Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
bootsmann 3 hours ago

> Real cryptographic unlinkability schemes like BBS+ or CL signatures would produce uncorrelated proofs even on reuse. This is not that.

This discussion was already led ad nauseam with the Swiss eID proposal (which is supposed to be EUID compatible) and the reason why the system relies on rotating signatures instead of ZKPs is that the cryptography hardware modules in most phones don't support algorithms such as BBS+. This creates a tradeoff where the states would have to essentially roll their own crypto storage and bank on this being safer than simply rotating through batches of signatures generated by the hardware cryptography modules (which is largely unproblematic in the grand scheme of things). The major advantage of using the hardware module is that it makes it much harder for attackers to extract the actual secret should the device ever fall into someone else's hands, something that happens to phones from time to time.

Overall, as with every digital ID thread, it would help if some of the fearmon gering commentators would read the actually EUDI specs for once in their lives as it already addresses most of the concerns copy-pasted into these threads https://eudi.dev/1.6.0/architecture-and-reference-framework-....

raverbashing 3 hours ago | parent [-]

> Overall, as with every digital ID thread, it would help if some of the fearmon gering commentators would read the actually EUDI specs for once in their lives

Yeah

I'm getting really really tired of the "crying wolf" crowd

jeroenhd 21 minutes ago | parent | next [-]

To be fair to some of them, across the Atlantic the Americans are implementing similar laws in absolutely ridiculous ways.

Many Americans don't even have ID (and plenty of those are reluctant to the general concept of any kind of government ID), let alone any kind of digital ID. However, their governments are pushing frankly weird and absurd ID verification laws to businesses online. Meta seems to be bankrolling lobbying around these laws, so whatever their game is, it's probably very bad for normal people.

If you're coming from a place where the government tells companies they need to set up a system or hire private companies to verify users' ages without providing any kind of official mechanism themselves, leading to ridiculous hacks from cheap and incompetent "age verification" companies, I can understand why the European system seems absurd.

If the US is going to adopt their weird age verification laws, the least they could do is fork the European system already laid out for them. Put a little American flag on it, call it "America First Christian Age Truthness" or whatever the people in charge like, but at least keep the basic privacy properties intact.

thomasingalls 43 minutes ago | parent | prev [-]

Just because the government is not out to get you at this exact moment doesn't mean that a future government won't be. Surveillance capacity seems to be a one way ratchet.