I’ve never heard anyone explain how you can devise a system that is both Anonymous and immune to somebody handing out their zero knowledge proof tokens by the handful
tl;dr: The “zero knowledge” proof could have a finite number of uses per block of time for each verifier, each of which represented by a unique single-use key. This way anyone sharing keys would be limited by that finite number of uses, and if people sharing this aren’t coordinated they could end up re-using a single-use key.
If the encryption was stolen without their consent, this could tip a user off prompting them to invalidate the current set and get a new one. And if the verification is used to support a pseudonym like an account for an online service then instances of re-use could get flagged for moderators.
I’ve never heard anyone explain how you can devise a system that is both Anonymous and immune to somebody handing out their zero knowledge proof tokens by the handful
Matthew Green the CS/cryptography professor is actively writing about this in fairly broad language https://blog.cryptographyengineering.com/2026/03/02/anonymous-credentials-an-illustrated-primer/
tl;dr: The “zero knowledge” proof could have a finite number of uses per block of time for each verifier, each of which represented by a unique single-use key. This way anyone sharing keys would be limited by that finite number of uses, and if people sharing this aren’t coordinated they could end up re-using a single-use key.
If the encryption was stolen without their consent, this could tip a user off prompting them to invalidate the current set and get a new one. And if the verification is used to support a pseudonym like an account for an online service then instances of re-use could get flagged for moderators.
This is interesting, thanks for sharing