The EU age verification reference app ships weaker cryptography than marketed, enabling relay attacks and laying groundwork for full digital ID infrastructure.
Key Takeaways
The reference app uses rotating signatures rather than real unlinkability schemes like BBS+ or CL signatures, meaning proofs can be correlated across uses.
Relay attacks are not prevented by the protocol design, a fundamental gap between the privacy guarantees marketed and what is actually shipped.
The system is framed as age verification but the legal texts and EU decisions explicitly target broader digital ID rollout, not just age checks.
Hardware constraints drive the cryptography choices: most phone secure enclaves do not support BBS+ or similar ZKP-compatible algorithms, forcing the tradeoff.
Member states must each adapt the reference app, meaning a weak reference implementation will likely propagate across the bloc with inconsistent results.
Hacker News Comment Review
Commenters largely agreed the “trojan horse” framing understates the situation: EU legislative texts openly name digital ID expansion as the explicit goal, not a hidden agenda.
A technical thread debated whether BBS+/CL signatures were ever viable; the consensus was hardware module limitations on consumer phones made ZKP-based unlinkability impractical today, not a policy choice.
Broader concern centered on the reference app setting a weak baseline that individual member states are unlikely to improve on, compounding the privacy gap at scale.
Notable Comments
@bootsmann: rotating signatures over ZKPs is a hardware constraint, not a design preference – phone secure enclaves simply do not support BBS+.
@grey-area: argues digital IDs are inevitable like digital currency; focus should shift to legally constraining what governments can do with them, not blocking issuance.
@wolvoleo: “Even more reason to make the demo app do things correctly” – a weak reference will propagate since member-state compliance is near-certain to be inconsistent.
