The Need for Private Digital Identity in the Age of AI

The advancement of artificial intelligence is fundamentally transforming how people interact with the digital world, from AI-powered assistants to autonomous agents acting on a user's behalf. As these capabilities grow, so does the value of strong digital identity. Users need reliable ways to establish trust, whether proving they are human or sharing a credential with an AI-mediated service. Government-issued credentials still form the strongest foundation for trust, but today's verification methods often require individuals to hand over these documents, either physically or digitally.

This practice carries significant risks: credentials are uploaded, processed, sometimes stored, and hopefully eventually deleted. However, high-profile breaches have repeatedly exposed government IDs that users shared for routine verification. These are not edge cases but the predictable consequence of a system that asks users to share their most sensitive documents to prove a single piece of information. The need for fast, privacy-preserving ways to prove credentials will only grow, especially as AI agents interact with decentralized systems. This scenario prompted researchers to ask: Can we make it practical to prove something about a credential without ever revealing the credential itself?

Vega: Zero-Knowledge Proofs in Action

The answer to this question lies in Zero-knowledge proofs (ZKPs), the cryptographic tool that makes this scenario possible. The idea is simple: ZKPs allow a user to prove a claim, such as "I am over 21", without revealing anything else. In practice, this means a user could prove their age from their driver's license without the verifier ever seeing the license, whether to a website, an app, or a service mediated by an AI agent. The proof works directly on the credential as issued, so the issuer does not need to change anything.

The historical challenge with ZKPs has always been their practicality. Prior systems either required a trusted setup, which had to be repeated whenever the logic changed, or they sacrificed performance to avoid the trusted setup, often producing large proofs in the process. For real-world use, the proof needs to be fast to generate, small enough to transmit quickly, and efficient enough to run on a mobile device. Vega addresses these challenges, generating a Zero-knowledge proof of age from a typical mobile driver's license (about 2 KB) in just 92 milliseconds (ms) on a commodity client device. The resulting proof is 108 KB and can be verified in 23 ms, with no trusted setup required. The prover key is 464 KB, fitting comfortably on any phone.

Technical Details and Operational Mechanisms

Vega's speed comes from two key ideas: fold-and-reuse proving and lookup-centric circuit design. Vega's proof system draws on several building blocks from years of research, including Spartan, which showed how to efficiently prove R1CS (a standard way to express statements for a general-purpose proof system) with succinct proofs and without a trusted setup. Nova introduced folding schemes, which let a prover compress many instances of a computation into one. HyperNova extended Nova's folding to provide a key building block for zero-knowledge, hiding the underlying secret data, a technique dubbed "NovaBlindFold." Finally, NeutronNova provided the most efficient folding scheme for handling a batch of instances at once.

Vega puts these building blocks together into a single proof system, with a primary design goal of simplicity. Spartan, Nova, and NeutronNova are composed in a direct way, and the circuit is built from a small number of standard components, with no exotic multi-field constructions and no trusted setup. On top of this simple foundation, Vega adds the ability to reuse work across multiple proofs of the same credential and a new way to achieve zero-knowledge with minimal overhead. The result is a system that is easy to audit, extend to new credential formats, and deploy. Another crucial part of Vega's efficiency comes from how it handles the credential format. Instead of building a full CBOR parser as a circuit, which would be both complex and expensive, Vega treats the credential as a byte-addressable lookup table. This replaces an entire parser with a handful of lookups, significantly improving efficiency. Furthermore, Vega includes device binding, requiring the holder's device to sign a fresh session nonce with the device private key, which is bound to the phone's secure element. This ensures that possession of the signed credential alone is not sufficient to produce a valid proof, preventing unauthorized use.

Future Implications and Data Sovereignty

Vega is implemented in Rust and will be open sourced soon. The proof system powering Vega is already available as the open-source spartan2 project on GitHub. While the focus has been on mobile driver's licenses as a concrete and timely application, especially given emerging frameworks like the EU Digital Identity Wallet, the proof system and circuit techniques are general. They apply to any credential format with a stable byte encoding and a digital signature.

This approach opens up several directions where the same primitive becomes increasingly important. For instance, as autonomous AI agents begin acting on behalf of people, whether booking travel, interacting with services, or entering agreements, those agents will need to prove facts about the human they represent. Vega allows these agents to carry such proofs without ever holding the underlying credential. Additionally, Vega can bridge off-chain identity to on-chain systems. Currently, KYC compliance or accredited investor status is handled by uploading documents to a centralized intermediary, leading to a double loss of privacy. A ZKP over an off-chain credential could bridge this directly: the user proves a fact from their government-issued credential, and the on-chain verifier receives only the proof, with no intermediary seeing the credential and with re-randomization ensuring unlinkability of repeated proofs.

For organizations evaluating on-premise or hybrid deployments, Vega's approach strengthens data sovereignty and privacy, which are crucial aspects. The ability to keep credentials on the user's device, processing proofs locally, reduces reliance on third-party cloud services for identity verification, offering greater control and compliance. As digital identity mandates expand and AI reshapes how humans and agents establish trust, the need for privacy-preserving credential verification will only grow. Vega represents a significant step in a broader shift: from a world where proving a fact about yourself requires giving up your identity, to one where cryptography lets you keep it.