Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Verifiable CredentialにおけるRDF空白ノードの活用
Search
Dan Yamamoto
October 30, 2023
Research
0
250
Verifiable CredentialにおけるRDF空白ノードの活用
Presented at CSS2023 (2023-10-30)
Dan Yamamoto
October 30, 2023
Tweet
Share
More Decks by Dan Yamamoto
See All by Dan Yamamoto
Termwise BBS and Pseudonymous DID Keys
yamdan
0
27
JSON-LD VC with BBS, OID4VCI, OID4VP, and Pseudonymous DID Key
yamdan
0
38
An Experimental Version of JSON-LD BBS+ Verifiable Credentials
yamdan
0
62
JSON-LD BBS+ Verifiable Credentials with Private Holder Binding, Pseudonym, ...
yamdan
0
230
複数の証明書を選択的に連結・開示できるJSON-LD型Verifiable Credentialsの改良版
yamdan
0
430
Linked-Data-based Verifiable Credentials with Selective Disclosure, Unlinkability, and Predicate Proofs
yamdan
0
560
zk-SPARQL: SPARQLクエリに対して検証とプライバシ保護が可能な結果を返すパーソナルRDFデータストア
yamdan
0
1.3k
zk-SPARQL
yamdan
0
210
Linked-Data based Verifiable Credentials with Selective Disclosure, Unlinkability, and Range Proofs
yamdan
0
490
Other Decks in Research
See All in Research
ベイズ的方法に基づく統計的因果推論の基礎
holyshun
0
610
チュートリアル:Mamba, Vision Mamba (Vim)
hf149
5
1.6k
[依頼講演] 適応的実験計画法に基づく効率的無線システム設計
k_sato
0
170
Weekly AI Agents News! 8月号 プロダクト/ニュースのアーカイブ
masatoto
1
210
Introducing Research Units of Matsuo-Iwasawa Laboratory
matsuolab
0
1.3k
FOSS4G 山陰 Meetup 2024@砂丘 はじめの挨拶
wata909
1
120
湯村研究室の紹介2024 / yumulab2024
yumulab
0
350
20240918 交通くまもとーく 未来の鉄道網編(こねくま)
trafficbrain
0
340
非ガウス性と非線形性に基づく統計的因果探索
sshimizu2006
0
430
多様かつ継続的に変化する環境に適応する情報システム/thesis-defense-presentation
monochromegane
1
590
Leveraging LLMs for Unsupervised Dense Retriever Ranking (SIGIR 2024)
kampersanda
2
250
リモートワークにおけるパッシブ疲労
matsumoto_r
PRO
3
1.3k
Featured
See All Featured
Building Adaptive Systems
keathley
38
2.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.2k
VelocityConf: Rendering Performance Case Studies
addyosmani
326
24k
Gamification - CAS2011
davidbonilla
80
5.1k
Designing for Performance
lara
604
68k
Optimizing for Happiness
mojombo
376
70k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
170
The Pragmatic Product Professional
lauravandoore
32
6.3k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
247
1.3M
Transcript
Verifiable Credentialにおける RDF空白ノードの活用 山本 暖 / 須賀 祐治 (IIJ) 佐古
和恵 (早稲田大学) 2023-10-30 @ CSS2023 (1E4-3)
Verifiable Credential 1 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials
Data Model (v1.1, March 2022)
Verifiable Credential 2 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials
Data Model (v1.1, March 2022) Holder Verifier Issuer
Verifiable Credential 3 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials
Data Model (v1.1, March 2022) Holder Verifier Issuer Verifiable Credential (VC) ⚫氏名: John Smith ⚫生年月日: 1980-01-01 ⚫Issuerの署名
Verifiable Credential 4 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials
Data Model (v1.1, March 2022) Holder Verifier Issuer Verifiable Credential (VC) Verifiable Presentation (VP) ⚫氏名: John Smith ⚫生年月日: 1980-01-01 ⚫Issuerの署名
Verifiable Credential 5 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials
Data Model (v1.1, March 2022) Holder Verifier Issuer Verifiable Credential (VC) Verifiable Presentation (VP) ⚫氏名: John Smith ⚫生年月日: 1980-01-01 ⚫Issuerの署名 ◼ 実用例: IATA Travel Pass / Microsoft Entra Verified ID / SMART Health Cards (ワクチン接種証明書) ◼ 方式例: JWT型VC / SD-JWT型VC / Linked Data型VC / ...
Linked Data型VCの利用例 6 政府 検疫所 xyz: Person name = John
Smith credentialSubject e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 個人 VC1
Linked Data型VCの利用例 7 政府 検疫所 xyz: Person name = John
Smith credentialSubject e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 個人 メタデータ や署名 接種した人 接種情報 接種した ワクチン VC1
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 8 VC1 政府 検疫所 個人 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 9 VC1 政府 検疫所 個人 認可済かどうか 分からない! code#123 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 10 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject ワクチン 情報 提供者 ワクチン 仕様VC ダウンロード 政府 検疫所 個人 認可済かどうか 分からない! code#123 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 11 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject ワクチン 情報 提供者 ワクチン 仕様VC ダウンロード 政府 検疫所 個人 認可済かどうか 分からない! code#123 Linked Data として 結合・グラフ化 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください
Linked Data として 結合・グラフ化 xyz: Person name = John Smith
credentialSubject e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 12 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 13 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** 選択的開示 (一部の属性を秘匿) ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 14 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** 選択的開示 (一部の属性を秘匿) ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください 隠した値の 等価性証明 *** X *** *** X ***
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 15 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** **** 選択的開示 (一部の属性を秘匿) 署名の知識証明 ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください *** 隠した値の 等価性証明 *** X *** *** X ***
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 16 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** **** 選択的開示 (一部の属性を秘匿) 署名の知識証明 VP ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください 2023-01-01 認可済 *** 隠した値の 等価性証明 *** X *** *** X ***
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 17 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** **** 選択的開示 (一部の属性を秘匿) 署名の知識証明 VP ワクチン 情報 提供者 私(匿名)は2023年1月1日に、 当局認可済ワクチン(匿名)を接種しました 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください 2023-01-01 認可済 *** 隠した値の 等価性証明 *** X *** *** X ***
Linked Data型VCのデータ表現 18 xyz: Person name = John Smith credentialSubject
e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1
Linked Data型VCのデータ表現 19 xyz: Person name = John Smith credentialSubject
e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD
Linked Data型VCのデータ表現 20 xyz: Person name = John Smith credentialSubject
e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads
Linked Data型VCのデータ表現 21 xyz: Person name = John Smith credentialSubject
e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads アプリで使いやすい 署名しやすい
ノードの名前(識別子) 22 xyz: Person name = John Smith credentialSubject e#1
: Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads
ノードの名前(識別子) 23 xyz: Person name = John Smith credentialSubject e#1
: Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads ☺ ノードに名前を付けることでデータ間リンクが容易になる リンクが不要なノードにまで付けるのは面倒 どうせ秘匿するなら付ける意味がない → RDF「空白ノード」の出番
ノードの名前(識別子) 24 xyz: Person name = John Smith credentialSubject e#1
: Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads ☺ ノードに名前を付けることでデータ間リンクが容易になる リンクが不要なノードにまで付けるのは面倒 どうせ秘匿するなら付ける意味がない → RDF「空白ノード」の出番
ノードの名前(識別子) 25 xyz: Person name = John Smith credentialSubject e#1
: Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads ☺ ノードに名前を付けることでデータ間リンクが容易になる リンクが不要なノードにまで付けるのは面倒 どうせ秘匿するなら付ける意味がない → RDF「空白ノード」の出番
RDF空白ノード 26 xyz: Person name = John Smith credentialSubject e#1
: Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads ☺ 外部リンクが不要なノードは名無しの 空白ノード にできる
RDF空白ノード 27 xyz: Person name = John Smith credentialSubject :
Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine : VerifiableCredential issuer = gov; proof = sig1 { "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD _:b0 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... N-Quads ☺ 外部リンクが不要なノードは名無しの 空白ノード にできる
RDF空白ノード 28 xyz: Person name = John Smith credentialSubject :
Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine : VerifiableCredential issuer = gov; proof = sig1 { "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD _:b0 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... N-Quads 空白ノードは実データで広く利用されている (文献[7]によると Web上のRDFドキュメントのおよそ45%) ☺ 外部リンクが不要なノードは名無しの 空白ノード にできる
課題: N-Quadsにおける空白ノードの曖昧さ 29 N-Quadsにおける空白ノードのラベルは意味をもたない = データ作成者や処理系によって使われるラベルは様々 { "credentialSubject": { "id":
"xyz", "name": "John Smith" "isPatientOf": { "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD デジタル署名の対象として扱いにくい _:b0 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... N-Quads _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 ... N-Quads xyz: Person name = John Smith credentialSubject : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine : VerifiableCredential issuer = gov; proof = sig1
対策: RDF Canonicalization Algorithmの導入 30 _:b0 credentialSubject xyz xyz name
"John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 ... _:c14n1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:c14n0 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123 ...
対策: RDF Canonicalization Algorithmの導入 31 空白ノードのラベル以外の情報に基づいて 「canonicalな」ラベル付けを行う確定的アルゴリズム 研究提案は古くから存在(2003) 現在W3Cで標準化中 (筆者らもWGメンバ)
_:b0 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 ... _:c14n1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:c14n0 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123 ...
VC発行 / 署名生成 32 _:foo credentialSubject xyz xyz name "John
Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 Issuer
VC発行 / 署名生成 33 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123
_:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 canon & sort Issuer
VC発行 / 署名生成 34 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123
_:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" code#123 _:c14n0 vaccine 1 4 2 5 3 6 Term分解 ... _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 canon & sort Issuer
VC発行 / 署名生成 35 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123
_:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" code#123 _:c14n0 vaccine 1 4 2 5 3 6 Term分解 9139018... 7975413... 8394757... 4937101... 9139018... 1106247... ... 1 4 2 5 3 6 Hash to Scalar ... _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 canon & sort Issuer
VC発行 / 署名生成 36 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123
_:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" code#123 _:c14n0 vaccine 1 4 2 5 3 6 Term分解 9139018... 7975413... 8394757... 4937101... 9139018... 1106247... ... 1 4 2 5 3 6 Hash to Scalar ... BBS+. sign Issuerの 秘密鍵 署名値 _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 canon & sort Issuer
VC検証 / 署名検証 37 _:987 credentialSubject xyz xyz name "John
Smith" xyz isPatientOf _:123 _:123 date "2023-01-01" _:123 vaccine code#123 署名時と異なる ラベルでも... Holder
VC検証 / 署名検証 38 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123
_:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:987 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:123 _:123 date "2023-01-01" _:123 vaccine code#123 canon & sort 署名時と異なる ラベルでも... 同じcanonical 表現が得られる Holder
VC検証 / 署名検証 39 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123
_:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" code#123 _:c14n0 vaccine 1 4 2 5 3 6 Term分解 9139018... 7975413... 8394757... 4937101... 9139018... 1106247... ... 1 4 2 5 3 6 Hash ... BBS+. verify Issuerの 公開鍵 1 or 0 _:987 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:123 _:123 date "2023-01-01" _:123 vaccine code#123 署名値 canon & sort 署名時と異なる ラベルでも... 同じcanonical 表現が得られる Holder
VP提示 / ゼロ知識証明 40 Issuerに発行してもらった VC Verifierに見せたい VC' { "credentialSubject":
{ "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } { "credentialSubject": { "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } Holder 選択的開示
VP提示 / ゼロ知識証明 41 Issuerに発行してもらった VC Verifierに見せたい VC' { "credentialSubject":
{ "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } { "credentialSubject": { "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } Holder 選択的開示 項目をまるごと 削除
VP提示 / ゼロ知識証明 42 Issuerに発行してもらった VC Verifierに見せたい VC' { "credentialSubject":
{ "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } { "credentialSubject": { "id": "_:000", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } Holder 選択的開示 項目をまるごと 削除 名前付きノードを 空白ノードで置換
VP提示 / ゼロ知識証明 43 _:foo credentialSubject xyz xyz name "John
Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Verifierに見せたい VC' { "credentialSubject": { "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } { "credentialSubject": { "id": "_:000", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } 名前付きノードを 空白ノードで置換 項目をまるごと 削除 Holder 選択的開示
課題 44 _:foo credentialSubject xyz xyz name "John Smith" xyz
isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Verifierに見せたい VC' Holder
課題 45 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf
_:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Verifierに見せたい VC' canon&sort Holder
課題 46 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf
_:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' canon&sort canon&sort Holder
課題 47 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf
_:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' 選択的開示の影響でcanonicalizationの結果(ラベルと行順序)が変化し、 HolderとVerifierで署名・証明対象のメッセージ配列が異なってしまう canon&sort canon&sort Holder 課題
課題 48 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf
_:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' 選択的開示の影響でcanonicalizationの結果(ラベルと行順序)が変化し、 HolderとVerifierで署名・証明対象のメッセージ配列が異なってしまう canon&sort canon&sort Holder ラベルのずれ → ラベルを直接見せずにゼロ知識証明に替える 行順序のずれ → 元の順序に戻すための置換をHolderが計算して渡してあげる 課題 対策
(1) 行順序を元に戻すための置換 𝜓 をHolderが計算 49 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓
(2) ゼロ知識証明 𝜋 の計算 50 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" ... Term分解 BBS+. show 𝜋 (非対話ゼロ知識証明) 𝜓
(3) Verifierへ送付 51 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz
isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Holder canon&sort _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" Verifier VC' 𝜓, 𝜋
(3) Verifierへ送付 52 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz
isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" Verifier VC' 𝜓, 𝜋
(3) Verifierへ送付 53 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz
isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 Verifier VC' 𝜓, 𝜋
(3) Verifierへ送付 54 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz
isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 Verifier VC' 𝜓, 𝜋 _:c14n1 date "2023-01-01" ... Term分解
(3) Verifierへ送付 55 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz
isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 Verifier VC' 𝜓, 𝜋 _:c14n1 date "2023-01-01" ... Term分解 BBS+.verify Proof 𝜋 1 or 0
安全性: ℒ-匿名性 56 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz
isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 Verifier VC' 𝜓, 𝜋 Verifierに見える情報 = 開示属性に加えて、項の総数 と 項のレイアウト も漏れる これらを考慮した安全性を ℒ-匿名性 として定義
空白ノード導入の効果: 簡潔なVerifiable Presentation 57 { "verifiableCredential": [ { "id": "anon:df7821",
"credentialSubject": { "id": "anon:9c08a2", "isPatientOf": { "id": "anon:35ee1a", "date": "2023-01-01", "vaccine": "anon:f8a376" } }, ... }, { "credentialSubject": { "id": "anon:f8a376", "status": "認可済" }, ... } ], ... } JSON-LD { "verifiableCredential": [ { "credentialSubject": { "isPatientOf": { "date": "2023-01-01", "vaccine": "_:000" } }, ... }, { "credentialSubject": { "id": "_:000", "status": "認可済" }, ... } ], ... } JSON-LD 従来 (秘匿したIDを乱数で置換) 今回 (秘匿したIDを空白ノードで置換)
プロトタイプ実装 58 jsonld-proofs rdf-proofs-wasm rdf-proofs zkp-ld-playground docknetwork/crypto demo apps JSON-LD
processing RDF processing BBS+ and zk-SNARKs thin wrapper https://github.com/zkp-ld/ ◆issue & verify JSON-LD VC ◆compose & verify JSON-LD VP ◆issue & verify N-Quads VC ◆compose & verify N-Quads VP ◆issue & verify N-Quads VC ◆compose & verify N-Quads VP ◆sign & verify integer array ◆derive & verify ZKP for integer array
デモ: ZKP-LD Playground 59 https://playground.zkp-ld.org/
まとめ 60 ◼ 複数の証明書の連結や、属性の選択的開示が可能で、 IssuerやVerifierによるリンクが困難なVerifiable Credentials ◼ RDF Canonicalization処理を組み込むことにより、空白ノードを 含むVerifiable
Credentialsの発行・提示・検証を可能に ◼ 空白ノードを使うことにより、Verifiable Presentationのより簡潔 な表現を得ることもできた ◼ 今後の課題 ⚫提案方式の安全性証明 ⚫機能追加: 述語証明、失効確認、Issuer秘匿、...
Appendix
置換 𝜓 の計算方法 (1) 62 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓
置換 𝜓 の計算方法 (1) 63 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 識別写像 𝜙 (秘匿を戻す写像) 秘匿後 秘匿前 _:000 xyz
置換 𝜓 の計算方法 (1) 64 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 識別写像 𝜙 (秘匿を戻す写像) 秘匿後 秘匿前 _:000 xyz Issuerによるcanon 𝜑 canon前 canon後 _:foo _:c14n1 _:bar _:c14n0
置換 𝜓 の計算方法 (1) 65 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 識別写像 𝜙 (秘匿を戻す写像) 秘匿後 秘匿前 _:000 xyz Verifierによるcanon 𝜑′ canon前 canon後 _:000 _:c14n0 _:bar _:c14n1 _:foo _:c14n2 Issuerによるcanon 𝜑 canon前 canon後 _:foo _:c14n1 _:bar _:c14n0
置換 𝜓 の計算方法 (2) 66 Verifierによるcanon 𝜑′−1 canon後 canon前 _:c14n0
_:000 _:c14n1 _:bar _:c14n2 _:foo Issuerによるcanon 𝜑 canon前 canon後 _:foo _:c14n1 _:bar _:c14n0 Φ ≔ 𝜑 ⊕ 𝜙 ∘ 𝜑′−1 from to _:c14n0 xyz _:c14n1 _:c14n0 _:c14n2 _:c14n1 𝜙 ⊕ 𝜑 from to _:000 xyz _:foo _:c14n1 _:bar _:c14n0 𝜙 ⊕ 𝜑 from to _:000 xyz _:foo _:c14n1 _:bar _:c14n0 識別写像 𝜙 (秘匿を戻す写像) 秘匿後 秘匿前 _:000 xyz 直和 合成
置換 𝜓 の計算方法 (3) 67 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort xyz isPatientOf _:c14n0 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 前頁で求めた Φ 𝜓