logoalt Hacker News

rcxdudetoday at 2:32 PM0 repliesview on HN

As I understand it, ZKPs can prove both those properties. You can get a certificate from whoever is trusted to verify that you're over 18, and then you can use that to generate tokens that only encode the information 'X has verified that I am over 18' without either the original verifier or the entity you are providing it to being able to link that to the original certificate.

See section 2 of this document: https://eudi.dev/2.4.0/discussion-topics/g-zero-knowledge-pr... . If there are any objections that this is not technically feasible to achieve in practice, I would like to know what they are.

(Also, AFAIK, setting up such a thing would comply with any of the age-verification laws that are being proposed around the world. You could even set up this as two arms of the same company and be able to prove to your users that while you've seen all their IDs, you cannot link their usernames to their IDs. This still isn't the best because you're still handling their PII with associated risk of leaks but it's a lot better than anyone is doing ATM)