logoalt Hacker News

teravortoday at 1:56 AM1 replyview on HN

    > Look - I know you mean well, but it is clear from this discussion you aren't familiar with cryptography, system security guarantees, Internet infrastructure scaling, or what would be needed to introduce new descriptive information about a person on the Internet and not have it become a new privacy risk.
it's actually clear that you are the one who isn't familiar with this, I referenced remote attestation which you appear to know little about as it addresses the problem of identifying information (the service has no way to link tokens across without help from the CA).

you also don't appear to know what a nullifier is, in a ZKP system you submit identifying information and a hash of a secret string. the CA adds the hash to a public database and in the future you prove you one of the members of the database with a nullifier - the anonymity-set is everyone in the database who entered it prior to your submission. this can also be done with a blind signature to the same effect.

there is no further point to this discussion.

Replies

rockskontoday at 2:34 AM

> it's actually clear that you are the one who isn't familiar with this, I referenced remote attestation which you appear to know little about as it addresses the problem of identifying information (the service has no way to link tokens across without help from the CA).

You've promoted mutually exclusive concepts with regards to cryptography which is why I said you don't seem to understand it. And again - and again and again and again and again and again - what is the additional information you are authenticating based off of beyond age? Remote attestation provides absolutely zero privacy utility here whatsoever on its own! So you've remotely attested this ZKP key represents a person who is an adult. Creating another key based on that information alone is trivial to spoof - for it not to be trivial, it would require validating additional information!

What is your root of trust? What is the basis by which age is verified in a way that can't readily be spoofed?

> you also don't appear to know what a nullifier is, in a ZKP system you submit identifying information and a hash of a secret string. the CA adds the hash to a public database and in the future you prove you one of the members of the database with a nullifier - the anonymity-set is everyone in the database who entered it prior to your submission. this can also be done with a blind signature to the same effect.

That's nice and all for trivia on ZKP but how does that touch upon the problem being discussed?

The mechanics of ZKP are not relevant to the problem of ZKP being categorically worthless for the problem at hand. I don't say ZKP is worthless out of ignorance - more discussions about it won't change that.

The specifics of ZKP do not change the fact that you are validating either too little information to be useful for preventing fraud or too much to have privacy-preserving value.

> there is no further point to this discussion.

Evidently not.

We can't solve private age verification with blockchain tech. I'm happy you're so passionate about it, but it isn't a silver bullet.