Computer scientists from universities in Germany, Hong Kong, and the United Kingdom have proposed a way to provide verifiable claims about location data without surrendering privacy.
The technique, referred to as Zero-Knowledge Location Privacy (ZKLP), aims to provide access to unverified location data in a way that preserves privacy without sacrificing accuracy and utility for applications that might rely on such data. It’s described in a paper [PDF] presented this week at the 2025 IEEE Symposium on Security and Privacy.
Location data, obtained from mobile phones and apps among other sources, has become highly sought after by data brokers. But it’s particularly sensitive. As the Electronic Frontier Foundation observes, it “can reveal where we live and work, who we associate with, and where we worship, protest, and seek medical care.”
In their paper, authors Jens Ernstberger (Technical University of Munich), Chengru Zhang (University of Hong Kong), Luca Ciprian (Technical University of Munich), Philipp Jovanovic (University College London), and Sebastian Steinhorst (Technical University of Munich) note that various attempts have been made to mitigate the privacy risk of location data.
These include communication protocols that rely on obfuscation, to make location data less precise, and cryptographic techniques, to make location data less available. Examples include Geo-Indistinguishability and VPriv [PDF], among others.
The authors argue that these approaches have shortcomings, like reliance on third-party data anonymization.
“With ZKLP, users can prove to any third party that they are within a specific geographical region while obfuscating their exact location for utility and privacy,” the authors claim. “To the best of our knowledge, ZKLP provides the first paradigm for non-interactive, publicly verifiable, and privacy-preserving proofs of geolocation.”
ZKLP does not address the issue of an individual misrepresenting location data (spoofing) – it proves only the location data’s value, not its provenance. The authors observe that additional overhead would be required to prove that location data is authentic. The potential solutions they suggest involve network communication with a third party, such as Apple’s “Find My” network or GNSS (Global Navigation Satellite System) signals. So data provenance assurance – you are where you say you are – would no longer be non-interactive.
The authors’ technique relies on zero-knowledge proofs known as Succinct Non-Interactive Argument of Knowledge (zk-SNARK), a cryptographic mechanism that allows one party to prove knowledge of a secret without actually revealing the secret.
Zero-knowledge proofs often use fixed-point arithmetic because it’s more computationally efficient. But ZKLP has been designed to work with the Discrete Global Grid System (DGGS), a geospatial referencing framework that divides the world into hexagonal grids. It allows users to specify the granularity of their location on the hex grid map – they could choose to be in a city or in a more specific location like a park and their claim would be computationally verifiable.
But DGGS is better suited to floating-point math. Hexagons, geodata, and associated computations require square roots and trigonometric functions. These are data types and operations best handled with floating-point calculations.
So the academics had to come up with optimizations for computing floating-point SNARKs, in conjunction with optimizations to eliminate trigonometric operations, that together make ZKLP computationally more practical.
They say it was challenging to implement SNARKs using floating-point arithmetic that complies with the IEEE 754 standard. But the result is a system that’s less error-prone and more secure than something based on fixed-point calculations.
“In comparison to an unoptimized fixed point baseline, our implementation has 15.9× less constraints for FP32 values, and 12.2× less constraints for FP64 values,” the researchers explain in their paper. “We apply ZKLP and show that it can realize privacy-preserving peer-to-peer proximity testing, through which a user can evaluate its proximity to 470 peers per second.”
Beyond privacy-preserving proximity testing, the authors see their scheme being useful for scenarios where location data has already been authenticated.
“For example, in the workflow of C2PA (Coalition for Content Provenance and Authenticity), the location where a photo is taken is signed by a C2PA-compatible camera, and thus we can seamlessly integrate ZKLP with C2PA to provide photo authenticity while obfuscating the accurate location, thereby preserving the privacy of the photo’s author,” they state.
They also suggest their methods could be useful for machine learning applications, because parameters are often represented as floating-point numbers, and as a building block for Proof-of-Personhood mechanisms that are being explored. ®
