Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Verifiable CredentialにおけるRDF空白ノードの活用
Search
Dan Yamamoto
October 30, 2023
Research
0
140
Verifiable CredentialにおけるRDF空白ノードの活用
Presented at CSS2023 (2023-10-30)
Dan Yamamoto
October 30, 2023
Tweet
Share
More Decks by Dan Yamamoto
See All by Dan Yamamoto
An Experimental Version of JSON-LD BBS+ Verifiable Credentials
yamdan
0
44
JSON-LD BBS+ Verifiable Credentials with Private Holder Binding, Pseudonym, ...
yamdan
0
120
複数の証明書を選択的に連結・開示できるJSON-LD型Verifiable Credentialsの改良版
yamdan
0
310
Linked-Data-based Verifiable Credentials with Selective Disclosure, Unlinkability, and Predicate Proofs
yamdan
0
440
zk-SPARQL: SPARQLクエリに対して検証とプライバシ保護が可能な結果を返すパーソナルRDFデータストア
yamdan
0
1.2k
zk-SPARQL
yamdan
0
160
Linked-Data based Verifiable Credentials with Selective Disclosure, Unlinkability, and Range Proofs
yamdan
0
390
An Extended LDP-BBS 2020 and ZKP-LD Playground
yamdan
0
47
Other Decks in Research
See All in Research
ICLR2024 LLMエージェントの研究動向
masatoto
8
2.9k
Alexander Mielke Hellinger--Kantorovich (a.k.a. Wasserstein-Fisher-Rao) Spaces and Gradient Flows
jjzhu
3
190
AIを前提とした体験の実現に向けて/toward_ai_based_experiences
monochromegane
1
250
SANER 2019 Most Influential Paper Talk
tsantalis
0
120
[2023 CCSE] ZOZOTOWN検索における 研究開発の取り組みについて
tomoyayama
0
130
リサーチに組織を巻き込むための「準備8割」の話
terasho
0
470
Introduction of NII S. Koyama's Lab (AY2024)
skoyamalab
0
120
Gmail の「メール送信者のガイドライン」強化から 1 ヵ月、今後予想されるメールセキュリティの変化とは
hirachan
1
250
NeurIPS-23 参加報告 + DPO 解説
akifumi_wachi
5
1.8k
クロスモーダル表現学習の研究動向: 音声関連を中心として
ryomasumura
3
610
Prompt Tuning から Fine Tuning への移行時期推定
icoxfog417
17
7.1k
Scaling Rectified Flow Transformers for High-Resolution Image Synthesis / Stable Diffusion 3
shunk031
0
470
Featured
See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
275
13k
Mobile First: as difficult as doing things right
swwweet
217
8.6k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
Automating Front-end Workflow
addyosmani
1357
200k
Facilitating Awesome Meetings
lara
43
5.6k
Debugging Ruby Performance
tmm1
70
11k
Navigating Team Friction
lara
179
13k
A Modern Web Designer's Workflow
chriscoyier
689
190k
The Mythical Team-Month
searls
216
42k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
242
1.2M
Thoughts on Productivity
jonyablonski
59
3.9k
For a Future-Friendly Web
brad_frost
172
9k
Transcript
Verifiable Credentialにおける RDF空白ノードの活用 山本 暖 / 須賀 祐治 (IIJ) 佐古
和恵 (早稲田大学) 2023-10-30 @ CSS2023 (1E4-3)
Verifiable Credential 1 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials
Data Model (v1.1, March 2022)
Verifiable Credential 2 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials
Data Model (v1.1, March 2022) Holder Verifier Issuer
Verifiable Credential 3 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials
Data Model (v1.1, March 2022) Holder Verifier Issuer Verifiable Credential (VC) ⚫氏名: John Smith ⚫生年月日: 1980-01-01 ⚫Issuerの署名
Verifiable Credential 4 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials
Data Model (v1.1, March 2022) Holder Verifier Issuer Verifiable Credential (VC) Verifiable Presentation (VP) ⚫氏名: John Smith ⚫生年月日: 1980-01-01 ⚫Issuerの署名
Verifiable Credential 5 ◼ 暗号学的に安全で、プライバシーを尊重し、機械的な検証が可能な デジタルクレデンシャルを表現するための仕組み ◼ W3C勧告: Verifiable Credentials
Data Model (v1.1, March 2022) Holder Verifier Issuer Verifiable Credential (VC) Verifiable Presentation (VP) ⚫氏名: John Smith ⚫生年月日: 1980-01-01 ⚫Issuerの署名 ◼ 実用例: IATA Travel Pass / Microsoft Entra Verified ID / SMART Health Cards (ワクチン接種証明書) ◼ 方式例: JWT型VC / SD-JWT型VC / Linked Data型VC / ...
Linked Data型VCの利用例 6 政府 検疫所 xyz: Person name = John
Smith credentialSubject e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 個人 VC1
Linked Data型VCの利用例 7 政府 検疫所 xyz: Person name = John
Smith credentialSubject e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 個人 メタデータ や署名 接種した人 接種情報 接種した ワクチン VC1
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 8 VC1 政府 検疫所 個人 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 9 VC1 政府 検疫所 個人 認可済かどうか 分からない! code#123 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 10 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject ワクチン 情報 提供者 ワクチン 仕様VC ダウンロード 政府 検疫所 個人 認可済かどうか 分からない! code#123 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 11 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject ワクチン 情報 提供者 ワクチン 仕様VC ダウンロード 政府 検疫所 個人 認可済かどうか 分からない! code#123 Linked Data として 結合・グラフ化 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください
Linked Data として 結合・グラフ化 xyz: Person name = John Smith
credentialSubject e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 12 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 13 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** 選択的開示 (一部の属性を秘匿) ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 14 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** 選択的開示 (一部の属性を秘匿) ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください 隠した値の 等価性証明 *** X *** *** X ***
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 15 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** **** 選択的開示 (一部の属性を秘匿) 署名の知識証明 ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください *** 隠した値の 等価性証明 *** X *** *** X ***
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 16 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** **** 選択的開示 (一部の属性を秘匿) 署名の知識証明 VP ワクチン 情報 提供者 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください 2023-01-01 認可済 *** 隠した値の 等価性証明 *** X *** *** X ***
xyz: Person name = John Smith credentialSubject e#1 : Vaccination
date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 Linked Data型VCの利用例 17 VC1 VC2 vc#2: VerifiableCredential issuer = 提供者; proof=sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = 認可済 credentialSubject 政府 検疫所 個人 *** **************** **************** *** ********* ********* ********************** ** ************************* *** *** **** 選択的開示 (一部の属性を秘匿) 署名の知識証明 VP ワクチン 情報 提供者 私(匿名)は2023年1月1日に、 当局認可済ワクチン(匿名)を接種しました 2022年4月以降に当局認可済ワクチンを 接種していたら、その接種日を教えてください 2023-01-01 認可済 *** 隠した値の 等価性証明 *** X *** *** X ***
Linked Data型VCのデータ表現 18 xyz: Person name = John Smith credentialSubject
e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1
Linked Data型VCのデータ表現 19 xyz: Person name = John Smith credentialSubject
e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD
Linked Data型VCのデータ表現 20 xyz: Person name = John Smith credentialSubject
e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads
Linked Data型VCのデータ表現 21 xyz: Person name = John Smith credentialSubject
e#1 : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads アプリで使いやすい 署名しやすい
ノードの名前(識別子) 22 xyz: Person name = John Smith credentialSubject e#1
: Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads
ノードの名前(識別子) 23 xyz: Person name = John Smith credentialSubject e#1
: Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads ☺ ノードに名前を付けることでデータ間リンクが容易になる リンクが不要なノードにまで付けるのは面倒 どうせ秘匿するなら付ける意味がない → RDF「空白ノード」の出番
ノードの名前(識別子) 24 xyz: Person name = John Smith credentialSubject e#1
: Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads ☺ ノードに名前を付けることでデータ間リンクが容易になる リンクが不要なノードにまで付けるのは面倒 どうせ秘匿するなら付ける意味がない → RDF「空白ノード」の出番
ノードの名前(識別子) 25 xyz: Person name = John Smith credentialSubject e#1
: Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads ☺ ノードに名前を付けることでデータ間リンクが容易になる リンクが不要なノードにまで付けるのは面倒 どうせ秘匿するなら付ける意味がない → RDF「空白ノード」の出番
RDF空白ノード 26 xyz: Person name = John Smith credentialSubject e#1
: Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 { "id": "vc#1", "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "id": "e#1", "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD vc#1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf e#1 e#1 date "2023-01-01" e#1 vaccine code#123 ... N-Quads ☺ 外部リンクが不要なノードは名無しの 空白ノード にできる
RDF空白ノード 27 xyz: Person name = John Smith credentialSubject :
Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine : VerifiableCredential issuer = gov; proof = sig1 { "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD _:b0 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... N-Quads ☺ 外部リンクが不要なノードは名無しの 空白ノード にできる
RDF空白ノード 28 xyz: Person name = John Smith credentialSubject :
Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine : VerifiableCredential issuer = gov; proof = sig1 { "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD _:b0 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... N-Quads 空白ノードは実データで広く利用されている (文献[7]によると Web上のRDFドキュメントのおよそ45%) ☺ 外部リンクが不要なノードは名無しの 空白ノード にできる
課題: N-Quadsにおける空白ノードの曖昧さ 29 N-Quadsにおける空白ノードのラベルは意味をもたない = データ作成者や処理系によって使われるラベルは様々 { "credentialSubject": { "id":
"xyz", "name": "John Smith" "isPatientOf": { "date": "2023-01-01", "vaccine": "code#123" } }, ... } JSON-LD デジタル署名の対象として扱いにくい _:b0 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... N-Quads _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 ... N-Quads xyz: Person name = John Smith credentialSubject : Vaccination date = 2023-01-01 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine : VerifiableCredential issuer = gov; proof = sig1
対策: RDF Canonicalization Algorithmの導入 30 _:b0 credentialSubject xyz xyz name
"John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 ... _:c14n1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:c14n0 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123 ...
対策: RDF Canonicalization Algorithmの導入 31 空白ノードのラベル以外の情報に基づいて 「canonicalな」ラベル付けを行う確定的アルゴリズム 研究提案は古くから存在(2003) 現在W3Cで標準化中 (筆者らもWGメンバ)
_:b0 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:b1 _:b1 date "2023-01-01" _:b1 vaccine code#123 ... _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 ... _:c14n1 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:c14n0 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123 ...
VC発行 / 署名生成 32 _:foo credentialSubject xyz xyz name "John
Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 Issuer
VC発行 / 署名生成 33 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123
_:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 canon & sort Issuer
VC発行 / 署名生成 34 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123
_:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" code#123 _:c14n0 vaccine 1 4 2 5 3 6 Term分解 ... _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 canon & sort Issuer
VC発行 / 署名生成 35 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123
_:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" code#123 _:c14n0 vaccine 1 4 2 5 3 6 Term分解 9139018... 7975413... 8394757... 4937101... 9139018... 1106247... ... 1 4 2 5 3 6 Hash to Scalar ... _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 canon & sort Issuer
VC発行 / 署名生成 36 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123
_:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" code#123 _:c14n0 vaccine 1 4 2 5 3 6 Term分解 9139018... 7975413... 8394757... 4937101... 9139018... 1106247... ... 1 4 2 5 3 6 Hash to Scalar ... BBS+. sign Issuerの 秘密鍵 署名値 _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:bar vaccine code#123 canon & sort Issuer
VC検証 / 署名検証 37 _:987 credentialSubject xyz xyz name "John
Smith" xyz isPatientOf _:123 _:123 date "2023-01-01" _:123 vaccine code#123 署名時と異なる ラベルでも... Holder
VC検証 / 署名検証 38 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123
_:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:987 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:123 _:123 date "2023-01-01" _:123 vaccine code#123 canon & sort 署名時と異なる ラベルでも... 同じcanonical 表現が得られる Holder
VC検証 / 署名検証 39 _:c14n0 date "2023-01-01" _:c14n0 vaccine code#123
_:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" code#123 _:c14n0 vaccine 1 4 2 5 3 6 Term分解 9139018... 7975413... 8394757... 4937101... 9139018... 1106247... ... 1 4 2 5 3 6 Hash ... BBS+. verify Issuerの 公開鍵 1 or 0 _:987 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:123 _:123 date "2023-01-01" _:123 vaccine code#123 署名値 canon & sort 署名時と異なる ラベルでも... 同じcanonical 表現が得られる Holder
VP提示 / ゼロ知識証明 40 Issuerに発行してもらった VC Verifierに見せたい VC' { "credentialSubject":
{ "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } { "credentialSubject": { "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } Holder 選択的開示
VP提示 / ゼロ知識証明 41 Issuerに発行してもらった VC Verifierに見せたい VC' { "credentialSubject":
{ "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } { "credentialSubject": { "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } Holder 選択的開示 項目をまるごと 削除
VP提示 / ゼロ知識証明 42 Issuerに発行してもらった VC Verifierに見せたい VC' { "credentialSubject":
{ "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } { "credentialSubject": { "id": "_:000", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } Holder 選択的開示 項目をまるごと 削除 名前付きノードを 空白ノードで置換
VP提示 / ゼロ知識証明 43 _:foo credentialSubject xyz xyz name "John
Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Verifierに見せたい VC' { "credentialSubject": { "id": "xyz", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } { "credentialSubject": { "id": "_:000", "name": "John Smith", "isPatientOf": { "date": "2023-01-01" } } 名前付きノードを 空白ノードで置換 項目をまるごと 削除 Holder 選択的開示
課題 44 _:foo credentialSubject xyz xyz name "John Smith" xyz
isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Verifierに見せたい VC' Holder
課題 45 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf
_:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Verifierに見せたい VC' canon&sort Holder
課題 46 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf
_:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' canon&sort canon&sort Holder
課題 47 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf
_:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' 選択的開示の影響でcanonicalizationの結果(ラベルと行順序)が変化し、 HolderとVerifierで署名・証明対象のメッセージ配列が異なってしまう canon&sort canon&sort Holder 課題
課題 48 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf
_:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' 選択的開示の影響でcanonicalizationの結果(ラベルと行順序)が変化し、 HolderとVerifierで署名・証明対象のメッセージ配列が異なってしまう canon&sort canon&sort Holder ラベルのずれ → ラベルを直接見せずにゼロ知識証明に替える 行順序のずれ → 元の順序に戻すための置換をHolderが計算して渡してあげる 課題 対策
(1) 行順序を元に戻すための置換 𝜓 をHolderが計算 49 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓
(2) ゼロ知識証明 𝜋 の計算 50 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:c14n0 date "2023-01-01" ... Term分解 BBS+. show 𝜋 (非対話ゼロ知識証明) 𝜓
(3) Verifierへ送付 51 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz
isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Holder canon&sort _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" Verifier VC' 𝜓, 𝜋
(3) Verifierへ送付 52 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz
isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" Verifier VC' 𝜓, 𝜋
(3) Verifierへ送付 53 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz
isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 Verifier VC' 𝜓, 𝜋
(3) Verifierへ送付 54 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz
isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 Verifier VC' 𝜓, 𝜋 _:c14n1 date "2023-01-01" ... Term分解
(3) Verifierへ送付 55 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz
isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 Verifier VC' 𝜓, 𝜋 _:c14n1 date "2023-01-01" ... Term分解 BBS+.verify Proof 𝜋 1 or 0
安全性: ℒ-匿名性 56 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz
isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierによる VC'の検証 Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 Verifier VC' 𝜓, 𝜋 Verifierに見える情報 = 開示属性に加えて、項の総数 と 項のレイアウト も漏れる これらを考慮した安全性を ℒ-匿名性 として定義
空白ノード導入の効果: 簡潔なVerifiable Presentation 57 { "verifiableCredential": [ { "id": "anon:df7821",
"credentialSubject": { "id": "anon:9c08a2", "isPatientOf": { "id": "anon:35ee1a", "date": "2023-01-01", "vaccine": "anon:f8a376" } }, ... }, { "credentialSubject": { "id": "anon:f8a376", "status": "認可済" }, ... } ], ... } JSON-LD { "verifiableCredential": [ { "credentialSubject": { "isPatientOf": { "date": "2023-01-01", "vaccine": "_:000" } }, ... }, { "credentialSubject": { "id": "_:000", "status": "認可済" }, ... } ], ... } JSON-LD 従来 (秘匿したIDを乱数で置換) 今回 (秘匿したIDを空白ノードで置換)
プロトタイプ実装 58 jsonld-proofs rdf-proofs-wasm rdf-proofs zkp-ld-playground docknetwork/crypto demo apps JSON-LD
processing RDF processing BBS+ and zk-SNARKs thin wrapper https://github.com/zkp-ld/ ◆issue & verify JSON-LD VC ◆compose & verify JSON-LD VP ◆issue & verify N-Quads VC ◆compose & verify N-Quads VP ◆issue & verify N-Quads VC ◆compose & verify N-Quads VP ◆sign & verify integer array ◆derive & verify ZKP for integer array
デモ: ZKP-LD Playground 59 https://playground.zkp-ld.org/
まとめ 60 ◼ 複数の証明書の連結や、属性の選択的開示が可能で、 IssuerやVerifierによるリンクが困難なVerifiable Credentials ◼ RDF Canonicalization処理を組み込むことにより、空白ノードを 含むVerifiable
Credentialsの発行・提示・検証を可能に ◼ 空白ノードを使うことにより、Verifiable Presentationのより簡潔 な表現を得ることもできた ◼ 今後の課題 ⚫提案方式の安全性証明 ⚫機能追加: 述語証明、失効確認、Issuer秘匿、...
Appendix
置換 𝜓 の計算方法 (1) 62 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓
置換 𝜓 の計算方法 (1) 63 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 識別写像 𝜙 (秘匿を戻す写像) 秘匿後 秘匿前 _:000 xyz
置換 𝜓 の計算方法 (1) 64 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 識別写像 𝜙 (秘匿を戻す写像) 秘匿後 秘匿前 _:000 xyz Issuerによるcanon 𝜑 canon前 canon後 _:foo _:c14n1 _:bar _:c14n0
置換 𝜓 の計算方法 (1) 65 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 _:c14n0 isPatientOf _:c14n1 reorder ≃ _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 𝜓 識別写像 𝜙 (秘匿を戻す写像) 秘匿後 秘匿前 _:000 xyz Verifierによるcanon 𝜑′ canon前 canon後 _:000 _:c14n0 _:bar _:c14n1 _:foo _:c14n2 Issuerによるcanon 𝜑 canon前 canon後 _:foo _:c14n1 _:bar _:c14n0
置換 𝜓 の計算方法 (2) 66 Verifierによるcanon 𝜑′−1 canon後 canon前 _:c14n0
_:000 _:c14n1 _:bar _:c14n2 _:foo Issuerによるcanon 𝜑 canon前 canon後 _:foo _:c14n1 _:bar _:c14n0 Φ ≔ 𝜑 ⊕ 𝜙 ∘ 𝜑′−1 from to _:c14n0 xyz _:c14n1 _:c14n0 _:c14n2 _:c14n1 𝜙 ⊕ 𝜑 from to _:000 xyz _:foo _:c14n1 _:bar _:c14n0 𝜙 ⊕ 𝜑 from to _:000 xyz _:foo _:c14n1 _:bar _:c14n0 識別写像 𝜙 (秘匿を戻す写像) 秘匿後 秘匿前 _:000 xyz 直和 合成
置換 𝜓 の計算方法 (3) 67 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject
xyz xyz isPatientOf _:c14n0 xyz name "John Smith" _:foo credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:bar _:bar date "2023-01-01" _:foo credentialSubject _:000 _:000 isPatientOf _:bar _:bar date "2023-01-01" _:c14n0 isPatientOf _:c14n1 _:c14n1 date "2023-01-01" _:c14n2 credentialSubject _:c14n0 Issuerに発行してもらった VC Verifierに見せたい VC' Holder canon&sort canon&sort xyz isPatientOf _:c14n0 _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz _:c14n0 date "2023-01-01" _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name "John Smith" 前頁で求めた Φ 𝜓