Most of this desk’s coverage lives in infrastructure - proofs securing rollups and verifying computation. Identity is the topic that walks the technology out of the machine room and up to every login screen and age gate on earth, because it answers a question civilisation keeps asking badly: how do you prove something about yourself without handing over everything about yourself?
The over-sharing default
Today’s identity checks are blunt instruments. Prove your age and you surrender a document carrying your name, address, birthdate and a photograph - to a bar, a website, a data broker’s eventual breach. Each verifier stores what it saw; each stored copy is a liability with your name on it. The pattern generalises: the credential systems we inherited can only prove attributes by revealing them, so every check is an over-share and the world’s databases fill with copies of everything about everyone, held by parties who needed one bit.
The zero-knowledge answer
The cryptographic fix inverts the flow. An issuer you already trust - a government, a university, an employer - signs a credential containing your attributes. When a verifier asks a question, you do not show the credential; you produce a proof about it: that a validly-signed credential exists whose birthdate field implies over-18, full stop. The verifier learns the answer to its question, the issuer’s signature guarantees the answer is grounded, and nothing else moves - no birthdate, no name, and with the right constructions, no stable identifier linking this proof to your last one. Selective disclosure, unlinkability, and proof-of-predicate: three properties the plastic card never had, delivered by exactly the mathematics this desk covers elsewhere.
The hard problem is not the maths
Sceptics should note where the genuine difficulties sit, because they are mostly not cryptographic. Issuance is the root of trust - a proof about a credential is only as honest as the process that issued it, and identity fraud simply moves upstream. Revocation is the classic tension: proving a credential has not been revoked, without consulting a registry that would see every use, takes careful design. Key management hands ordinary people a cryptographic secret whose loss is identity loss, which is a product problem the field has not fully solved for anyone. And uniqueness - proving you are one person, once, without a global biometric register - remains the deepest open question, with every proposed answer trading privacy, inclusion and Sybil-resistance against each other in public. Honest projects in this space lead with these trade-offs; projects that lead with the word “private” alone have usually not met them yet.
Why now
Two currents make this a live topic rather than a research note. Governments are shipping digital identity at scale - Europe’s digital-identity wallet programme has pushed selective disclosure into mainstream standards work, and the question of how much a wallet reveals per interaction is being decided in specification documents right now. And the age-verification laws spreading across jurisdictions are creating, at speed, exactly the mass-market demand - prove a predicate, reveal nothing - that zero-knowledge credentials answer. Whether the deployed systems actually deliver the cryptographic version of privacy, or a logged, linkable simulation of it, is a checkable question about published specifications. It is precisely the kind this desk exists to keep asking.
The desk answers - what readers actually ask
- Is any of this deployed, or is it whitepaper season?
Deployed, unevenly. Europe’s digital-identity wallet programme has pushed selective disclosure into binding technical specifications; major platform vendors shipped zero-knowledge age-proof libraries into production credential stacks through 2025; and the age-verification wave - the UK’s Online Safety Act checks enforced from July 2025, with comparable mandates spreading across US states and into the EU’s minor-protection work - has manufactured, at speed, the first mass-market demand for exactly this primitive: prove a predicate, reveal nothing.
- So the age gates I’m now hitting use zero knowledge?
Mostly not yet - and that is the checkable scandal. Most deployed age assurance in 2025-26 is face estimation or document upload: the over-sharing default this piece opened with, now at national scale. The cryptographic alternative exists, is standardised, and is shipping in wallet frameworks; whether regulators and platforms adopt the private version or entrench the surveilled one is being decided in specification documents and procurement contracts right now. It is this desk’s favourite kind of story: the gap between what is possible and what is deployed, measurable in public documents.
- What would make you sceptical of a “private ID” product?
Three tells. A stable identifier that links your proofs across verifiers - unlinkability is the hard part, and its absence is usually buried in the token format. A revocation check that phones home on every use. And silence about issuance: a proof about a credential inherits every weakness of the process that issued it. Ask for the spec; honest projects publish one.
- The mathematics under the wallet - our zero-knowledge explainer, from the cave up.
- Provenance’s privacy problem - the same tension, applied to photographs.