The EU has unveiled an open-source age verification app using zero-knowledge proof to shield children from harmful content online.
      • CaptObvious@literature.cafeEnglish
        1·
        2 days ago

        The trust problem in open source is that we can audit the published code, but we have no assurance that what’s published is what’s running

        • AtHeartEngineer@lemmy.worldEnglish
          1·
          1 day ago

          I understand that’s an issue with open source in general, but this specific implementation should be using zero knowledge proofs, which is provable. They are, by definition, provable programs where you can prove properties of data without revealing secrets.

          The way this works in practice is:

          1. govt issues passport with digitally signed credentials
          2. I take a picture of my passport and tap my passport on my phone (you need both, the actual printed info is what “unlocks” your phone to be able to read the NFC data)
          3. Your phone reads off the digital signature from the govt, your date of birth, name, etc
          4. You download the zk proof program and it’s trusted setup files, check that their hashes match what is public and audited.
          5. run your passport info through that program locally, and it produces a: “You are over 21” + “From the EU” + “a nullifier” + “here is mathematical proof that this data is valid”
          6. you take that math proof and use it to unlock the “i am an adult mode”.

          The nullifier is whats used to make sure someone can’t use their passport more than once on multiple accounts, which is the real tricky part … but there are solutions live and usable out in the world today to mitigate this problem while providing a decent level of privacy.

          Really, we shouldn’t have these laws at all, they are fucking stupid…but if we are going to have them, we should at least do it the best we can.