Process attestation verifies human authorship by collecting behavioral biometric evidence, including keystroke dynamics, typing patterns, and editing behavior, during the creative process. However, the very data needed to prove authenticity can reveal intimate details about an author's cognitive state, health conditions, and identity, constituting sensitive biometric data under GDPR Article 9. We resolve this privacy-attestation paradox using zero-knowledge proofs. We present ZK-PoP, a construction that allows a verifier to confirm that (a) sequential work function chains were computed correctly, (b) behavioral feature vectors fall within human population distributions, and (c) content evolution is consistent with incremental human editing, all without learning the underlying behavioral data, exact timing, or intermediate content. Our construction uses Groth16 proofs over arithmetic circuits with Pedersen commitments and Bulletproof range proofs. We prove that ZK-PoP is computationally zero-knowledge, computationally sound, and achieves unlinkability across sessions. Evaluation shows proof generation in under 30 seconds for a 1-hour writing session, with 192-byte proofs verifiable in 8.2 ms, while incurring less than 5% accuracy loss in simulation at practical privacy levels (epsilon >= 1.0) compared to non-private baselines.

翻译：过程证明通过收集创作过程中的行为生物特征证据来验证人类作者身份，包括击键动力学、输入模式及编辑行为。然而，这些本用于证明真实性的数据可能暴露作者认知状态、健康状况及身份等私密细节，构成《通用数据保护条例》第9条项下的敏感生物数据。我们采用零知识证明解决这一隐私-证明悖论，提出ZK-PoP构造方案，使验证者能够确认：（a）顺序工作函数链计算正确，（b）行为特征向量符合人类群体分布，（c）内容演化与人类增量编辑一致，同时不获知底层行为数据、精确时间戳及中间内容。本构造基于算术电路上的Groth16证明，结合Pedersen承诺与Bulletproof范围证明。我们证明ZK-PoP具备计算零知识性、计算可靠性及跨会话不可链接性。评估显示，针对1小时写作会话的证明生成时间低于30秒，192字节的证明可在8.2毫秒内完成验证，且在实用隐私水平（ε≥1.0）下相较于非隐私基线方案的仿真准确率损失不超过5%。