> Not true. The device's public key is also sent, which functions as a stable device identifier.

This is covered by allowing for single-use credentials. IIRC the EU personal IDs will use this. Basically, the wallet requests a batch of single-use eIDs that all use different device key-pairs. Each credential is only used for one request and then deleted. The wallet will automatically request new credentials in batches when they run out. The old key-pairs are deleted along with the credential so you don’t run out of space in the secure enclave.

> Another reason why these proposals aren't getting much uptake

I’m not sure what you mean by not much uptake, EU countries are required to issue and accept them for official business by the end of 2026

There are schemes where you don't need key pairs for each user (assuming the government has some way of authenticating users). Private State Tokens use blinded tokens for this.

It doesn't prevent tokens from being stolen or sold, but the token issuer only accepts each token once and can limit the rate that tokens are issued and control how fast they expire, giving decent control over how practical using stolen or sold tokens are.