Are you old enough to buy this? (Zero-knowledge age restriction with GNU Taler)

Privacy in e-commerce is currently a sad story, especially with respect to age-restriction and -verification. Existing commercial solutions are mostly implemented by identity verification. Even privacy-friendly approaches, using attribute-based credentials, anchor on an external, higher authority which verifies the identity of the consumer before issuing a certificate. The [principle of subsidiarity](https://en.wikipedia.org/wiki/Subsidiarity) suggests that the appropriate level of authority to set age restriction is the level of parents and caretakers - not merchants, banks or governmental institutions. Our design for an age verification scheme fully aligns with this principle. The design is presented as an extension of [GNU Taler](https://taler.net), a privacy-friendly payment protocol. The extension augments the protocol with a zero-knowledge scheme for age verification that cryptographically augments coins for this purpose. Our scheme enables buyers to prove to be of sufficient age for a particular transaction without disclosing the age. The modification preserves the privacy and security properties of GNU Taler, in particular the anonymity of buyers and unlinkability of transactions. We show how our scheme can be instantiated with various cryptographic signature schemes, how it is integrated with the GNU Taler payment system and what work is left to do. This work is funded by the project [_Concrete Contracts_](https://concretecontracts.codeblau.de) by the [German Federal Ministry of Education and Research](https://www.forschung-it-sicherheit-kommunikationssysteme.de/projekte/concrete-contracts).