Private Age Assurance for ATP

attpslabs.com · January 26, 2026, 2:07pm

Hi everyone,

Dave here, I introduced myself six months ago after the recording of the indiesky moderation call had stopped.

I am looking for feedback on https://attps.social/ a tool I built that leverages self and atp. It currently only attests whether a person is 18 or above.

It comes with a playground where mock passports can be used to test this out, I had friends have issues with scanning their NFC chip (one person had to try it 10x times for it to work).

Self is free, audited, open-source but comes with a lot of terrible cryptocurrency language due to the nature of the project.

Im open to any type of feedback!

Edit:
Self uses circom (a DSL for writing zk circuits: GitHub - iden3/circom: zkSnark circuit compiler ), with Groth16 ( On the Size of Pairing-based Non-interactive Arguments ) for zkSnarks.

Resource:

Whitepaper by Google re: How self works https://services.google.com/fh/files/misc/self_case_study.pdf

bmann.ca · January 26, 2026, 3:06pm

Welcome! I’ve just been talking to a few people about verification patterns in various ways and am going to do a write up of some patterns here.

@kjetil.kjernsmo.net is looking at doing proof of Norwegian and might find this interesting.

bmann.ca · January 26, 2026, 3:14pm

And this is Self https://self.xyz/

And this is the code GitHub - attpslabs/age-assurance: privacy first age assurance for the atmosphere

Very interesting! Haven’t had time to try it yet but I will.

kjetil.kjernsmo.net · January 31, 2026, 4:37pm

Hi!

Yeah, this is very interesting! So, I’ve been slowly coding up some stuff to use Verifiable Credentials in various forms onto AT Proto, but I get constantly sidetracked.

VC-based age verification can be done using proofs that are generally available in wallets here and there. However, in the EUDI wallets, you are constrained by that the proofs you specifically need are available. Often, you can find a above 18 proof, sometimes you can find a above 15 proof, but there is as of now no usable ZKP, so you can’t just get a proof for if a person is say between 13 and 18 (there seems to be some work on that though), you have to get the birthday and compute from that, which IMHO reveals too much. So, your ZKP is certainly welcome in that respect.

Also note that you have OpenAge. To me, that seems to be a Big Tech-driven openwashing effort to exploit a moral panic to further cement Meta’s control over our identities, but I am willing to be convinced otherwise.

My problem is that it is so hard to debate whether age gating is such a bright idea. I mean, it is clearly use cases for it, but it does not seem societies are able to discuss the fundamentals.

I think it is a terrible idea that governments direct their power towards its own citizens, instead of against Big Tech, where they should be doing. I wrote a blog about this.

Given the lack of critical reflection in public debates, we need to proceed very delicately. I fear a strong pushback from Gen Alpha once they come of age, and I fear that Big Tech will be able to capture their discontent about age gating so that it actually becomes a strong force away from new social technologies that could be good for them.

Gen Z has possibly been the least rebellious generation of youth in human history and as a Gen X parent, I often wonder what we did to deserve that… Youth are supposed to be rebellious, and it is extremely important that Gen Alpha’s rebellion is directed towards those who abuse them, Big Tech. If we’re not careful, I can easily imagine that their rebellion will be directed towards those who made the age gate. Because, they’d be right to.

So, that’s really my main concern when working on this. I believe that VCs can be done to be really helpful. It can really be protective, it can really strengthen the individual, and it can play a role in helping parents and kids get together and navigate the complex world together, which is what we really need, rather than the naive technosolutionist approach of age gating. Age assurance can be used both for good and for bad in this.

Therefore, I’m trying to steer clear of the narrow age assurance use case, to take a broader perspective on how VCs can help. But then, I have almost no resources to be working on it, so I first need to get to the point where I do.

attpslabs.com · January 31, 2026, 5:22pm

I had a quick look and I believe Self.xyz can not support age-range verification.

If you must verify an age range you could potentially do two step verification where one attestation check whether their age is X or younger and a separate attestation to check whether their age is Y or older and use that to identify whether the user fits in the given age group.

*however, you would not know when the user is aging out of this age group so there seems to be flaws in this.

attpslabs.com · January 31, 2026, 5:33pm

We must continue to advocate for privacy first solutions that protect peoples information and prevent companies big and small from creating honeypots of databases that can be hacked.

Zero-knowledge proofs are already used by the EU digital identity wallet as a solution for such cases: Security and Privacy - EU Digital Identity Wallet -

kjetil.kjernsmo.net · February 3, 2026, 12:53pm

Absolutely! I do think there is plenty of good work being done. Unfortunately, it sits in a much bigger context. When the operating system on phone is owned by Google and the verifier has a bunch of Google Tag Manager and other trackers, it is a lot that they can machine learn from metadata alone. There are many such issues in the infrastructure that cause problems.

Are they used or being discussed? My impression is that the European Commission oversells the technology a bit, both from the perspective above, but also for what’s actually ready.

From what I’ve been able to find, the state of the art on the EUDI Wallet on ZKP is ETSI TR 119 476-1 V1.3.1 and that’s a feasibility study.

I have found it very difficult to discuss this, because techies are afraid that if we discuss this publicly, the higher ups will and is likely to throw their hands up and go for a terrible proprietary solution.

So, I believe we discuss the state-of-the-art here, and that this tech will improve the situation a lot, but I also think it is not so easy.

attpslabs.com · February 3, 2026, 4:14pm

from the EUDI Wallet page: “Two Large Scale Pilots are currently active’“, and it seems more are planned with hundreds to participate. What are the Large Scale Pilot Projects - EU Digital Identity Wallet -

I am not an expert on zero knowledge cryptography. But from my understanding Self uses zkSNARKs due to their ability to be useful in decentralized systems like blockchains.

*Edit: @kjetil.kjernsmo.net i just learned that Self uses Groth16 for zkSnarks, I edited the original post linking to the original research paper

attpslabs.com · February 6, 2026, 1:59pm

Hi @kjetil.kjernsmo.net I am new to Discourse and I do not know if you get notified when I edit the OP.

I edited the OP to include more details about how Self creates the zk proofs:

Self uses circom (a DSL for writing zk circuits: GitHub - iden3/circom: zkSnark circuit compiler ), with Groth16 ( On the Size of Pairing-based Non-interactive Arguments ) for zkSnarks.

Thought this might be interesting for u

kjetil.kjernsmo.net · February 6, 2026, 2:52pm

Cool, I didn’t get notified, but I did now. I’ll have a look when I get around to it

verdverm.com · February 10, 2026, 2:53am

Google put out some open source ZKP libraries and is using this for the EU age assurance compliance

attpslabs.com · February 10, 2026, 8:48am

not related to the ZKP libraries of google, but just saw this whitepaper from google regarding how Self uses their Google Cloud Confidential Compute