Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Verifiable CredentialにおけるRDF空白ノードの活用

Dan Yamamoto
October 30, 2023
Research
0
240

Verifiable CredentialにおけるRDF空白ノードの活用

Presented at CSS2023 (2023-10-30)

Dan Yamamoto

October 30, 2023
Tweet

More Decks by Dan Yamamoto

See All by Dan Yamamoto
Termwise BBS and Pseudonymous DID Keys
yamdan
0
11
JSON-LD VC with BBS, OID4VCI, OID4VP, and Pseudonymous DID Key
yamdan
0
30
An Experimental Version of JSON-LD BBS+ Verifiable Credentials
yamdan
0
60
JSON-LD BBS+ Verifiable Credentials with Private Holder Binding, Pseudonym, ...
yamdan
0
200
複数の証明書を選択的に連結・開示できるJSON-LD型Verifiable Credentialsの改良版
yamdan
0
430
Linked-Data-based Verifiable Credentials with Selective Disclosure, Unlinkability, and Predicate Proofs
yamdan
0
540
zk-SPARQL: SPARQLクエリに対して検証とプライバシ保護が可能な結果を返すパーソナルRDFデータストア
yamdan
0
1.3k
zk-SPARQL
yamdan
0
210
Linked-Data based Verifiable Credentials with Selective Disclosure, Unlinkability, and Range Proofs
yamdan
0
480

Other Decks in Research

See All in Research
Composed image retrieval for remote sensing

satai
1
100
テキストマイニングことはじめー基本的な考え方からメディアディスコース研究への応用まで
langstat
1
120
Embers of Autoregression: Understanding Large Language Models Through the Problem They are Trained to Solve
eumesy
PRO
7
1.2k
Physics of Language Models: Part 3.1, Knowledge Storage and Extraction
sosk
1
950
Zipf 白色化:タイプとトークンの区別がもたらす良質な埋め込み空間と損失関数
eumesy
PRO
5
640
秘伝:脆弱性診断をうまく活用してセキュリティを確保するには
okdt
PRO
3
740
ミニ四駆AI用制御装置の事例紹介
aks3g
0
160
20240918 交通くまもとーく 未来の鉄道網編(こねくま)
trafficbrain
0
230
授業評価アンケートのテキストマイニング
langstat
1
360
snlp2024_multiheadMoE
takase
0
430
外積やロドリゲスの回転公式を利用した点群の回転
kentaitakura
1
650
RSJ2024「基盤モデルの実ロボット応用」チュートリアルA(河原塚)
haraduka
3
640

Featured

See All Featured
Statistics for Hackers
jakevdp
796
220k
Site-Speed That Sticks
csswizardry
0
22
We Have a Design System, Now What?
morganepeng
50
7.2k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Into the Great Unknown - MozCon
thekraken
32
1.5k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Designing the Hi-DPI Web
ddemaree
280
34k
Ruby is Unlike a Banana
tanoku
97
11k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k

Transcript

  1. Verifiable Credentialにおける RDF空白ノードの活用 山本 暖 / 須賀 祐治 (IIJ) 佐古

    和恵 (早稲田大学) 2023-10-30 @ CSS2023 (1E4-3)

  2. Verifiable Credential 1 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials

    Data Model (v1.1, March 2022)

  3. Verifiable Credential 2 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials

    Data Model (v1.1, March 2022) Holder Verifier Issuer

  4. Verifiable Credential 3 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials

    Data Model (v1.1, March 2022) Holder Verifier Issuer Verifiable Credential (VC) ⚫氏名: John Smith ⚫生年月日: 1980-01-01 ⚫Issuerの署名

  5. Verifiable Credential 4 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials

    Data Model (v1.1, March 2022) Holder Verifier Issuer Verifiable Credential (VC) Verifiable Presentation (VP) ⚫氏名: John Smith ⚫生年月日: 1980-01-01 ⚫Issuerの署名

  6. Verifiable Credential 5 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials

    Data Model (v1.1, March 2022) Holder Verifier Issuer Verifiable Credential (VC) Verifiable Presentation (VP) ⚫氏名: John Smith ⚫生年月日: 1980-01-01 ⚫Issuerの署名 ◼ 実用例: IATA Travel Pass / Microsoft Entra Verified ID / SMART Health Cards (ワクチン接種証明書) ◼ 方式例: JWT型VC / SD-JWT型VC / Linked Data型VC / ...

  7. Linked Data型VCの利用例 6 政府 検疫所 xyz: Person name = John

    Smith credentialSubject e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 個人 VC1

  8. Linked Data型VCの利用例 7 政府 検疫所 xyz: Person name = John

    Smith credentialSubject e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 個人 メタデータ や署名 接種した人 接種情報 接種した ワクチン VC1

  9. xyz: Person name = John Smith credentialSubject e#1 : Vaccination

    date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 8 VC1 政府 検疫所 個人 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください

  10. xyz: Person name = John Smith credentialSubject e#1 : Vaccination

    date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 9 VC1 政府 検疫所 個人 認可済かどうか 分からない! code#123 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください

  11. xyz: Person name = John Smith credentialSubject e#1 : Vaccination

    date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 10 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject ワクチン 情報 提供者 ワクチン 仕様VC ダウンロード 政府 検疫所 個人 認可済かどうか 分からない! code#123 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください

  12. xyz: Person name = John Smith credentialSubject e#1 : Vaccination

    date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 11 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject ワクチン 情報 提供者 ワクチン 仕様VC ダウンロード 政府 検疫所 個人 認可済かどうか 分からない! code#123 Linked Data として 結合・グラフ化 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください

  13. Linked Data として 結合・グラフ化 xyz: Person name = John Smith

    credentialSubject e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 12 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください

  14. xyz: Person name = John Smith credentialSubject e#1 : Vaccination

    date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 13 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** 選択的開示 (一部の属性を秘匿) ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください

  15. xyz: Person name = John Smith credentialSubject e#1 : Vaccination

    date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 14 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** 選択的開示 (一部の属性を秘匿) ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください 隠した値の 等価性証明 *** X *** *** X ***

  16. xyz: Person name = John Smith credentialSubject e#1 : Vaccination

    date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 15 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** **** 選択的開示 (一部の属性を秘匿) 署名の知識証明 ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください *** 隠した値の 等価性証明 *** X *** *** X ***

  17. xyz: Person name = John Smith credentialSubject e#1 : Vaccination

    date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 16 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** **** 選択的開示 (一部の属性を秘匿) 署名の知識証明 VP ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください 2023-01-01 認可済 *** 隠した値の 等価性証明 *** X *** *** X ***

  18. xyz: Person name = John Smith credentialSubject e#1 : Vaccination

    date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 17 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** **** 選択的開示 (一部の属性を秘匿) 署名の知識証明 VP ワクチン 情報 提供者 私(匿名)は2023年1月1日に、 当局認可済ワクチン(匿名)を接種しました 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください 2023-01-01 認可済 *** 隠した値の 等価性証明 *** X *** *** X ***

  19. Linked Data型VCのデータ表現 18 xyz: Person name = John Smith credentialSubject

    e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1

  20. Linked Data型VCのデータ表現 19 xyz: Person name = John Smith credentialSubject

    e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD

  21. Linked Data型VCのデータ表現 20 xyz: Person name = John Smith credentialSubject

    e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads

  22. Linked Data型VCのデータ表現 21 xyz: Person name = John Smith credentialSubject

    e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads アプリで使いやすい 署名しやすい

  23. ノードの名前(識別子) 22 xyz: Person name = John Smith credentialSubject e#1

    : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads

  24. ノードの名前(識別子) 23 xyz: Person name = John Smith credentialSubject e#1

    : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads ☺ ノードに名前を付けることでデータ間リンクが容易になる  リンクが不要なノードにまで付けるのは面倒  どうせ秘匿するなら付ける意味がない → RDF「空白ノード」の出番

  25. ノードの名前(識別子) 24 xyz: Person name = John Smith credentialSubject e#1

    : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads ☺ ノードに名前を付けることでデータ間リンクが容易になる  リンクが不要なノードにまで付けるのは面倒  どうせ秘匿するなら付ける意味がない → RDF「空白ノード」の出番

  26. ノードの名前(識別子) 25 xyz: Person name = John Smith credentialSubject e#1

    : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads ☺ ノードに名前を付けることでデータ間リンクが容易になる  リンクが不要なノードにまで付けるのは面倒  どうせ秘匿するなら付ける意味がない → RDF「空白ノード」の出番

  27. RDF空白ノード 26 xyz: Person name = John Smith credentialSubject e#1

    : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads ☺ 外部リンクが不要なノードは名無しの 空白ノード にできる

  28. RDF空白ノード 27 xyz: Person name = John Smith credentialSubject :

    Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine : VerifiableCredential issuer = gov; proof = sig1 { "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD _:b0 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... N-Quads ☺ 外部リンクが不要なノードは名無しの 空白ノード にできる

  29. RDF空白ノード 28 xyz: Person name = John Smith credentialSubject :

    Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine : VerifiableCredential issuer = gov; proof = sig1 { "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD _:b0 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... N-Quads 空白ノードは実データで広く利用されている (文献[7]によると Web上のRDFドキュメントのおよそ45%) ☺ 外部リンクが不要なノードは名無しの 空白ノード にできる

  30. 課題: N-Quadsにおける空白ノードの曖昧さ 29 N-Quadsにおける空白ノードのラベルは意味をもたない = データ作成者や処理系によって使われるラベルは様々 { "credentialSubject": { "id":

    "xyz", "name": "John Smith" "isPatientOf": { "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD デジタル署名の対象として扱いにくい _:b0 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... N-Quads _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 ... N-Quads xyz: Person name = John Smith credentialSubject : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine : VerifiableCredential issuer = gov; proof = sig1

  31. 対策: RDF Canonicalization Algorithmの導入 30 _:b0 credentialSubject xyz xyz name

    "John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 ... _:c14n1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:c14n0 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123 ...

  32. 対策: RDF Canonicalization Algorithmの導入 31 空白ノードのラベル以外の情報に基づいて 「canonicalな」ラベル付けを行う確定的アルゴリズム 研究提案は古くから存在(2003) 現在W3Cで標準化中 (筆者らもWGメンバ)

    _:b0 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 ... _:c14n1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:c14n0 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123 ...

  33. VC発行 / 署名生成 32 _:foo credentialSubject xyz xyz name "John

    Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 Issuer

  34. VC発行 / 署名生成 33 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123

    _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 canon & sort Issuer

  35. VC発行 / 署名生成 34 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123

    _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" code#123 _:c14n0 vaccine 1 4 2 5 3 6 Term分解 ... _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 canon & sort Issuer

  36. VC発行 / 署名生成 35 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123

    _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" code#123 _:c14n0 vaccine 1 4 2 5 3 6 Term分解 9139018... 7975413... 8394757... 4937101... 9139018... 1106247... ... 1 4 2 5 3 6 Hash to Scalar ... _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 canon & sort Issuer

  37. VC発行 / 署名生成 36 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123

    _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" code#123 _:c14n0 vaccine 1 4 2 5 3 6 Term分解 9139018... 7975413... 8394757... 4937101... 9139018... 1106247... ... 1 4 2 5 3 6 Hash to Scalar ... BBS+. sign Issuerの 秘密鍵 署名値 _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 canon & sort Issuer

  38. VC検証 / 署名検証 37 _:987 credentialSubject xyz xyz name "John

    Smith" xyz isPatientOf _:123 _:123 date "2023-01-01" _:123 vaccine code#123 署名時と異なる ラベルでも... Holder

  39. VC検証 / 署名検証 38 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123

    _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:987 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:123 _:123 date "2023-01-01" _:123 vaccine code#123 canon & sort 署名時と異なる ラベルでも... 同じcanonical 表現が得られる Holder

  40. VC検証 / 署名検証 39 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123

    _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" code#123 _:c14n0 vaccine 1 4 2 5 3 6 Term分解 9139018... 7975413... 8394757... 4937101... 9139018... 1106247... ... 1 4 2 5 3 6 Hash ... BBS+. verify Issuerの 公開鍵 1 or 0 _:987 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:123 _:123 date "2023-01-01" _:123 vaccine code#123 署名値 canon & sort 署名時と異なる ラベルでも... 同じcanonical 表現が得られる Holder

  41. VP提示 / ゼロ知識証明 40 Issuerに発行してもらった VC Verifierに見せたい VC' { "credentialSubject":

    { "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } { "credentialSubject": { "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } Holder 選択的開示

  42. VP提示 / ゼロ知識証明 41 Issuerに発行してもらった VC Verifierに見せたい VC' { "credentialSubject":

    { "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } { "credentialSubject": { "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } Holder 選択的開示 項目をまるごと 削除

  43. VP提示 / ゼロ知識証明 42 Issuerに発行してもらった VC Verifierに見せたい VC' { "credentialSubject":

    { "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } { "credentialSubject": { "id": "_:000", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } Holder 選択的開示 項目をまるごと 削除 名前付きノードを 空白ノードで置換

  44. VP提示 / ゼロ知識証明 43 _:foo credentialSubject xyz xyz name "John

    Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Verifierに見せたい VC' { "credentialSubject": { "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } { "credentialSubject": { "id": "_:000", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } 名前付きノードを 空白ノードで置換 項目をまるごと 削除 Holder 選択的開示

  45. 課題 44 _:foo credentialSubject xyz xyz name "John Smith" xyz

    isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Verifierに見せたい VC' Holder

  46. 課題 45 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf

    _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Verifierに見せたい VC' canon&sort Holder

  47. 課題 46 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf

    _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' canon&sort canon&sort Holder

  48. 課題 47 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf

    _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' 選択的開示の影響でcanonicalizationの結果(ラベルと行順序)が変化し、 HolderとVerifierで署名・証明対象のメッセージ配列が異なってしまう canon&sort canon&sort Holder 課題

  49. 課題 48 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf

    _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' 選択的開示の影響でcanonicalizationの結果(ラベルと行順序)が変化し、 HolderとVerifierで署名・証明対象のメッセージ配列が異なってしまう canon&sort canon&sort Holder ラベルのずれ → ラベルを直接見せずにゼロ知識証明に替える 行順序のずれ → 元の順序に戻すための置換をHolderが計算して渡してあげる 課題 対策

  50. (1) 行順序を元に戻すための置換 𝜓 をHolderが計算 49 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject

    xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓

  51. (2) ゼロ知識証明 𝜋 の計算 50 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject

    xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" ... Term分解 BBS+. show 𝜋 (非対話ゼロ知識証明) 𝜓

  52. (3) Verifierへ送付 51 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz

    isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Holder canon&sort _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" Verifier VC' 𝜓, 𝜋

  53. (3) Verifierへ送付 52 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz

    isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" Verifier VC' 𝜓, 𝜋

  54. (3) Verifierへ送付 53 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz

    isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 Verifier VC' 𝜓, 𝜋

  55. (3) Verifierへ送付 54 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz

    isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 Verifier VC' 𝜓, 𝜋 _:c14n1 date "2023-01-01" ... Term分解

  56. (3) Verifierへ送付 55 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz

    isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 Verifier VC' 𝜓, 𝜋 _:c14n1 date "2023-01-01" ... Term分解 BBS+.verify Proof 𝜋 1 or 0

  57. 安全性: ℒ-匿名性 56 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz

    isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 Verifier VC' 𝜓, 𝜋 Verifierに見える情報 = 開示属性に加えて、項の総数 と 項のレイアウト も漏れる これらを考慮した安全性を ℒ-匿名性 として定義

  58. 空白ノード導入の効果: 簡潔なVerifiable Presentation 57 { "verifiableCredential": [ { "id": "anon:df7821",

    "credentialSubject": { "id": "anon:9c08a2", "isPatientOf": { "id": "anon:35ee1a", "date": "2023-01-01", "vaccine": "anon:f8a376" } }, ... }, { "credentialSubject": { "id": "anon:f8a376", "status": "認可済" }, ... } ], ... } JSON-LD { "verifiableCredential": [ { "credentialSubject": { "isPatientOf": { "date": "2023-01-01", "vaccine": "_:000" } }, ... }, { "credentialSubject": { "id": "_:000", "status": "認可済" }, ... } ], ... } JSON-LD 従来 (秘匿したIDを乱数で置換) 今回 (秘匿したIDを空白ノードで置換)

  59. プロトタイプ実装 58 jsonld-proofs rdf-proofs-wasm rdf-proofs zkp-ld-playground docknetwork/crypto demo apps JSON-LD

    processing RDF processing BBS+ and zk-SNARKs thin wrapper https://github.com/zkp-ld/ ◆issue & verify JSON-LD VC ◆compose & verify JSON-LD VP ◆issue & verify N-Quads VC ◆compose & verify N-Quads VP ◆issue & verify N-Quads VC ◆compose & verify N-Quads VP ◆sign & verify integer array ◆derive & verify ZKP for integer array

  60. デモ: ZKP-LD Playground 59 https://playground.zkp-ld.org/

  61. まとめ 60 ◼ 複数の証明書の連結や、属性の選択的開示が可能で、 IssuerやVerifierによるリンクが困難なVerifiable Credentials ◼ RDF Canonicalization処理を組み込むことにより、空白ノードを 含むVerifiable

    Credentialsの発行・提示・検証を可能に ◼ 空白ノードを使うことにより、Verifiable Presentationのより簡潔 な表現を得ることもできた ◼ 今後の課題 ⚫提案方式の安全性証明 ⚫機能追加: 述語証明、失効確認、Issuer秘匿、...

  62. Appendix

  63. 置換 𝜓 の計算方法 (1) 62 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject

    xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓

  64. 置換 𝜓 の計算方法 (1) 63 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject

    xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 識別写像 𝜙 (秘匿を戻す写像) 秘匿後 秘匿前 _:000 xyz

  65. 置換 𝜓 の計算方法 (1) 64 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject

    xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 識別写像 𝜙 (秘匿を戻す写像) 秘匿後 秘匿前 _:000 xyz Issuerによるcanon 𝜑 canon前 canon後 _:foo _:c14n1 _:bar _:c14n0

  66. 置換 𝜓 の計算方法 (1) 65 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject

    xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 識別写像 𝜙 (秘匿を戻す写像) 秘匿後 秘匿前 _:000 xyz Verifierによるcanon 𝜑′ canon前 canon後 _:000 _:c14n0 _:bar _:c14n1 _:foo _:c14n2 Issuerによるcanon 𝜑 canon前 canon後 _:foo _:c14n1 _:bar _:c14n0

  67. 置換 𝜓 の計算方法 (2) 66 Verifierによるcanon 𝜑′−1 canon後 canon前 _:c14n0

    _:000 _:c14n1 _:bar _:c14n2 _:foo Issuerによるcanon 𝜑 canon前 canon後 _:foo _:c14n1 _:bar _:c14n0 Φ ≔ 𝜑 ⊕ 𝜙 ∘ 𝜑′−1 from to _:c14n0 xyz _:c14n1 _:c14n0 _:c14n2 _:c14n1 𝜙 ⊕ 𝜑 from to _:000 xyz _:foo _:c14n1 _:bar _:c14n0 𝜙 ⊕ 𝜑 from to _:000 xyz _:foo _:c14n1 _:bar _:c14n0 識別写像 𝜙 (秘匿を戻す写像) 秘匿後 秘匿前 _:000 xyz 直和 合成

  68. 置換 𝜓 の計算方法 (3) 67 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject

    xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort xyz isPatientOf _:c14n0 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 前頁で求めた Φ 𝜓