Age verification

[Graham Cobb]

Age verification is back in the news again due to the DE Bill.  I have
wondered for a while whether crypto could allow us to create some sort
of double-blind age verification system: where the identity (name, date
of birth, etc) of the person is hidden from the entity needing
verification, and the identity of the resource being accessed is hidden
from the entity providing verification.  Ideally, of course, it would be
triple blind: third parties such as law enforcement cannot find out what
resource was accessed by what person, at least not after the fact (maybe
they could with prior notification that a particular person or a
particular resource was to be monitored).

I had in mind something like:

1. Assume that some entities exist who can provide acceptable age
verification (I will use a bank as an example below but it could be any
private or state entity).

2. Bank verifies your age.

3. You request them to sign a certificate stating that you are over a
specific age (say 18).

4. Bank provides the certificate to you.

5. You pass the certificate to the entity needing the proof (say, a
nightclub).

6. Nightclub validates the certificate against the bank's public key
(without needing to contact the bank).

The hard part would seem to be proving that the certificate relates to
the actual person who is presenting it (to a practical level of
certainty similar to traditional techniques), without allowing the
nightclub to find out who that person is! I assume it would have to be
based on some sort of temporary secret which you would have to present
along with the certificate.

I am sure the naive approach above would not work for various reasons
but I wonder what work has been done on this? It seems that proof of age
for everything from creating social media accounts, to shopping, to
drinking, to accessing porn, to ... is becoming more common and it is
essential that we have some way of proving age without disclosing who we
are, or what we want the proof for.

Graham