I am confused about whether/how ZKP based entity/message authentication scheme can achieve identity privacy, especially unlinkability. The security properties I'm looking for in the scheme is authentication (identity proof), such that the prover can prove it has some kind of identity so that it is allowed to be in the communication; and identity privacy, such that the real identity is hidden and different auth instances cannot be linked to the same prover (unlinkability).
The ZKP-based solutions I have seen generally construct a proof that shows the prover has a secret that is associated with an authorised pseudonymised certificate, or some equivalent form of credentials that are publicly known, so that anyone can verify the proof. This is so they achieve authentication.
My question is, is this kind of ZKP solutions more private than PKI based authentication using pseudonymised certificate? If so, how so?
The way I see it, ZKP in these schemes is used to not reveal any knowledge related to the private secret associated to the public info, BUT the identity is still linkable between instances if the public info is repeatedly used? With a secure public key cryptosystem, the private key used in authentication should be equally confidential in PKI-based pseudonymised authentication schemes? So what is the advantage of ZKP-based anonymous authentication?
Also, any recommendations for ZKP solutions that can achieve authentication + unlinkability + traceability by certain entity?
