> Real cryptographic unlinkability schemes like BBS+ or CL signatures would produce uncorrelated proofs even on reuse. This is not that.
This discussion was already led ad nauseam with the Swiss eID proposal (which is supposed to be EUID compatible) and the reason why the system relies on rotating signatures instead of ZKPs is that the cryptography hardware modules in most phones don't support algorithms such as BBS+. This creates a tradeoff where the states would have to essentially roll their own crypto storage and bank on this being safer than simply rotating through batches of signatures generated by the hardware cryptography modules (which is largely unproblematic in the grand scheme of things). The major advantage of using the hardware module is that it makes it much harder for attackers to extract the actual secret should the device ever fall into someone else's hands, something that happens to phones from time to time.
Overall, as with every digital ID thread, it would help if some of the fearmon gering commentators would read the actually EUDI specs for once in their lives as it already addresses most of the concerns copy-pasted into these threads
https://eudi.dev/1.6.0/architecture-and-reference-framework-....
Have you read the spec? I have, but I don't understand how the revocation flow is supposed to be safe against collusion between issuers/governments and site owners to reveal the identity of (age verified) users.
Can you model the flow of the attack you want to mount here?
Is it the following:
Issuer revokes the wallet of Alice and then publicly says “This ID is Alice btw” and then verifiers can check their lists to see whether any of their received signatures are revoked (in which case they must be Alice)
The EU's own experts have modeled it. At least that's my understanding of what they are saying in their "Privacy risks and mitigation" document [1].
Section 5 mentions that this issue could be mitigated at some point in the future by using ZKPs, but here's what they're saying about the status of this ZKP integration:
"This topic will be revisited in Topic G to determine the foundational requirements needed for its future integration"
Doesn't sound like this will be implemented any time soon.
I'd very much like to read up on the various proposed ID systems, pros and cons and experience. Do you have a good starting point to recommend beyond "(insert country) eID" on Wikipedia?
> Overall, as with every digital ID thread, it would help if some of the fearmon gering commentators would read the actually EUDI specs for once in their lives
Yeah
I'm getting really really tired of the "crying wolf" crowd
To be fair to some of them, across the Atlantic the Americans are implementing similar laws in absolutely ridiculous ways.
Many Americans don't even have ID (and plenty of those are reluctant to the general concept of any kind of government ID), let alone any kind of digital ID. However, their governments are pushing frankly weird and absurd ID verification laws to businesses online. Meta seems to be bankrolling lobbying around these laws, so whatever their game is, it's probably very bad for normal people.
If you're coming from a place where the government tells companies they need to set up a system or hire private companies to verify users' ages without providing any kind of official mechanism themselves, leading to ridiculous hacks from cheap and incompetent "age verification" companies, I can understand why the European system seems absurd.
If the US is going to adopt their weird age verification laws, the least they could do is fork the European system already laid out for them. Put a little American flag on it, call it "America First Christian Age Truthness" or whatever the people in charge like, but at least keep the basic privacy properties intact.
I don't believe this. "Many" perhaps in raw out-of-context numbers but as a percentage of the population, very few functioning, self-supporting and employed adults in America do not have an ID. It's simply not possible to participate in society without one. You need an ID to register a car, to drive, to vote, to bank, to get a job, to buy a house, to rent an apartment, to get water, power, gas, internet....
If you don't have an ID, you are either a child, or you are deliberately trying to exist off the record. I.e. you are here illegally or you have chosen some very fringe antisocial survivalist offgrid way of living.
> It's simply not possible to participate in society without one. You need an ID to register a car, to drive, to vote, to bank, to get a job, to buy a house, to rent an apartment, to get water, power, gas, internet....
Around 10% of American adults do not drive.
6% of American adults do not have a bank account (4% for whites and Asians, 11% for Hispanic, and 14% for Black). It is 23% for people with incomes under $25k [1].
About 20% of adult Americans who are not retired do not have a job [1]. Did you forget that some people live with other people and in many of those arrangements only one of them has a job?
Many people have living arrangements where they are not the owner or the renter of record of the place they live. For example many people who live with others as described above.
Approximately 5% of the US economy is cash based and often does not care whether you have any formal ID. Often people who live mostly in the cash economy live in areas with many other such people, which makes it easier.
Just because the government is not out to get you at this exact moment doesn't mean that a future government won't be. Surveillance capacity seems to be a one way ratchet.
Mandatory app installation through the mandatory state sanctioned rootkit Google Play store and 4G/5G LTE modems on-chip management engines. And that doesn't even cover the ubiquitous app data partnerships which report your information upstream.
This discussion was already led ad nauseam with the Swiss eID proposal (which is supposed to be EUID compatible) and the reason why the system relies on rotating signatures instead of ZKPs is that the cryptography hardware modules in most phones don't support algorithms such as BBS+. This creates a tradeoff where the states would have to essentially roll their own crypto storage and bank on this being safer than simply rotating through batches of signatures generated by the hardware cryptography modules (which is largely unproblematic in the grand scheme of things). The major advantage of using the hardware module is that it makes it much harder for attackers to extract the actual secret should the device ever fall into someone else's hands, something that happens to phones from time to time.
Overall, as with every digital ID thread, it would help if some of the fearmon gering commentators would read the actually EUDI specs for once in their lives as it already addresses most of the concerns copy-pasted into these threads https://eudi.dev/1.6.0/architecture-and-reference-framework-....