks reintroduce timing/correlation risks.

Bypassability, sybil issues, and limits

  • Commenters stress that any such system can be bypassed (sharing devices, hardware attacks, proxies, foreign VPNs), so it mainly raises the bar for naïve users.
  • Sybil‑like concerns remain: if even one legitimate user colludes to “rent” their credential, they can front for many others, limited only by biometrics and hardware friction.

Trust model: wallets, big tech, and openness

  • A core criticism: the protocol assumes a “wallet” implementation that can see both user data and relying sites; a malicious wallet can secretly leak usage patterns.
  • Some jurisdictions (e.g., EU) plan to require open‑source, “blessed” wallets, potentially with reproducible builds, which mitigates but does not eliminate trust concerns.
  • Debate over whether users can run their own clients or must rely on government‑approved / big‑tech software and secure hardware.

Technical ZKP discussion and pedagogy

  • Several intuitive explanations are shared (Where’s Waldo, “Ali Baba cave”, paint/Fiat–Shamir transform), plus links to primers and videos.
  • Non‑interactive ZK is explained as simulating interactive protocols by deriving verifier “challenges” from hashing prior transcript and public inputs (Fiat–Shamir).
  • Some clarify why simple “over‑18 token” constructions aren’t truly zero‑knowledge if proofs are deterministic and linkable.

Comparisons to other ZK systems

  • The scheme is described as circuit‑based and compatible with existing ECDSA hardware, targeting client‑side proofs on commodity phones (single‑threaded, no GPU).
  • It’s contrasted with systems like BBS/BBS+, Idemix, and blockchain‑oriented SNARK/STARK frameworks: those are seen as either more complex for this use or slower on this specific credential problem.
  • One commenter notes external benchmarks where this approach is ~10x faster than other candidate systems for identity proofs on the same hardware.

Potential applications and enthusiasm

  • Supportive comments highlight this as a major privacy win versus naive “send your ID scan to every site” approaches, with applications to:
    • age checks,
    • political‑affiliation proofs,
    • SSN‑style identity attributes,
    • anonymous payments and micropayments,
    • zkTLS (proving facts about remote accounts without revealing identity).
  • Others remain wary of centralization, regulatory creep, and dependence on large vendors, while still conceding that this is “strictly better” than current non‑private age‑verification schemes.