This site is fictional demo content. It is not real news or affiliated with any real organization. Do not treat it as fact or professional advice.

NextPaper Logo
nextpaper.ccCYBER CHRONICLE
RSS
EN中文

Full article

FULL TEXT

View this issue
HeadlineINTERNET

Zero-Knowledge Identity Protocol ZKPass Approved by IETF: Prove You Are You Without Revealing Any Personal Information

The zero-knowledge proof identity verification protocol ZKPass is officially approved by the IETF as RFC 9521, enabling users to complete identity verification without revealing any personal information such as name, age, or address.

The Internet Engineering Task Force (IETF) officially approved the zero-knowledge proof identity verification protocol ZKPass as RFC 9521 on May 6, 2029. This means internet identity verification is about to undergo a fundamental transformation — for the first time, users can complete age verification, identity confirmation, and credential checks without revealing any personal information to service providers.

ZKPass was jointly designed by the Ethereum Foundation's privacy research team and Stanford University's Applied Cryptography Lab over three years. The protocol's core idea is that users hold digitally signed credentials from authoritative institutions (such as government agencies or banks). When proving an attribute (e.g., "I am over 18"), users generate a cryptographic proof using zero-knowledge technology. Verifiers can confirm the proof's validity but cannot extract any additional information.

Technical Implementation of Privacy Protection

Traditional identity verification requires users to submit complete information to service providers — registering on social platforms requires name and birthdate, purchasing alcohol requires showing ID with full information. This model has two fundamental problems: information overexposure (users prove one attribute but must leak all attributes) and centralized data storage (service providers' user data becomes high-value targets for hackers).

ZKPass elegantly breaks this dilemma. Users' digital credentials are stored in their local device's secure element. During verification, only a cryptographic proof — approximately 200 bytes of mathematical data — is sent to the verifier. The verifier can confirm validity through public verification keys, but it is mathematically provable that recovering any original information from this proof has difficulty equivalent to breaking elliptic curve cryptography.

Industry Reaction

Privacy advocacy organization Electronic Frontier Foundation called ZKPass's approval "a milestone moment for internet privacy." EFF senior technologist Alexis Hancock said: "We spent twenty years complaining about internet companies collecting too much personal information. Now technology finally provides a way to verify identity without collecting information."

But regulators have mixed feelings. The EU Digital Services Act requires platforms to perform age verification — ZKPass technically satisfies this — but law enforcement worries zero-knowledge proofs could become cover for criminal activity. If anyone can anonymously prove attributes, tracking money laundering and terrorism financing becomes harder. The US Treasury has asked IETF to evaluate the possibility of "compliance backdoors" in the ZKPass standard, but the cryptography community generally believes any backdoor would undermine the security foundations of zero-knowledge proofs.