- Topic
63k Popularity
69k Popularity
42k Popularity
2k Popularity
4k Popularity
7k Popularity
69k Popularity
140k Popularity
484 Popularity
1755k Popularity
- Pin
63k Popularity
69k Popularity
42k Popularity
2k Popularity
4k Popularity
7k Popularity
69k Popularity
140k Popularity
484 Popularity
1755k Popularity
Is my World ID iris data secure? Ethereum founder Vitalik speaks about the three major risks of combining ZK technology with digital identification.
Recently, Ethereum founder Vitalik Buterin wrote an article titled "Does digital ID have risks even if it’s ZK-wrapped? (". In it, he mentioned the Taiwanese government's digital identity plan, as well as Worldcoin's use of zk-SNARKs to protect privacy. However, he pointed out that the one account per person restriction would actually reduce anonymity and increase the risk of privacy leakage.
Worldcoin converts iris data into irreversible hash values.
Vitalik pointed out that the use of zk-SNARKs to protect privacy in digital identification systems has gradually become mainstream. These projects use zk-SNARKs to prove that users possess valid identification documents without disclosing any identification information. Worldcoin utilizes biometric technology for verification and employs zk-SNARKs to safeguard privacy. The Taiwanese government's digital identification project has adopted zk-SNARKs, and the European Union's digital identity is also increasingly focusing on zk-SNARKs.
Worldcoin users scan their irises using the Orb, which signs messages, converts iris data into irreversible hash values, and uploads them to a centralized database. The database only stores the hash values, and the hash values are used solely to prove the uniqueness of users ) without duplication (. Thus, users who have undergone the scan receive a "World ID."
Users with a "World ID" can verify their private keys using zk-SNARKs, corresponding to the public keys in the Worldcoin database to prove their identification without revealing the private keys. Currently, the Worldcoin Orb iris scanner has also been deployed in Taiwan.
)Vitalik deeply analyzes Worldcoin|What are the four major risks? Why does perfect identification not yet exist?(
But Vitalik stated that zk-SNARKs identification still carries risks. These risks are not related to biometric identification, but rather to privacy leakage, susceptibility to coercion, and the possibility of errors.
One person, one account makes anonymity meaningless.
Regarding privacy leakage, although ZK technology allows users to prove their identification without revealing details, if the application only allows one account per person, it instead binds all actions to a single identity, reducing actual anonymity (pseudonymity).
In reality, people often need to express different identities through different accounts ), such as private accounts and public accounts (. However, the one person one identity ZK-ID model would deprive this flexibility. When platforms, under the pretext of convenience, do not adopt ZK designs that can hide the links between different sessions, it may lead to leakage of behavioral correlations, making anonymity virtually non-existent.
The limitation of one account per person will amplify the risk of users being tracked, censored, and suppressed.
Although ZK can keep the link between the account and identification confidential, once a user's secret value ), such as the private key (, is forced to be disclosed, all account activities can be traced. Governments or employers may require users to reveal their accounts, provide activity records, or even request to "log in with that application" to indirectly disclose their identification. In such scenarios, even with the use of ZK technology, the limitation of "one person one account" still amplifies the risk of users being tracked, scrutinized, and suppressed.
ZK cannot solve non-privacy risks
ZK cannot solve non-privacy risks ) such as certification failures or vulnerabilities (. Whether using government ID or biometrics as the basis for ZK identification, there are errors and extreme cases, for example:
Stateless persons cannot obtain any official identification;
Multiple nationality holders can establish multiple identifications;
Passport agencies have been hacked, potentially leading to mass identity forgery;
Biometric characteristics are damaged or copied, resulting in inability to authenticate or identity being impersonated.
These risks are not related to the ZK technology itself, but will be more severe under the "one person, one identification" restriction, as these errors may directly lead to the inability to establish, maintain, or replace identification.
Is my World ID iris data safe? Ethereum founder Vitalik discusses the three major risks of combining ZK technology with digital identification, first appearing in Chain News ABMedia.