Linked-Data based Verifiable Credentials with Selective Disclosure, Unlinkability, and Range Proofs August 9, 2022 IIW Asia Dan Yamamoto (Internet Initiative Japan Inc.) Yuji Suga (Internet Initiative Japan Inc.) Kazue Sako (Waseda University)
Verifiable Credentials 2 ◼ W3C Recommendation: Verifiable Credentials Data Model (v1.1, March 2022) ◼ provides a mechanism to express digital credentials in a way that is cryptographically secure, privacy respecting, and machine-verifiable ◼ Examples: SMART Health Cards / IATA Travel Pass / Microsoft Entra Verified ID Holder Verifier Issuer Verifiable Credential (VC) Verifiable Presentation (VP) ⚫ name: John Smith ⚫ birthdate: 1980-01-01 ⚫ (issuer's signature)
SMART Health Cards 3 ◼ Paper or digital versions of clinical information ◼ developed and standardized by VCI (Vaccination Credential Initiative) ◼ used in 15 nations: US, UK, Canada, Japan, ... image: https://vci.org
VC Flavors 6 JWT-based VC (e.g., SMART Health Cards) ✓ Simple, easy to develop ✓ Many real world instances No selective disclosure VCs & VPs are linkable doc format = JSON proof format = JWT sig scheme = RSA, ECDSA, EdDSA, ... Holder Verifier VP Issuer VC ✓ issued by: Japanese Government ✓ issued on: April 3, 2022 ✓ patient name: Dan Yamamoto ✓ got vaccinated on: August 10, 2021 ✓ vaccine code: 207 ✓ lot number: 9999999 ✓ ... must reveal all attributes for verification Holder Verifier Issuer Linkable via signature values
VC Flavors 7 JWT-based VC (e.g., SMART Health Cards) ✓ Simple, easy to develop ✓ Many real world instances No selective disclosure VCs & VPs are linkable Ours: LD&ZKP-enabled VC (an extension of LDP-BBS2020) doc format = JSON proof format = JWT sig scheme = RSA, ECDSA, EdDSA, ... Relatively complicated Still work in progress ✓ Selective disclosure ✓ Unlinkability doc format = JSON-LD proof format = Data Integrity sig scheme = BBS+ {ZK}
Other Use Cases: ZKP of Employer 12 ❝ I (anonymized) work for a company (anonymized) that received the Top 100 award, asserted by Local Gov & GLEIF-like organization ❞ did:ex:abc : Person name = John https://corp : Corporation name = Corp worksFor https://corp : Corporation award = Top 100 https://cred1 : VerifiableCredential issuer = Local Gov https://cred2 : VerifiableCredential issuer = GLEIF-like credentialSubject credentialSubject Employee Credential Legal Entity Registry (Open Data) *** 𝑋1 *** *** 𝑋2 *** *** 𝑋2 *** ***** 𝑋4 ***** ***** 𝑋3 ***** ********* *********
Other Use Cases: ZKP of Residence 13 ❝ I (anonymized) live in a place (anonymized) that is geographically located in (35.69, 139.74) --- (35.70, 139.75), asserted by Local Gov & Land Department ❞ did:ex:a : Person name = John Smith birthDate = 2000-04-01 #f1bc9.. : Address address #f1bc9.. : Address lat = 35.6987 lon = 139.7471 country = JP localAddress = Yokohama https://cred1 : VerifiableCredential issuer = Local Gov https://cred2 : VerifiableCredential issuer = Land Dept credentialSubject credentialSubject Electronic Identitfication (eID) Address Registry (Open Data) *** 𝑋1 *** 35.69 < x < 35.70 139.74 < x < 139.75 *** 𝑋2 *** *** 𝑋2 *** ********* ****************** ****************** **** 𝑋3 **** **** 𝑋4 ****
@zkp-ld Implementations and Demo 14 ◼ @zkp-ld/jsonld-signatures-bbs ◼ @zkp-ld/bls12381-key-pair ◼ @zkp-ld/bbs-signatures Implementations (published on Github and npm) ◼ a playground for developers ◼ you can sign & verify LD-based credential and show & verify presentations on browser ◼ with Selective Disclosure, Unlinkability, and (partially implemented) Range Proof ZKP-LD Playground jsonld-bbs-signatures (TS) bbs-signatures (TS + Rust) bls12381-key-pair (TS) zkp-ld-playground (React/TS) @mattrglobal fork
Summary 16 Conclusions ⚫ Constructed a LD&ZKP-enabled VC scheme with selective disclosure, unlinkability, and range proofs ⚫ Proposed novel use cases using LD&ZKP-enabled VCs ⚫ Provided prototype implementations and Web-based demo Work in Progress & Future Work ⚫ Issuer-Hiding presentations ⚫ Holder-Binding credentials ⚫ Credentials with Pairwise Pseudonymous IDentifiers (PPIDs) ⚫ LD2JWP (Linked Data to JSON Web Proofs) Serialization ⚫ Revocation
References 17 ◼ [FHS19] G. Fuchsbauer, C. Hanser, and D. Slamanig, “Structure-preserving signatures on equivalence classes and constant-size anonymous credentials,” Journal of Cryptology, vol. 32, no. 2, pp. 498–546, Apr. 2019. ◼ [TG20] S.-Y. Tan and T. Groß, “MoniPoly - an expressive q-SDH-based anonymous attribute- based credential system,” in ASIACRYPT 2020, Part III, ser. LNCS, S. Moriai and H. Wang, Eds., vol. 12493. Springer, Heidelberg, Dec. 2020, pp. 498–526. ◼ [S20] O. Sanders, “Efficient redactable signature and application to anonymous credentials,” in PKC 2020, Part II, ser. LNCS, A. Kiayias, M. Kohlweiss, P. Wallden, and V. Zikas, Eds., vol. 12111. Springer, Heidelberg, May 2020, pp. 628–656. ◼ [SP21] O. Steele and M. Prorock, “JSON Web Proofs for Binary Merkle Trees,“ https://w3c- ccg.github.io/Merkle-Disclosure-2021/jwp/ ◼ [FY22] D. Fett and K. Yasuda, “Selective Disclosure JWT (SD-JWT),“ Internet-Draft, Jul. 2022, https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt/02/ ◼ [MJ22] J. Miller and M. Jones, “JSON Proof Algorithms,“ Internet-Draft, Jul. 2022, https://www.ietf.org/archive/id/draft-jmiller-jose-json-proof-algorithms-00.html ◼ [ISO/IEC 27551] ISO/IEC 27551:2021, Information security, cybersecurity and privacy protection — Requirements for attribute-based unlinkable entity authentication
yamdan
oracle4engineer
bengo4com
murachiakira
takanorip
smasato
chiroito
nagix
takasehideki
knsg16
mtx2s
colopl
yokawasa
davidbonilla
pedronauck
skipperchong
lara
tammyeverts
sachag
dotmariusz
philnash
philhawksworth
keathley
denniskardys
edds