Evaluation of trust service and software product regimes for zero-knowledge proof development under eIDAS 2.0

Abstract

This paper delves into two legal models for zero-knowledge proof protocols in the context of the eIDAS 2.0 Regulation: a trust service or a software product. The ARIES: reliAble euRopean Identity EcoSystem EU project highlighted the need for a legal framework for stakeholders to accept proof of the existence of user data with legal certainty, while Hyperledger Indy shows that ZKP solutions are currently commercialized, stressing deficiencies in the eIDAS 2.0. An overview of ZKP applied to identity, its relationship to the European Digital Identity Wallet and the electronic attestations of attributes, both introduced by the eIDAS 2.0, and Self-Sovereign Identity systems, leads to the central question of proof of the existence of user-held data as a trust service or as a software product and its data privacy implications for each approach. Finally, we outline a possible solution based on the product approach for future work. Our findings reveal that ZKP technology must have legal value and a presumption system to be effective. However, the path we take could lead us either to develop a system of surveillance and control in electronic environments or to build an environment where we share not the data itself but proof of its existence.