$30 off During Our Annual Pro Sale. View Details »

An Extended LDP-BBS 2020 and ZKP-LD Playground

An Extended LDP-BBS 2020 and ZKP-LD Playground

Presented at IIW 33 (2021-10-13)

Dan Yamamoto

October 13, 2021
Tweet

More Decks by Dan Yamamoto

Other Decks in Technology

Transcript

  1. An Extended LDP-BBS 2020
    and ZKP-LD Playground
    Dan Yamamoto (Internet Initiative Japan Inc.)
    Kazue Sako (Waseda University)
    2021-10-13 @ IIW 33

    View Slide

  2. LDP-BBS 2020
    2
    ◼ Features
    ⚫ selective disclosure
    ⚫ linked data / linked data proofs
    ◼ Specification
    ⚫ https://w3c-ccg.github.io/ldp-bbs2020/
    ◼ Implementation
    ⚫ https://github.com/mattrglobal/jsonld-
    signatures-bbs
    did:example:A... John Smith
    birthDate
    1980-01-01
    https://X.../1
    name
    credentialSubject
    VerifiableCredential
    type
    Signature001
    proof
    sign
    signature
    derive
    Issuer
    issuer's
    secret key
    Holder
    proof
    Verifier
    verify
    issuer's
    public key
    unsigned VC
    VC
    VC revealed
    indicies
    VP
    subset
    VP
    accept /
    reject
    VC VP
    VC

    View Slide

  3. Some Issues of LDP-BBS2020
    3
    ◼ limited selective disclosure; unable to
    hide `id`
    ◼ no "predicate proofs" e.g., range
    proofs, set-membership proofs, ...
    Issues around zero-knowledge proofs
    ◼ credential aggregation = to compound multiple VCs into single VP with
    associated proofs, enabling us to prove some values in the VCs are
    equivalent without revealing the values themselves
    ◼ not supported in LDP-BBS 2020 yet
    No credential aggregation
    did:example:ABCD... John Smith
    birthDate
    1980-01-01
    https://example.org/
    001
    name
    credentialSubject
    VerifiableCredential
    type
    Signature001
    proof
    hide
    can't hide

    View Slide

  4. LDP-BBS 2020
    4
    did:example:A...
    John Smith
    homeLocation
    https://X.../1
    name
    credentialSubject
    VerifiableCredential
    type
    Signature001
    proof
    <...type> <...VerifiableCredential> .
    LD Canonicalization
    N-quads
    statements
    <...credentialSubject> .
    <...proof> <...Signature001> .
    <...name> "John Smith" .
    <...homeLocation> .
    𝑎1
    𝑎2
    𝑎3
    𝑎4
    𝑎5
    sign
    sign
    𝜎
    http://B...
    attributes
    unsigned VC
    issuer
    issuer's
    secret key
    signed
    VC
    ZKProof (e.g., selective disclosure) can be
    constructed statement-wise only

    View Slide

  5. Our Extension: Termwise Signing
    5
    <...type> <...VerifiableCredential> .
    LD Canonicalization
    N-quads
    statements
    <...credentialSubject> .
    <...proof> <...Signature001> .
    <...name> "John Smith" .
    <...homeLocation> .
    𝑎1
    𝑎2
    𝑎3
    𝑎4

    sign
    sign
    𝜎
    𝑎1
    𝑎2
    𝑎3
    𝑎4
    𝑎5
    𝑎6
    𝑎7
    𝑎8
    𝑎9
    𝑎10
    𝑎11
    𝑎12
    𝑎13
    𝑎14
    𝑎15
    𝑎16
    𝑎17
    𝑎18
    𝑎19
    𝑎20
    did:example:A...
    John Smith
    homeLocation
    https://X.../1
    name
    credentialSubject
    VerifiableCredential
    type
    Signature001
    proof
    http://B...
    attributes
    unsigned VC
    issuers
    secret key
    signed
    VC
    Issuer
    sign each terms rather
    than each statements

    View Slide

  6. Extended LDP-BBS2020
    6
    The Power of PowerPoint - thepopp.com
    ◼ Termwise ZKProofs
    ⚫ Termwise selective disclosure
    ⚫ Termwise equality proofs
    ⚫ Range proofs, set-membership proofs (*not implemented yet)
    ◼ + Credential aggregation (n VCs -> 1 VP)
    ◼ + Remove blank node labels from derived proofs
    ◼ with...
    ⚫ increased computational cost (<= 4x)
    ⚫ increased proof size (<= 4x) (signature size are the same as the original)

    View Slide

  7. Use Case
    7
    Holder Verifier
    Issuer X
    Private VC
    (proof of residence)
    VP
    Issuer Y
    Issuer Z
    Public VC
    (land registry)
    Public VC
    (stats data)
    "I own an area that is at least 100 square meters and live in a city with a population over 200000"
    asserted by Issuer Y asserted by Issuer Z
    asserted by Issuer X
    issued by Y
    did:example:A...
    300 m2
    https://landB...
    ownedBy
    area
    land B
    name
    "an area, named land B, with at least 100 square meters is owned by did:example:A..."
    issued by Z
    350000
    https://cityA...
    population
    City A
    name
    "a city, named city A, has a population 350000"
    7
    "John Smith, born on 1980-01-01, lives in City A"
    issued by X
    1980-01-01
    did:example:A...
    birthDate
    John Smith
    name
    https://cityA...
    homeLocation
    issued by X
    1980-01-01
    did:example:A...
    birthDate
    John Smith
    name
    issued by Z
    350000
    https://cityA...
    population
    City A
    name
    homeLocation
    issued by Y
    300 m2
    https://landB...
    ownedBy
    area
    land B
    name

    View Slide

  8. Implementations and Demo
    8
    The Power of PowerPoint - thepopp.com
    ◼ jsonld-signatures-bbs (forked from MATTR's)
    ◼ bls12381-key-pair (forked from MATTR's)
    ◼ bbs-signatures (forked from MATTR's)
    Implementations (published on Github and npm)
    ◼ a playground for developers
    ◼ able to sign JSON-LD documents (as Issuer)
    ◼ able to verify signed documents and derive proofs from them (as Holder)
    ◼ able to verify derived proofs (as Verifier)
    Demo: ZKP-LD Playground (https://playground.zkp-ld.org)

    View Slide

  9. Future Work
    9
    The Power of PowerPoint - thepopp.com
    ◼ Support JWK key and VC with multiple proofs
    ◼ Add recipient binding mechanism
    ◼ Improve efficiency
    ⚫ reduce redundancy
    ⚫ (future) adopt different signature schemes incl. efficient redactable signatures
    [Sanders, PKC 2020]
    ◼ Have more rigorous security & privacy analysis (incl. provable
    security)
    ◼ Design language to describe range / set-membership proofs
    (extended JSON-LD frame?)
    ◼ ...

    View Slide