Vega generates a zero-knowledge proof of age from a typical mobile driver's license, about 2 kilobytes (KB), of data, in 92 milliseconds (ms) on a commodity client device. The resulting proof is 108 KB and can be verified in 23 ms.
Why the current identity verification system is broken
Today's verification methods often require people to hand over their most sensitive documents to prove a single bit of information. This is the predictable consequence of a system that asks users to share their most sensitive documents to prove a single bit of information.
As AI agents begin acting on behalf of humans and interacting with decentralized systems, the need for fast, privacy-preserving ways to prove credentials will only grow.
How Vega solves the privacy problem
Vega lets users prove facts from government-issued credentials—age, personhood, or professional status—without revealing the credential itself. The credential never leaves the device.
Zero-knowledge proofs (ZKPs) are generated in under 100 ms on a commodity client device with no trusted setup, making private identity verification practical at scale.
Vega targets real-world formats like mobile driver's licenses and the EU Digital Identity Wallet, is built in Rust, and will be open sourced soon.
The engineering behind the speed
Vega's speed comes from two ideas: fold-and-reuse proving and lookup-centric circuit design.
Vega's proving pipeline splits the work into two phases. The once-per-credential phase splits the credential into step and core circuits and commits reusable data. The once-per-re-presentation phase re-randomizes cached commitments for unlinkability, folds all SHA-256 step instances into one via NeutronNova, and proves the folded step and core circuits with Spartan.
Instead of unrolling the entire hash, we define one small "step" circuit that proves a single SHA-256 compression step, and we instantiate it once per block. Because these step instances are structurally identical, we can use NeutronNova's folding scheme to collapse them into a single instance.
Instead of building a full CBOR parser as a circuit, we treat the credential as a byte-addressable lookup table. This replaces an entire parser with a handful of lookups.
The security of the proof
Vega addresses this by requiring the holder's device to sign a fresh session nonce with the device private key, which is bound to the phone's secure element.
Because the device private key never leaves the secure hardware, possession of the signed credential alone is not sufficient to produce a proof.
Where this leads
As digital identity mandates expand and AI reshapes how humans and agents establish trust, the need for privacy-preserving credential verification will only grow.
We see Vega as one step in a broader shift: from a world where proving a fact about yourself requires giving up your identity, to one where cryptography lets you keep it.
Source: Vega: Zero-knowledge proofs for digital identity in the age of AI
Domain: microsoft.com
Comments load interactively on the live page.