Homomorphic encryption and similar techniques in this paper are just getting going. They are impressive technologies. However, they often take 100x the compute of "regular" systems with encrypted networking. This is probably the main blocker for these types of technologies. Until and unless insurance companies mandate these technologies because they are tired of paying out for their customers getting hacked, they probably won't be deployed. Probably for the best. Most devs can barely make code without advanced math and encrypted data work, let alone these types of advanced platforms.
I agree that we have more capable+flexible cryptographic primitives than ever before, but I don't really buy the "Universal Protocol" thing.
For non-cryptographic uses we have "universal protocols" already, JSON being an example. You can adapt just about any format to and from JSON, if you want. But the fact that this is possible has not solved the interop problem, in the general case.
Similarly for "Hallucinated Servers". Even if you trust all nodes (and don't need cryptography), distributed computing is still kinda hard, and we have to write programs in particular ways to make them efficiently distributable. I'm sure this can work really well for some problem domains, but it's a subset.
I've been looking at the field, and I can't really see how most of this is useful. ZKPs and FHE add a lot of complexity to a pretty simple task: verifying the age and/or identity.
These tasks are so simple that you can _almost_ use the existing TLS client certificates for that. Their only drawback is that they're trackable. A simple asymmetric challenge-response system with a nonce easily fixes this:
1. The service provider generates a 128-bit nonce and sends it to me.
2. I use a verification system provided by my government, and it returns a document saying: "The owner is more than 18 years old, the nonce for the request was ......, and this proof is valid for this service name hash". This document is signed by the trusted government certificate.
3. I send this signed document to the service provider.
No need for range proofs and other stuff. I think this flow can even be expressed using OIDC and JWTs!
Zk would perfect for online age verification, but governments do not want to implement it like this. Instead they want id and face collection for mass surveillance, using age verification as an excuse.
Based on recent revelations with certain "files" and brazen disregard for human life, I find it hard to believe that the "people" in the gov really care about children at all.
For age verification and identity verification both afaik. Sometimes I wonder if what's needed is "just" a more public push for it, but these topics are so hopelessly technical, I think it has no hope to ever reach the mainstream and poll well. And that is ignoring all the other counterarguments against these that compound on top, some of which are culturally sensitive for many.
These topics are political and I seriously doubt these types of solutions are what the politicians are looking for. In fact, they are the exact opposite of what they are looking for because it takes away the excuses they are using and would lay bare what they are actually trying to do. BTW, I'm not suicidal and I bet you aren't either.
I saw a presentation about this 6 months ago, it looked promising for age verification for example, it's even an already done system, not a research article.
Homomorphic encryption and similar techniques in this paper are just getting going. They are impressive technologies. However, they often take 100x the compute of "regular" systems with encrypted networking. This is probably the main blocker for these types of technologies. Until and unless insurance companies mandate these technologies because they are tired of paying out for their customers getting hacked, they probably won't be deployed. Probably for the best. Most devs can barely make code without advanced math and encrypted data work, let alone these types of advanced platforms.
I agree that we have more capable+flexible cryptographic primitives than ever before, but I don't really buy the "Universal Protocol" thing.
For non-cryptographic uses we have "universal protocols" already, JSON being an example. You can adapt just about any format to and from JSON, if you want. But the fact that this is possible has not solved the interop problem, in the general case.
Similarly for "Hallucinated Servers". Even if you trust all nodes (and don't need cryptography), distributed computing is still kinda hard, and we have to write programs in particular ways to make them efficiently distributable. I'm sure this can work really well for some problem domains, but it's a subset.
I've been looking at the field, and I can't really see how most of this is useful. ZKPs and FHE add a lot of complexity to a pretty simple task: verifying the age and/or identity.
These tasks are so simple that you can _almost_ use the existing TLS client certificates for that. Their only drawback is that they're trackable. A simple asymmetric challenge-response system with a nonce easily fixes this:
1. The service provider generates a 128-bit nonce and sends it to me.
2. I use a verification system provided by my government, and it returns a document saying: "The owner is more than 18 years old, the nonce for the request was ......, and this proof is valid for this service name hash". This document is signed by the trusted government certificate.
3. I send this signed document to the service provider.
No need for range proofs and other stuff. I think this flow can even be expressed using OIDC and JWTs!
What am I missing that requires full-blown ZKPs?
Zk would perfect for online age verification, but governments do not want to implement it like this. Instead they want id and face collection for mass surveillance, using age verification as an excuse.
Google is rolling out ZKP for age verification with state-issued digital IDs. See https://www.eff.org/deeplinks/2025/07/zero-knowledge-proofs-... for context
Based on recent revelations with certain "files" and brazen disregard for human life, I find it hard to believe that the "people" in the gov really care about children at all.
They care the way a cheetah cares about gazelles.
For age verification and identity verification both afaik. Sometimes I wonder if what's needed is "just" a more public push for it, but these topics are so hopelessly technical, I think it has no hope to ever reach the mainstream and poll well. And that is ignoring all the other counterarguments against these that compound on top, some of which are culturally sensitive for many.
These topics are political and I seriously doubt these types of solutions are what the politicians are looking for. In fact, they are the exact opposite of what they are looking for because it takes away the excuses they are using and would lay bare what they are actually trying to do. BTW, I'm not suicidal and I bet you aren't either.
I saw a presentation about this 6 months ago, it looked promising for age verification for example, it's even an already done system, not a research article.
https://github.com/microsoft/crescent-credentials
But of course the thing would need users in order to attract users.
But won't this make the Palantir AI Overlord angery?