An Extended LDP-BBS 2020 and ZKP-LD Playground

Transcript

1. An Extended LDP-BBS 2020
   and ZKP-LD Playground
   Dan Yamamoto (Internet Initiative Japan Inc.)
   Kazue Sako (Waseda University)
   2021-10-13 @ IIW 33
   

   View Slide

2. LDP-BBS 2020
   2
   ◼ Features
   ⚫ selective disclosure
   ⚫ linked data / linked data proofs
   ◼ Specification
   ⚫ https://w3c-ccg.github.io/ldp-bbs2020/
   ◼ Implementation
   ⚫ https://github.com/mattrglobal/jsonld-
   signatures-bbs
   did:example:A... John Smith
   birthDate
   1980-01-01
   https://X.../1
   name
   credentialSubject
   VerifiableCredential
   type
   Signature001
   proof
   sign
   signature
   derive
   Issuer
   issuer's
   secret key
   Holder
   proof
   Verifier
   verify
   issuer's
   public key
   unsigned VC
   VC
   VC revealed
   indicies
   VP
   subset
   VP
   accept /
   reject
   VC VP
   VC
   

   View Slide

3. Some Issues of LDP-BBS2020
   3
   ◼ limited selective disclosure; unable to
   hide `id`
   ◼ no "predicate proofs" e.g., range
   proofs, set-membership proofs, ...
   Issues around zero-knowledge proofs
   ◼ credential aggregation = to compound multiple VCs into single VP with
   associated proofs, enabling us to prove some values in the VCs are
   equivalent without revealing the values themselves
   ◼ not supported in LDP-BBS 2020 yet
   No credential aggregation
   did:example:ABCD... John Smith
   birthDate
   1980-01-01
   https://example.org/
   001
   name
   credentialSubject
   VerifiableCredential
   type
   Signature001
   proof
   hide
   can't hide
   

   View Slide

4. LDP-BBS 2020
   4
   did:example:A...
   John Smith
   homeLocation
   https://X.../1
   name
   credentialSubject
   VerifiableCredential
   type
   Signature001
   proof
   <...type> <...VerifiableCredential> .
   LD Canonicalization
   N-quads
   statements
   <...credentialSubject> .
   <...proof> <...Signature001> .
   <...name> "John Smith" .
   <...homeLocation> .
   𝑎1
   𝑎2
   𝑎3
   𝑎4
   𝑎5
   sign
   sign
   𝜎
   http://B...
   attributes
   unsigned VC
   issuer
   issuer's
   secret key
   signed
   VC
   ZKProof (e.g., selective disclosure) can be
   constructed statement-wise only
   

   View Slide

5. Our Extension: Termwise Signing
   5
   <...type> <...VerifiableCredential> .
   LD Canonicalization
   N-quads
   statements
   <...credentialSubject> .
   <...proof> <...Signature001> .
   <...name> "John Smith" .
   <...homeLocation> .
   𝑎1
   𝑎2
   𝑎3
   𝑎4
   ⋮
   sign
   sign
   𝜎
   𝑎1
   𝑎2
   𝑎3
   𝑎4
   𝑎5
   𝑎6
   𝑎7
   𝑎8
   𝑎9
   𝑎10
   𝑎11
   𝑎12
   𝑎13
   𝑎14
   𝑎15
   𝑎16
   𝑎17
   𝑎18
   𝑎19
   𝑎20
   did:example:A...
   John Smith
   homeLocation
   https://X.../1
   name
   credentialSubject
   VerifiableCredential
   type
   Signature001
   proof
   http://B...
   attributes
   unsigned VC
   issuers
   secret key
   signed
   VC
   Issuer
   sign each terms rather
   than each statements
   

   View Slide

6. Extended LDP-BBS2020
   6
   The Power of PowerPoint - thepopp.com
   ◼ Termwise ZKProofs
   ⚫ Termwise selective disclosure
   ⚫ Termwise equality proofs
   ⚫ Range proofs, set-membership proofs (*not implemented yet)
   ◼ + Credential aggregation (n VCs -> 1 VP)
   ◼ + Remove blank node labels from derived proofs
   ◼ with...
   ⚫ increased computational cost (<= 4x)
   ⚫ increased proof size (<= 4x) (signature size are the same as the original)
   

   View Slide

7. Use Case
   7
   Holder Verifier
   Issuer X
   Private VC
   (proof of residence)
   VP
   Issuer Y
   Issuer Z
   Public VC
   (land registry)
   Public VC
   (stats data)
   "I own an area that is at least 100 square meters and live in a city with a population over 200000"
   asserted by Issuer Y asserted by Issuer Z
   asserted by Issuer X
   issued by Y
   did:example:A...
   300 m2
   https://landB...
   ownedBy
   area
   land B
   name
   "an area, named land B, with at least 100 square meters is owned by did:example:A..."
   issued by Z
   350000
   https://cityA...
   population
   City A
   name
   "a city, named city A, has a population 350000"
   7
   "John Smith, born on 1980-01-01, lives in City A"
   issued by X
   1980-01-01
   did:example:A...
   birthDate
   John Smith
   name
   https://cityA...
   homeLocation
   issued by X
   1980-01-01
   did:example:A...
   birthDate
   John Smith
   name
   issued by Z
   350000
   https://cityA...
   population
   City A
   name
   homeLocation
   issued by Y
   300 m2
   https://landB...
   ownedBy
   area
   land B
   name
   

   View Slide

8. Implementations and Demo
   8
   The Power of PowerPoint - thepopp.com
   ◼ jsonld-signatures-bbs (forked from MATTR's)
   ◼ bls12381-key-pair (forked from MATTR's)
   ◼ bbs-signatures (forked from MATTR's)
   Implementations (published on Github and npm)
   ◼ a playground for developers
   ◼ able to sign JSON-LD documents (as Issuer)
   ◼ able to verify signed documents and derive proofs from them (as Holder)
   ◼ able to verify derived proofs (as Verifier)
   Demo: ZKP-LD Playground (https://playground.zkp-ld.org)
   

   View Slide

9. Future Work
   9
   The Power of PowerPoint - thepopp.com
   ◼ Support JWK key and VC with multiple proofs
   ◼ Add recipient binding mechanism
   ◼ Improve efficiency
   ⚫ reduce redundancy
   ⚫ (future) adopt different signature schemes incl. efficient redactable signatures
   [Sanders, PKC 2020]
   ◼ Have more rigorous security & privacy analysis (incl. provable
   security)
   ◼ Design language to describe range / set-membership proofs
   (extended JSON-LD frame?)
   ◼ ...
   

   View Slide