Zero Knowledge Proofs: shifting where the work happens

Digital identity wallets are no longer experimental. They are being written into regulation, embedded into national programs, and integrated into enterprise and financial systems. As that shift happens, choices must be made about how to implement wallets in a way that is both privacy-preserving and scalable at national levels.

One of the most consequential architectural questions is how to minimize data exposure: through today’s selective disclosure implementations, or by investing in zero knowledge proofs (ZKPs) that enable a different approach to achieving selective disclosure.

Both aim to reduce unnecessary data sharing. But they distribute complexity and cost—very differently. At national or cross-border scale, that distribution matters.

The SIROS Foundation is focusing its engineering work on ZKPs because the long-term scalability, correlation resistance, and privacy properties differ significantly from current selective disclosure deployments.

This post explores why that distinction matters and examines the technical and regulatory challenges shaping wallet deployments today.

Selective disclosure: useful, but structurally heavy

In most current large-scale implementations, selective disclosure is achieved by having the issuer sign a credential that contains commitments—typically hash commitments—to each individual claim. At presentation time, the wallet reveals only the openings corresponding to the claims required for that interaction.

This avoids the need to issue different credentials for different attribute groupings. However, it introduces another scaling consideration.

To mitigate linkability across transactions, issuers often need to issue credentials in batches, since each individual credential instance may only be safely presented once without risking correlation. That means issuers are not simply issuing a single long-lived credential per person, but multiple credential instances designed to limit reuse.

At a small scale, that is manageable. At a national scale, it becomes significantly more challenging and costly. Batch issuance increases issuance throughput requirements, revocation complexity, reissuance burden, and lifecycle governance overhead. What begins as a privacy safeguard can gradually become an operational scaling challenge.

More importantly, selective disclosure implemented this way does not fully eliminate privacy issues. If the same cryptographic material is reused, or if the issuer and verifier collude or, as in many citizen-to-government applications, are the same entity, transaction linkability can still emerge.

In other words, structured selective disclosure reduces what is visible in a single transaction. It does not necessarily reduce what can be inferred across transactions. That distinction becomes critical under data protection regimes and in cross-sector ecosystems.

Zero knowledge proofs: shifting where the work happens

Zero knowledge proofs take a different architectural approach to achieving selective disclosure.

Instead of relying on multiple pre-segmented credential variants, the issuer signs a credential once. The wallet then derives selective proofs cryptographically, demonstrating only what is required for a given interaction, for example, supporting age verification by indicating “over 18” without revealing a birthdate.

In non-interactive ZKP models, this can be done in a limited exchange, potentially one request, one response, and verification without additional dialogue. That matters for web-scale deployment and cross-border services. The key difference is where the complexity lives.

Structured selective disclosure models tend to increase complexity at the issuer and ecosystem governance layer. ZKP-enabled approaches move much of that complexity to the device and wallet, allowing selective disclosure to be computed dynamically rather than pre-packaged at issuance time.

This is not a trivial shift. It requires efficient proof generation on constrained devices, careful handling of holder binding, thoughtful pseudonym strategies, and attention to hardware compatibility and cryptographic agility.

But it distributes computational load across millions of devices rather than concentrating it in national backend systems. At scale, that distribution is not just a technical preference. It is a sustainability decision.

Correlation and pseudonyms: privacy beyond attribute minimization

One of the more subtle challenges in wallet ecosystems is verifier-verifier correlation. Even when individual attributes are minimized, identifiers or keys reused across contexts can allow linking of activity.

Batch issuance and credential segmentation have sometimes been used to mitigate this risk. But they do so by multiplying credentials and operational effort.

ZKP-enabled selective disclosure allows for a more structural response. Per-verifier pseudonyms and unlinkable proofs can be derived from a single underlying credential. The wallet can generate distinct presentations that are cryptographically valid but not trivially linkable.

For regulators concerned with privacy-by-design, this is important as it addresses cross-sector surveillance risk, long-term linkability concerns, alignment with data minimization principles, and trust in national wallet programs. Reducing the number of attributes shared is good. Reducing structural linkability is better.

The tradeoffs are real

It would be misleading to suggest that ZKP is a mature, frictionless solution.

Different ZKP constructions offer different strengths and weaknesses. Some are efficient but not yet post-quantum safe. Others rely primarily on hash-based constructions and are potentially more future-resilient but computationally heavier. Some integrate easily with existing signature schemes; others require cryptographic primitives that are not widely supported in secure hardware today.

Everything involves tradeoffs between performance, hardware support, implementation complexity, and long-term cryptographic resilience. This is why architectural direction matters now.

If structured selective disclosure via credential multiplication becomes the default simply because it is easier to certify today, ecosystems may lock themselves into operational models that are expensive and difficult to evolve later.

Why SIROS is investing in Zero Knowledge Proofs

The SIROS Foundation is approaching this space with an open, engineering-first mindset. It is not optimizing for platform lock-in or proprietary ecosystem control. Instead, it is focusing on building wallet infrastructure that can support the long tail of use cases that national or platform wallets may not prioritize.

Part of this strategy involves engaging with ZKP tooling that demonstrates what production-ready proofs can look like today. One noteworthy example is a project called Longfellow that enables the construction of ZKPs over legacy credential formats such as ISO mobile driver license documents (mdocs) and other types of verifiable credentials.

The Longfellow project is developing a working cryptographic stack with public code, ongoing security reviews, and practical benchmarks demonstrating proof-generation and verification times compatible with real-world wallet experiences. A benefit of Longfellow is that it is possible to deploy without costly upgrades to existing hardware platforms at the edge. Many currently available mobile phones and security keys can be used as is.

Crucially, SIROS, in cooperation with the Internet Security Research Group (ISRG), has begun building sovereign, platform-agnostic implementations of this technology, removing dependencies on specific app ecosystems and broadening support for constrained environments like WebAssembly and native mobile platforms. SIROS has also been working with Yubico, whose recently announced version 5.8 YubiKey provides support for exactly the type of cryptographic operations needed to work with Longfellow.

By closely following and contributing to work like Longfellow, SIROS aims to ensure that wallet ecosystems benefit from open, auditable, and interoperable ZKP implementations rather than opaque or proprietary solutions. This aligns with SIROS’s engineering ethos: transparency, distributed trust, and practical scalability.

That includes reducing the need for issuer-side credential multiplication, supporting unlinkable per-context proofs, exploring pseudonym models that balance accountability and privacy, and building implementations in the open so policy and real constraints can inform one another.

The regulatory moment

Across Europe and beyond, wallet ecosystems are being shaped under tight deadlines. Certification schemes are emerging. Authentication obligations are being clarified. Responsibilities are being pushed toward wallet providers.

In that environment, the temptation is to choose what works today and defer deeper architectural questions. But wallets are not a short-term infrastructure project. They are foundational identity layers.

Structured selective disclosure can help reduce over-sharing. ZKP-enabled selective disclosure can help reduce over-collection, over-linking, and over-centralization.

A pragmatic path forward

No system deployed in the next two years will be perfect. Cryptography will evolve, and in some cases, it will need to change abruptly. The transition to post-quantum signature algorithms is an active and imminent requirement for long-lived public infrastructure. Standards will mature. Certification regimes will adapt.

The question is whether we choose an architecture that can evolve gracefully when those shifts occur.

Selective disclosure implemented through credential multiplication may be expedient. ZKP-enabled models place more responsibility on wallet engineering but offer stronger long-term scalability and privacy properties.

The SIROS Foundation is betting that scalable digital identity requires that shift. Not because ZKPs are fashionable, but because concentrating complexity at national issuers is unlikely to hold for tens of millions of users.

If wallets are to be durable public infrastructure, they must distribute trust, distribute computation, and minimize structural correlation.

ZKPs are not a silver bullet. But without them, scaling privacy at national and cross-border levels becomes significantly harder.