A-PoA: Anonymous Proof of Authorization for Decentralized Identity Management

Self-sovereign Identity Management (SSIM) pro-motes self-control of credentials without relying on external administration. However, the state-of-the-art SSIM based on Decentralized Identifiers and Verifiable Credentials (VCs) defined by the World Wide Web Consortium does not enable credential holders to verify whether a Credential Issuing Authority (CIA) legitimately issued a credential.As a remedy, our work constructs a secure authentication protocol, called A-PoA, to provide decentralized and anonymous authorization of CIAs. We leverage a cryptographic accumulator to enable the Root Authority (registering a Credential Schema) with the ability to authorize a CIA (registering a Credential Definition) to issue a credential. The proof of accumulator membership relies on a non-interactive zero-knowledge proof. This allows a credential holder or validator node to verify the validity of a CIA, while the CIA remains anonymous. Our security analysis shows the integrity and confidentiality of our protocol against hostile network participants and our experimental evaluation shows constant verification times independent of the number of authenticated CIAs. Hence, A-PoA introduces the missing building block to develop SSIM-capable and VC-compatible ecosystems acting as a drop-in replacement for traditional Public Key Infrastructure schemes.

[1]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[2]  Bart De Decker,et al.  Performance Analysis of Accumulator-Based Revocation Mechanisms , 2010, SEC.

[3]  Dan Boneh,et al.  Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains , 2019, IACR Cryptol. ePrint Arch..

[4]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[5]  René Mayrhofer,et al.  Disposable dynamic accumulators: toward practical privacy-preserving mobile eIDs with scalable revocation , 2019, International Journal of Information Security.

[6]  René Mayrhofer,et al.  Bridging the gap in privacy-preserving revocation: practical and scalable revocation of mobile eIDs , 2018, SAC.

[7]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[8]  Ninghui Li,et al.  Universal Accumulators with Efficient Nonmembership Proofs , 2007, ACNS.

[9]  Benjamin Wesolowski,et al.  Efficient Verifiable Delay Functions , 2019, Journal of Cryptology.

[10]  Leonid Reyzin,et al.  Efficient Asynchronous Accumulators for Distributed PKI , 2016, SCN.

[11]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[12]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[13]  Mahabir Prasad Jhanwar,et al.  Trading Accumulation Size for Witness Size: A Merkle Tree Based Universal Accumulator Via Subset Differences , 2019, IACR Cryptol. ePrint Arch..

[14]  Jan Camenisch,et al.  Efficiency Limitations for Σ-Protocols for Group Homomorphisms , 2010, TCC.

[15]  R. Joosten,et al.  Self-Sovereign Identity: a Comparison of IRMA and Sovrin , 2019 .

[16]  Melissa Chase,et al.  Efficient Zero-Knowledge Proof of Algebraic and Non-Algebraic Statements with Applications to Privacy Preserving Credentials , 2016, CRYPTO.

[17]  C. Cobeli,et al.  ON THE DISCRETE LOGARITHM PROBLEM , 2008, 0811.4182.

[18]  Fabien A. P. Petitcolas,et al.  A First Look at Identity Management Schemes on the Blockchain , 2018, IEEE Security & Privacy.

[19]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[20]  Ronald Cramer,et al.  A Secure and Optimally Efficient Multi-Authority Election Scheme ( 1 ) , 2000 .

[21]  Jan Camenisch,et al.  Accumulators with Applications to Anonymity-Preserving Revocation , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).