Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
remcob 16 hours ago

Why is that required? The whole point of zero knowledge proofs is that it can run on untrusted devices.

Aurornis 15 hours ago | parent | next [-]

Because true “zero knowledge” proofs are actually useless for age gating purposes.

Conceptually, if a proof was truly zero knowledge and there were no restrictions on generating it, there would also be nothing stopping someone from launching a website where you clicked a button and were given a free token generated from their ID. If it was truly a zero knowledge proof it would be impossible to revoke the ID that generated it, so there is no disincentive to freely share IDs.

So every real world “zero knowledge” proof eventually restricts something. Some require you to request your tokens from a government entity. Others try to do hardware attention chains so theoretically you can’t generate them outside of the approved means.

But the hacker fantasy of truly zero knowledge proofs is impossible because 1 hour after launch there would be a dozen “Show HN” posts with vibe coded websites that dispense zero knowledge tokens.

moveaxebx 2 hours ago | parent | next [-]

> But the hacker fantasy of truly zero knowledge proofs is impossible because 1 hour after launch there would be a dozen “Show HN” posts with vibe coded websites that dispense zero knowledge tokens.

If I recall correctly, there exist variant cryptographic protocols that let you impersonate a user who provides such a service: that is, the token confers, or can be used to construct something that confers greater privileges in other contexts.

AnthonyMouse 11 hours ago | parent | prev [-]

It's also unclear what they'd even be useful for to begin with.

You need some kind of proof system if you need a central authority to certify something, but why is that required? The parents know the age of their kids. They don't need the government to certify that to them. And then the parents can get the kids a device that allows them to set age restrictions.

Whether those restrictions are imposed by the device on content it displays (which is the correct way to do it) or by the device telling the service the approximate age of the user (which needlessly leaks information), you don't actually need a central authority to certify anything to begin with because either way it's just a configuration setting in the child's device.

gbear605 16 hours ago | parent | prev [-]

You’d have to ask Google