Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
lukan 3 days ago

Does that work already? If so, how?

If the API asks for a users minimum age at a certain time, how can the government not know which data set it has to check?

danpat 3 days ago | parent | next [-]

It can be achieved with a zero-knowledge proof - there are many schemes, but in essence, they all allow you to prove something (e.g. your birthdate, validated by a government agency), without revealing who you are. You can prove to a third party "the government authenticated that I was born on 1970-01-01" without exposing who "I" is.

Some worthwhile reading on the topic if you're interested:

https://en.wikipedia.org/wiki/Zero-knowledge_proof#Zero-Know...

https://en.wikipedia.org/wiki/Blind_signature

It should even possible to construct a protocol where you can prove that you're over 18 without revealing your birthdate.

Zero-Knowledge Range Proofs: https://eprint.iacr.org/2024/430

"Zero-knowledge range proofs (ZKRPs) allow a prover to convince a verifier that a secret value lies in a given interval."

selcuka 3 days ago | parent | next [-]

ZKP is better, but still not foolproof. Depending on the implementation, the government may now know that you have an account, or at least attempted to open an account on that service. You will have a hard time denying it in the future if the government asks to see your posts (as the US is currently doing at their borders).

bawolff 3 days ago | parent [-]

> ZKP is better, but still not private. The government now knows that you have an account, or at least attempted to open an account on that service

Umm, no. That is not how a scheme like this would work.

selcuka 3 days ago | parent [-]

> That is not how a scheme like this would work.

When implemented correctly, yes. I've edited my wording slightly to indicate that.

I just don't have faith in most countries, including Australia, to implement it with protecting the privacy of their residents in mind.

bawolff 2 days ago | parent [-]

> When implemented correctly, yes.

I disagree. I can't think of an implementation mistake that would allow just the government to see what services you sign up for.

You could of course screw it up so everybody could see. If the government put a keylogger on your device then they could see. However broadly speaking this is not something that can be screwed up in such a way that just the government would be able to see.

The protocol wouldn't even involve any communication with the government.

bawolff 3 days ago | parent | prev [-]

> It should even possible to construct a protocol where you can prove that you're over 18 without revealing your birthdate.

Not just theoretically posdible, people have done it: https://zkpassport.id/

lukan a day ago | parent [-]

Sounds interesting, but:

"This is experimental software. While it has undergone external review, it has not yet received a formal security audit. Please use with caution and at your own risk in production environments."

SiempreViernes 3 days ago | parent | prev [-]

The anonymity is that the government doesn't know who is asking for the verification, not that the the government doesn't know whose majority it should attest.