Digital Identity Systems and Privacy Challenges
Digital identity systems are becoming a part of our online lives, creating additional headwinds for privacy.
Many governments are using passports and national e-ID frameworks to make it easier for people to prove who they are when they use online services and for financial applications and regulatory compliance.
However, there is a significant caveat: age verification without data exposure.
When someone tries to buy something that is only for adults, for example, be it a betting platform or an online service selling alcohol, the vendor needs to make sure the buyer is old enough, according to the relevant laws of the jurisdiction. Usually such verification means the buyer has to share information like their birth date or passport number.
This creates a problem. When we share more information than we need to, it can open up new attack vectors for data breaches, and that’s a risk nobody wants to take just for accessing services online. It also goes against the idea that we should only share information that is strictly necessary.
Beldex Research Labs is working on a way to address this problem using zero-knowledge cryptography. This means that when someone tries to buy something, they can prove they are old enough without sharing any personal information.
The user’s digital identity wallet can create a cryptographic proof that just says,
“This person is at least 18 years old.”
The seller does not learn anything else.
The Cryptographic Approach
The research paper introduces a system that lets people verify their age eligibility without sharing details of their personal identity. This system combines several cryptographic primitives and mechanisms.
First, the government issues a person with a digital credential that certifies when they were born, which acts as proof of their date of birth. This credential is stored in the person’s decentralized digital wallet.
Next, the user creates a Pedersen commitment that is based on their age. This code is like a box that can be used to prove something without revealing what is inside.
Then, the system checks whether the person is old enough. Their age is verified using range proofs, which verify that the committed age satisfies a regulatory threshold.
Finally, Schnorr-based zero-knowledge proofs allow the user to prove that all of these conditions are satisfied simultaneously.
The verifier (vendor/seller) can confirm that:
- the user holds a valid government credential
- the age was derived from that credential (using Pedersen commitments)
- the age satisfies the required threshold (using range proofs)
All of this was done without learning the birth date, identity, or credential itself.
Why This Matters
As digital identity systems become bigger around the world, they need to balance two things:
Following the rules while keeping information private, upholding both compliance and the user’s right to privacy.
Merchants selling goods and services online need to ensure that the buyer is old enough, but collecting sensitive information is a risk most merchants do not wish to take. This dilemma is because databases storing identity documents become valuable targets for attackers and increase the potential impact of breaches.
Zero-knowledge age verification solves this problem by sharing the information that is only strictly necessary, proving your age privately while nothing about your identity is revealed.
This enables selective disclosure, where digital identity systems can share the minimum information required for a transaction.
So instead of just verifying the statement:
“This person is at least 18 years old.”
We’re now able to verify:
“The age derived from a valid government-issued credential is at least 18.”
Future Research: Bulletproof-Based Range Proofs
The current research uses something called Pedersen commitments and Schnorr-style proofs.
Beldex Research Labs is now looking into something called Bulletproof-based range proofs. This could make the system more efficient.
Bulletproofs can make the proofs smaller and faster to check while still keeping them secure. Such improvements would make it possible to use age verification in high-volume digital identity systems, enabling scalable and seamless real-world deployments.
Advancing Privacy-First Digital Identity
Research like this is important for making digital identity systems better. As governments and institutions start using identity frameworks, cryptography will be essential for keeping personal information safe.
By researching zero-knowledge verification for passports and national e-ID systems, Beldex Research Labs strives to contribute to the development of secure and privacy-focused digital identity technologies.
Listen
back to blog