SD-BLS: Privacy Preserving Selective Disclosure of Verifiable Credentials with Unlinkable Threshold Revocation (2406.19035v4)

Abstract: Ensuring privacy and protection from issuer corruption in digital identity systems is crucial. We propose a method for selective disclosure and privacy-preserving revocation of digital credentials using second-order Elliptic Curves and Boneh-Lynn-Shacham (BLS) signatures. We make holders able to present proofs of possession of selected credentials without disclosing them, and we protect their presentations from replay attacks. Revocations may be distributed among multiple revocation issuers using publicly verifiable secret sharing (PVSS) and activated only by configurable consensus, ensuring robust protection against issuer corruption. Our system's unique design enables extremely fast revocation checks, even with large revocation lists, leveraging optimized hash map lookups.

• The paper introduces the SD-BLS scheme that enables unlinkable selective disclosure using homomorphic BLS signatures.
• It proposes anonymous cryptographic revocation and threshold issuance to prevent tracing and protect against issuer corruption.
• Empirical benchmarks demonstrate linear scalability and feasible integration into existing digital identity infrastructures.

SD-BLS: Privacy Preserving Selective Disclosure and Unlinkable Revocation of Verifiable Credentials

The paper "SD-BLS" presents a novel cryptographic approach designed to address the privacy shortcomings in current digital identity systems. The primary focus of the research is on enabling privacy-preserving selective disclosure and unlinkable revocation of verifiable credentials using Boneh-Lynn-Shacham (BLS) signatures. This summary provides an expert-level overview of the paper’s contributions, key findings, and potential future developments.

Introduction and Motivation

Digital identity systems are fundamental for securely verifying personal attributes. However, existing systems often compromise user privacy. The paper critiques current technologies like SD-JWT and mDOC, which employ Hash-Based Message Authentication Codes (HMAC) that fail to ensure unlinkability, making them susceptible to tracing attacks. Additionally, the current methods for revocation, such as revocation lists, leak sensitive information about holders, raising privacy concerns.

Key Contributions

The authors propose SD-BLS to overcome these privacy and security challenges with the following key contributions:

1. Unlinkable Selective Disclosure: This is achieved by leveraging the homomorphic properties of second-order elliptic curves and BLS signatures. The cryptographic scheme allows credential holders to present different proofs for the same claim in different contexts, ensuring that disclosed attributes are unlinkable across multiple presentations.
2. Anonymous Cryptographic Revocation: Unlike traditional revocation lists that potentially expose holders' information, the proposed method allows for anonymous revocation. Revocation information is cryptographically blinded, providing no linkage to the holder's identity.
3. Threshold Revocation Issuance: This mechanism mitigates the risk of issuer corruption by requiring collective agreement among multiple entities before a credential revocation can occur. This approach is particularly critical for protecting individuals such as journalists or activists in hostile regimes.

Technical Approach

The cryptographic operations in SD-BLS are underpinned by advanced properties of elliptic curve mathematics and BLS signatures. Key technical elements include:

• Issuance Process: Credentials are signed using BLS signatures, with a unique revocation key embedded during issuance.
• Presentation Protocol: Uses blind signatures to ensure new representations of the same credential appear unique. This blinding is achieved through a series of mathematical operations involving the holder's secret random value.
• Verification Mechanism: Verification checks are performed using these blinded signatures, ensuring the unlinkable property while validating the credential's authenticity.

Practical Implications

The implementation and benchmarks demonstrate the practicality of SD-BLS. The method is computationally efficient with linear scalability concerning the number of verifiable claims and revocations. This efficiency suggests that SD-BLS can be feasibly integrated into existing digital identity infrastructures with minimal performance overhead.

Applications

SD-BLS’s potential applications span various domains:

• Digital Identity: Enhancing privacy features in personal identification systems and driver’s licenses.
• Academic Credentials: Secure issuance and verification of diplomas and certifications.
• KYC/AML: Applications in financial sectors for Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures.
• Blockchain and DAOs: Secure and unlinkable credential systems for smart contracts and decentralized autonomous organizations (DAOs).

Security Considerations and Future Work

The authors underscore that while the proposed scheme is robust under current cryptographic assumptions, quantum computing may challenge its security in the future. They advocate transitioning to more quantum-resistant cryptographic primitives as a long-term consideration.

Future work could address several areas:

• Key-Value Based Claims: Enhancing the system to support claims with variable components.
• EUDI-ARF Compatibility: Investigating ways to integrate SD-BLS with the European Digital Identity Architecture while maintaining compliance with existing protocols.
• Digital Product Passport (DPP): Exploring selective disclosure to enhance privacy in supply chain transparency efforts.

Conclusion

SD-BLS represents a significant advancement in the domain of digital identity systems by addressing critical privacy issues with selective disclosure and revocation. The scheme’s reliance on BLS signatures and elliptic curve cryptography makes it a compelling candidate for widespread adoption, offering both theoretical robustness and practical efficiency.

By enabling unlinkable presentations and anonymous revocations, SD-BLS could redefine privacy standards in digital credentialing systems, providing a foundation for secure and privacy-preserving digital identities.