Authentication for the AI Age: Securing identity without sacrificing anonymity
Before, you couldn’t believe everything you read or heard — and now, with the advent of next-generation artificial intelligence, you can’t even trust what you see anymore. The rise of sophisticated AI tools has accelerated the emergence of new identity threats online: deep-fake videos, voice-mimicking software, and other futuristic cyber threats that add to the already complex issue of proving who you are online.
Digital identity management began with you confirming your humanity through squiggly letters and number CAPTCHAs. In order to keep up with evolving cyber threats, verification has evolved into everything from two-factor authentication texts to biometrics like fingerprints and facial recognition.
Zero-knowledge proofs (ZKPs) are the next logical step to protect privacy. Developers have a major opportunity to build the future wave of identity verification and authenticity tools that protect billions of users in the AI age — if they take advantage of it.
Pseudonymity and authenticity in the digital age
The question of authenticity in online interactions began in part with a thought experiment.
In the 1950s, the British mathematician and computer scientist Alan Turing designed what he called “the imitation game,” in which a human evaluator would read a text conversation between a human being and a machine and try to determine which was which. If the evaluator could not reliably tell the machine from the human, then the robot had passed the test.
The conceptual “Turing test,” as it is now known, has evolved into a critical concept with major real-world importance. As bots have become increasingly more sophisticated, many companies have created bot detection algorithms that help ensure our digital interactions are with fellow humans.
However, such technologies are inherently tricky; trying to sort through countless online interactions and identify the fraudulent ones is like searching for needles in a haystack. That is, if the haystack were the size of the sun, and just as dynamic, with each moving line of code and new online transaction constantly reshaping its surface.
Complicating authentication efforts even further is that the need to verify identity online is growing at the same time that human users want more anonymity, not less. While they may be willing to verify their digital identities to access online services, they also want to remain relatively anonymous.
In short, people want more control over their personal data and information, and the ability to have more of a say over who has access to it and when — a pretty valid concern, given that in the last year alone, hundreds of millions of users have had their personal data compromised, with even tech giants like Apple, Meta, and Twitter reporting major data breaches.
People want to verify the party they are dealing with is genuine, without giving up their personal data to a centralized authority that may not use their information responsibly or protect it from bad actors.
Meanwhile, services that need some data from users — often for identity verification and compliance purposes — are increasingly aware of the costs of both data storage and the fallout if that data is later compromised. Companies want to be able to verify critical information without having to bear that potential risk.
How Zero-Knowledge Proofs and Decentralized Verification can help
Think back to the haystack problem. Rather than trying to detect which online interactions are fraudulent, what if we could just verify which ones are true, on an as-needed basis?
ZKPs can validate a statement's legitimacy without the verifying party needing access to the underlying data. For example, a website that sells alcohol could confirm a user's age without storing their full birth date. The seller can be confident that they aren’t selling to a minor, while the buyer can feel more secure knowing that their exact birth date isn’t being unnecessarily exposed online.
People can worry less about who has their data, because they have more control over how much of it is shared with each verification. Meanwhile, companies don’t have to carry the significant regulatory and financial risk that comes with storing user data — they get the verification they need, without taking on as much risk that a cyber attack could compromise that data and cost them millions in legal settlements and damage to their brand as a result.
The Future of Privacy — with ZKPs
Looking ahead, ZKPs may well become a mainstream authentication method, although scaling such privacy-focused systems will also create some challenges.
Platforms will need to redesign and rebuild core functionality around ZKPs and ensure the technology integrates smoothly into customer experiences. Computation limits could be an obstacle, particularly when robust metaverse environments emerge and require constant re-validation efforts — as one Intel executive has written, the metaverse could require a thousand-fold increase in current computing capacities.
There are also interesting questions around consent, transparency, and accountability when ZKP hides certain activity details. Users may want more clarity on what data is fully private versus selectively disclosed. Legal and compliance requirements may necessitate keeping some user data even where ZKPs could minimize it.
However, continually emerging technologies paired with thoughtful implementation could address these concerns while unlocking ZKPs' advantages. Done well, ZKPs could profoundly expand individual empowerment within digital ecosystems, handing people back control over their data – so that they can continue their lives, in person or online, without having to worry as much about proving who they are.
Want to prove your identity online without giving away your identity? Built on the Aleo blockchain, zPass prioritizes your privacy and data security using advanced zero-knowledge (ZK) cryptography techniques for private decentralized identity verification.
Interested in building the future of identity verification? Our Developer Grants program offers funding for projects large and small.
About Aleo
Our blog features the stories of developer and privacy advocates building a better internet with zero knowledge.
About Frank Chen
Frank leads consumer products at Aleo. Prior to Aleo, he was at Gitcoin, where he built the first instance of a quadratic funding mechanism with Vitalik Buterin and led 10+ rounds of quadratic funding for Ethereum public goods. Frank is an avid cook, writer, jiu-jitsu competitor and coach.
For further information contact us at hello@aleo.org