惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
S
Schneier on Security
S
Securelist
P
Privacy & Cybersecurity Law Blog
Scott Helme
Scott Helme
T
Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
L
LINUX DO - 热门话题
Cyberwarzone
Cyberwarzone
Cisco Talos Blog
Cisco Talos Blog
量子位
博客园 - Franky
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Latest news
Latest news
T
Troy Hunt's Blog
N
News | PayPal Newsroom
Google Online Security Blog
Google Online Security Blog
Apple Machine Learning Research
Apple Machine Learning Research
N
Netflix TechBlog - Medium
小众软件
小众软件
P
Palo Alto Networks Blog
Spread Privacy
Spread Privacy
C
Cyber Attacks, Cyber Crime and Cyber Security
C
Check Point Blog
aimingoo的专栏
aimingoo的专栏
WordPress大学
WordPress大学
L
Lohrmann on Cybersecurity
L
LINUX DO - 最新话题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Last Watchdog
The Last Watchdog
S
Security @ Cisco Blogs
P
Privacy International News Feed
Last Week in AI
Last Week in AI
Microsoft Security Blog
Microsoft Security Blog
T
Tailwind CSS Blog
博客园_首页
云风的 BLOG
云风的 BLOG
V
Vulnerabilities – Threatpost
D
DataBreaches.Net
Recent Announcements
Recent Announcements
酷 壳 – CoolShell
酷 壳 – CoolShell
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
罗磊的独立博客
Engineering at Meta
Engineering at Meta
Forbes - Security
Forbes - Security
T
Tenable Blog

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
Vega: Zero-knowledge proofs for digital identity in the age of AI
Brenda Potts · 2026-05-21 · via Hacker News - Newest: "AI"
Three white line-style icons centered on a textured blue-to-green gradient background: a shield, a checkmark inside a circle, and an ID card with a user silhouette—representing security, verification, and digital identity.

At a glance

  • Vega lets users prove facts from government-issued credentials — age, personhood, professional status — without revealing the credential itself. The credential never leaves the device. 
  • Zero-knowledge proofs are generated in under 100 ms on a commodity client device with no trusted setup, making private identity verification practical at scale. 
  • Fold-and-reuse proving means repeated presentations — to different services or through AI agents — skip most of the expensive work after the first proof. 
  • Vega targets real-world formats like mobile driver’s licenses and the EU Digital Identity Wallet, is built in Rust, and will be open sourced soon.

AI is transforming how people interact with digital services, from AI-powered assistants to autonomous agents that act on a user’s behalf. As these capabilities grow, so does the value of strong digital identity: users need reliable ways to establish trust, whether proving they are human or sharing a credential with an AI-mediated service. Government-issued credentials are still the strongest foundation for trust, but today’s verification methods often require people to hand them over. As AI agents begin acting on behalf of humans and interacting with decentralized systems, the need for fast, privacy-preserving ways to prove credentials will only grow.

These needs are already materializing in policy. Governments are moving quickly to formalize digital identity. The EU Digital Identity (EUDI) framework aims to make digital wallets available to all EU citizens, and efforts like the EU’s age-verification blueprint and the UK’s Online Safety Act mandate government ID-based methods for age checks. Application providers face a double bind: they must either use less accurate approaches like AI-based age estimation, or compromise user privacy by requiring ID uploads.

The credential gets uploaded, processed, sometimes stored, and eventually (hopefully) deleted. But high-profile breaches have repeatedly exposed government IDs that users shared for routine verification. These are not edge cases. They are the predictable consequence of a system that asks users to share their most sensitive documents to prove a single bit of information.

This is the question we set out to answer with Vega: Can we make it practical to prove something about a credential without ever revealing the credential itself?

The path to Vega: From idea to practice

Zero-knowledge proofs (ZKPs) are the cryptographic tool that makes this possible. The idea is simple: they allow a user to prove a claim, such as “I am over 21”, without revealing anything else. In practice, this means a user could prove their age from their driver’s license without the verifier ever seeing the license, whether to a website, an app, or a service mediated by an AI agent.  The proof works directly on the credential as issued, so the issuer does not need to change anything.

This is not a new idea. The challenge has always been practicality. Prior systems either require a trusted setup that had to be repeated whenever the logic changed, or they sacrificed performance to avoid the trusted setup, often producing large proofs in the process. For real-world use, the proof needs to be fast to generate, small enough to transmit quickly, and efficient enough to run on a mobile device.

We have spent several years working toward a practical solution. Privacy-preserving identity has been a motivating application (opens in new tab) throughout, and Vega’s proof system draws on several building blocks from that line of work:

  • Spartan (opens in new tab) showed how to efficiently prove R1CS, a standard way to express statements for a general-purpose proof system, with succinct proofs and without a trusted setup.
  • Nova (opens in new tab) introduced folding schemes, which let a prover compress many instances of a computation into one. 
  • HyperNova (opens in new tab) showed that Nova’s folding also provides a key building block for zero-knowledge: folding a real instance with a random instance hides the underlying secret data, a technique dubbed “NovaBlindFold.”
  • NeutronNova (opens in new tab) provided the most efficient folding scheme for handling a batch of instances at once.

Vega puts these building blocks together into a single proof system. A key design goal is simplicity. Spartan, Nova, and NeutronNova are composed in a direct way, and the circuit is built from a small number of standard components, with no exotic multi-field constructions and no trusted setup. On top of this simple foundation, Vega adds the ability to reuse work across multiple proofs of the same credential and a new way to achieve zero-knowledge with minimal overhead. The result is a system that is easy to audit, extend to new credential formats, and deploy.

Performance

Vega generates a zero-knowledge proof of age from a typical mobile driver’s license, about 2 kilobytes (KB), in 92 miliseconds (ms) on a commodity client device. The resulting proof is 108 KB and can be verified in 23 ms. No trusted setup is required. The prover key is 464 KB; it fits comfortably on any phone. For smaller credentials, proving drops to 62 ms, with 83 KB proofs, and 17 ms verification. In practice, a user taps a button to present a credential, and 92 ms later the proof is done. The service learns only the requested fact; the credential never leaves the phone.

Spotlight: AI-POWERED EXPERIENCE

Microsoft research copilot experience

Discover more about research at Microsoft through our AI-powered experience

Under the hood: Fold, reuse, and lookup

Vega’s speed comes from two ideas: fold-and-reuse proving and lookup-centric circuit design. The figure below shows the proving pipeline end to end.

Diagram showing a two-phase zero-knowledge proof workflow. In the “once per credential” phase, a credential input is split into step and core circuits, then reusable data is committed and cached. In the “once per presentation” phase, session-specific data is re-randomized and committed using cached commitments, producing step instances and a core instance. Step instances are folded into one using NeutronNova, combined with the core instance in a Spartan proving step, then processed through NovaBlindFold to add zero-knowledge, resulting in a final ZK proof with size and performance metrics.
Vega’s proving pipeline. Work is split into two phases. The once-per-credential phase splits the credential into step and core circuits and commits reusable data. The once-per-presentation phase re-randomizes cached commitments for unlinkability, folds all SHA-256 step instances into one via NeutronNova, proves the folded step and core circuits with Spartan, and applies zero-knowledge via NovaBlindFold. The final output is a 108 kB proof generated in 92 ms and can be verified in 23 ms. 

The hashing problem, and how folding solves it

A credential proof must do two expensive things: hash the credential bytes with SHA-256 and verify the issuer’s digital signature. Signature verification would normally be the bottleneck, but Vega avoids that cost by working in a field where the signature arithmetic is native. As a result, hashing becomes the dominant cost. SHA-256 works by applying the same compression function to one 64-byte block at a time. A straightforward circuit simply unrolls all of these iterations, so its size grows with the length of the credential. For a typical mobile driver’s license, that is 30 blocks of compression, all captured in a single circuit.

We take a different approach. Instead of unrolling the entire hash, we define one small “step” circuit that proves a single SHA-256 compression step, and we instantiate it once per block. Because these step instances are structurally identical, we can use NeutronNova’s folding scheme to collapse them into a single instance. The prover does work to fold the 30 step instances into one, but this folding cost is modest. Spartan then only needs to prove a single step-sized circuit alongside a separate “core” circuit that handles the rest of the checks, including signature verification and age predicates, rather than a monolithic circuit with 30 unrolled blocks. The proving key only needs to describe one step and one core, so it stays small regardless of credential length.

There is a subtle privacy issue here to address. Credentials vary in length, and if the circuit size varied with the credential, that would leak information. To prevent this, all step circuits share a committed table of intermediate digests. The core circuit selects the appropriate digest using a private index. If the prover selects the wrong entry, the issuer’s signature check fails.

Making it zero-knowledge, cheaply

A proof system needs to be zero-knowledge: the verifier should learn nothing beyond the claim being proved. Existing approaches to achieve this are often complex to engineer and can add significant overhead to the prover. We found a simpler way.

A standard first step is to commit to every message the prover sends using hiding cryptographic commitments, so the verifier sees commitments rather than values. The harder question is to prove that those hidden values would have passed the verifier’s checks. We express those checks as a small constraint system, just a few hundred constraints, since the verifier only performs a logarithmic number of operations. We then fold this constraint system with a random instance via Nova’s folding scheme. This step hides the underlying data, so the zero-knowledge overhead scales with this small constraint system, not the full secret data.

Proving once, presenting many times

A user who presents their credential to one website will likely present it again to another, and another. In a world where AI agents handle many of these interactions on a user’s behalf, the same credential may need to be presented dozens of times a day. The credential itself does not change between these presentations. What changes is the session nonce, a fresh random value from the verifier, and possibly the date or the predicate threshold.

Vega takes advantage of this structure by splitting the prover’s secret data into three parts. The shared data (SHA-256 tables) and the precommitted part, such as the issuer signature and field locations are computed and committed once when the credential is first loaded. The online part, such as the device signature and today’s date, is committed fresh each time. Before each proof, the precomputed commitments are refreshed with new randomness, which is cheaper than recomputing them and ensures that two proofs about the same credential cannot be linked.

Avoiding the parser

Another important part of Vega’s efficiency comes from how it handles the credential format. A mobile driver’s license is encoded in Concise Binary Object Representation (CBOR), and building a full CBOR parser as a circuit would be both complex and expensive. But we realized we do not actually need a parser. The credential bytes are signed by a trusted issuer, so we know they are well-formed. We only need to reach in and grab specific fields.

We treat the credential as a byte-addressable lookup table. The prover says, “the device public key starts at byte 847” and supplies the bytes. The circuit checks three things: that the bytes actually match the authenticated credential, that the right CBOR prefix appears at the start of the field so the prover cannot claim the wrong field, and that the addresses are contiguous so the prover cannot splice bytes from unrelated locations. This replaces an entire parser with a handful of lookups.

The same lookup idea powers length-hiding hashing, as described above: the circuit builds a table of all intermediate SHA-256 digests and picks the correct one at the point where the real message ends.

Device binding

A zero-knowledge credential proof is only useful if it is tied to the person holding the credential. Without device binding, someone who obtains a leaked credential could generate valid proofs for any session. This matters even more in a world of AI agents: if an agent can present a proof on behalf of a user, we need cryptographic assurance that the proof originated from the user’s device, not from an attacker or an unauthorized agent.

Vega addresses this by requiring the holder’s device to sign a fresh session nonce with the device private key, which is bound to the phone’s secure element. The circuit extracts the device public key from the credential via lookup and verifies the device signature over the session nonce hash. Because the device private key never leaves the secure hardware, possession of the signed credential alone is not sufficient to produce a valid proof.

Where this leads

Vega is implemented in Rust and will be open sourced soon. The proof system powering Vega is already available as the open-source spartan2 (opens in new tab) project on GitHub. The paper, joint work with Darya Kaviani, will be presented at the upcoming IEEE Symposium on Security and Privacy in San Francisco. 

While we focused on mobile driver’s licenses as a concrete and timely application, especially given emerging frameworks like the EU Digital Identity wallet, the proof system and circuit techniques are general. They apply to any credential format with a stable byte encoding and a digital signature.

We see several directions where the same primitive becomes increasingly important.

Agents carrying identity on behalf of humans. As autonomous AI agents begin acting on behalf of people, whether booking travel, interacting with services, or entering agreements, those agents will need to prove facts about the human they represent. For example, “my principal is over 18” or “my principal is a licensed physician.” The agent should be able to carry these proofs without ever holding the underlying credential. A zero-knowledge proof generated on the human’s device, bound to the agent’s session via device binding, lets the agent present identity signals without holding secrets.

Bridging off-chain identity to on-chain systems. Decentralized systems increasingly need real-world identity signals, such as KYC compliance, accredited investor status, and jurisdiction checks. Today, this is handled by uploading documents to a centralized intermediary, who then issues an on-chain attestation. The user loses privacy twice: once to the intermediary, and again on chain, where the attestation may be linkable across interactions. A ZKP over an off-chain credential could bridge this directly: the user proves a fact from their government-issued credential, and the on-chain verifier receives only the proof. No intermediary sees the credential, and rerandomization ensures repeated proofs are unlinkable.

As digital identity mandates expand and AI reshapes how humans and agents establish trust, the need for privacy-preserving credential verification will only grow. We see Vega as one step in a broader shift: from a world where proving a fact about yourself requires giving up your identity, to one where cryptography lets you keep it.