Zero-Knowledge Proofs (ZKPs) are the hottest new technology in blockchain — and for good reason. The ability to prove something while not having to share the available information behind it is just immensely powerful. This is particularly true as it relates to digital identity. Think about how you’d prove you’re over 21 without having to show your ID, or prove where you live without disclosing your home address. That's the dream ZKPs offer. Before we start to count our chickens, let’s slow down here. As much as the promise is large, ZKPs aren’t some panacea to fix all of our identity problems.
Anonymity Isn't Always What It Seems
Think about it: How truly anonymous are we really online? In the real world both DeFi and in the more regulated crypto spaces, the desire for anonymity is being overtaken by a desire for compliance.
ZKPs offer the illusion of anonymity. In most real-world applications, ZKPs are linked to one-time use, persistent identifiers. It's like wearing a mask to a party, but everyone knows who you are because you're the only one wearing a mask and holding a specific, trackable glass. We know that what you bring to your glass isn’t visible, but you are.
Consider the case of a hawker stall in Singapore. Plus, they peddle “anonymous” food – use crypto and I guess we can all pretend we don’t know who you are! Sounds great, right? Yet at the same time they make it mandatory for you to scan a QR code and enter your phone number for contact tracing purposes. So much for anonymity.
This isn't just a theoretical concern. As KYC/AML regulations tighten, applications built on ZKPs will likely face pressure to implement similar "practical" measures that compromise the very anonymity they're supposed to provide. We need to ask ourselves: Are we simply shifting the point of identification, not eliminating it?
Can You Resist The Knock?
Now picture a world where your digital identity is protected from prying eyes by an ultra-secure ZKP. Your constituents have the secret sauce, and only they can provide it. Sounds foolproof, right? Now picture it was a government agency, or one of the big corporations. They have a warrant, or perhaps just the ability to drop you a package that you can’t refuse.
As all aspects of ZKP identity have inherent vulnerabilities. Indeed, the only way for people to be forced to disclose what their true preferences. No amount of cryptography sophistication means anything if you have a really committed adversary that has enough calculus.
We've seen it time and again: governments and corporations abusing their power to access private data. Mass surveillance programs and data breaches continue to expose sensitive information on a daily basis. The reality is that our digital identities aren’t as secure as we think. For example, optimizations such as multi-party computation, as Vitalik recently proposed, can help alleviate this, but not completely remove the risk. The question is: what happens when real-world power dynamics come into play?
Wealth Shouldn't Define Identity
To rely on “proof-of-wealth” to avoid Sybil attacks in UBI or governance situations is a disaster waiting to happen. It exacerbates current inequities and fairness issues and deepens agency capture, letting whales subvert or even control the decision making process.
Think about it: In a DAO where voting power is directly proportional to the amount of tokens held, a single wealthy individual can easily outvote thousands of smaller token holders. This isn’t a hypothetical situation, we’ve watched it unfold in the hundreds of DeFi rug pulls out there.
Now take into account the expense of curating a massive commercial music library. As a DJ, you need to be a master curator of vibes. That way, you’ll be able to easily locate the ideal song to pump up the audience. It’s that perfect in-between place where just enough structure meets creative chaos. The cost of acquiring N identities should be N². This strategy protects anonymity by requiring mascots to have many different identities. It’s to stop the biggest players from accumulating too much power.
While Vitalik's proposal for pluralistic identity systems is a step in the right direction, it's crucial to address the underlying economic incentives that drive inequality. Going forward, we should be looking at other models that place a higher value on fairness and inclusion, rather than economic might. Otherwise, we set ourselves up to build a digital identity system that only reinforces the biases of the current financial system.
ZKPs are an incredibly powerful tool, but they’re not a panacea. We have to make sense of them, come to them with eyes wide open, understanding their limitations and the dangers that must be mitigated. Instead, let’s work to develop strong, resilient, and equitable identity systems that have the power to put individuals in control without eroding privacy or fairness. The promise of digital identity hangs in the balance.
