Zero Knowledge Proof of Age

Age verification is an age old problem. Lots of places require you to prove that you are above a certain age to guarantee certain services, be it for issuing a drivers licence, generating a voter id etc. The current way of doing so reveals a lot of information about the user. We want to be able to do the same using Zero Knowledge Proof.

Zero Knowledge Proof of Age


In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that they know a value x, without conveying any information apart from the fact that they know the value x. The essence of zero-knowledge proofs is that it is trivial to prove that one possesses knowledge of certain information by simply revealing it; the challenge is to prove such possession without revealing the information itself or any additional information. (Source: Wikipedia)

Problem Statement: You need to prove to an agency that you are above a certain age threshold. The agency could be:

  • RTO: Driver’s license can only be issued to people above 18 years of age.
  • Online Content providers: Content providers like Netflix or YouTube might want to restrict under age users from accessing certain sensitive material.
  • Election Commission: Election commission provides voter ID to citizens over 18 years of age.

The current way to prove that you are above a certain age limit is to provide the verifier with some official document which contains your Date of Birth. However, doing so reveals your actual age. What we ideally want is to convince the verifier that you are above the required age limit, without telling them your actual age.

Solution: This project gives a simple demonstration of how a user can prove that they are above a certain age limit without actually revealing their age. We use the concept of hashchains for this purpose. The protocol involves 3 parties namely:

  • the prover Peggy
  • the verifier Victor
  • the trusted authority Alice

Victor would not allow Peggy access to certain resource until she can prove that she is above a certain age limit. So she goes to Alice, who holds the age related information about Peggy. Victor trusts Alice to provide correct information. Peggy asks Alice for a provingKit which would allow Victor to verify that she is above the age limit. This provingKit contains 2 hash values called challenge and proof. The process of generating these two hashes is as follows:

  • start with a random $seed$.
  • $proof = hash^{\left(\text{1 + Peggy’s age}\right)}(seed)$
  • $challenge = hash^{\left(\text{1 + Peggy’s age - Age to prove}\right)}(seed)$

example: If Peggy’s age is 5 and she needs to prove she is above 3 years of age,

let proof = hash(hash(hash(hash(hash(hash(seed)))))); // 5 + 1 = 6 times
let challenge = hash(hash(hash(seed))); // 5 + 1 - 3 = 3 times
let provingKit = { proof, challenge };

Peggy gives the provingKit to Victor who then uses the challenge to come up with the verification and check if the verification matches the proof. The process of generating verification is as follows:

  • $verification = hash^\left(\text{Age to prove}\right)(challenge)$

example: Using the above example, since Victor needs to verify that Peggy is over 3 years of age,

 * NOTE: in effect verification = hash(hash(hash(hash(hash(hash(seed)))))); // 6 times
 * So verification should be equal to proof
let verification = hash(hash(hash(challenge))); // 3 times

Finally Victor checks for the equality

if (verification === proof) {
    console.log("Age verification Success");
} else {
    console.log("Age verification Error");

In this process Victor can never find out the actual age of Peggy since hash is a one way function and so he cannot backtrack the hashchain to find the starting point, thereby counting the age of Peggy.

Thank you

Abhijit Sinha avatar
About Abhijit Sinha, "Abhijit"
Member of blockchain team at Imaginea