zk-SPARQL

Transcript

1. zk-SPARQL: verifiable and anonymous personal datastore supporting SPARQL queries November

   15, 2022 Internet Identity Workshop (IIW) 35 Dan Yamamoto (Internet Initiative Japan Inc.) Joint work with: Yuji Suga (Internet Initiative Japan Inc.) Kazue Sako (Waseda University) Photo: CC BY 2.0 - Kanko* / Flickr https://www.flickr.com/photos/kankan/33346213/

2. Datastore 1 Data Consumer Datastore Data Source query data result

   consume data Data Source ...

3. Verifiable Datastore 2 Data Consumer Datastore Data Source query signed

   data result + signatures verify & consume signed data Data Source ... authenticity

4. Verifiable Personal Datastore 3 Data Consumer Datastore Data Source query

   signed data result + signatures verify & consume signed data Data Source ... authenticity privacy (signed data containing the query results must be fully disclosed for verification)

5. Verifiable & Anonymous Personal Datastore 4 Data Consumer Datastore Data

   Source query signed data result + proofs with selective disclosure verify & consume signed data Data Source ... authenticity privacy

6. Verifiable & Anonymous Personal Datastore 5 Data Consumer Datastore Data

   Source query signed data result + proofs with selective disclosure verify & consume signed data Data Source ... Issuer Issuer VC VC VP Verifier Holder zk-SPARQL

7. Example 6 Data Consumer Datastore Data Source query signed data

   result + proofs with selective disclosure verify & consume signed data Data Source ... { "type": "VerifiableCredential", "credentialSubject": { "id": "did:example:John", "type": "Person", "name": "John Smith", "homeLocation": "http://example.org/cityA", "birthDate": "2000-01-01", }, "proof": ... } { "type": "VerifiableCredential", "credentialSubject": { "id": "http://example.org/cityA", "type": "Place", "name": "City A", "maximumAtendeeCapacity": 10000 }, "proof": ... } SELECT ?population WHERE { ?s a :Person . ?s :homeLocation ?place . ?place a :Place . ?place :maximumAttendeeCapacity ?population . } { "type": "VerifiablePresentation", "verifiableCredential": [ { "type": "VerifiableCredential", "credentialSubject": { "id": "anoni:eX2hjL", "type": "Person", "homeLocation": "anoni:38CqTd" }, { "type": "VerifiableCredential", "credentialSubject": { "id": "anoni:eX2hjL", "type": "Person", "maximumAtendeeCapacity": 10000 } ], "proof": ... } { "population": 10000 }

8. Veanpods 7 ◼ Verifiable & Anonymous Personal Datastore • stores

   signed RDF data (= JSON-LD VC) • can be queried using zk-SPARQL, an extension of SPARQL • responds minimal result with zero-knowledge proof • supports unlinkability • and predicate proofs (as future work) • repository: https://github.com/zkp-ld/veanpods (super experimental version) Photo: CC BY 2.0 - Kanko* / Flickr https://www.flickr.com/photos/kankan/33346213/

9. Structure 8 RDF store zk-SPARQL processor SPARQL UI for owner

   BBS+ signatures for RDF bulletproofs, zk-SNARKs, ... secure storage SPARQL UI for consumer store-binding consumer authorization = YASGUI use SPARQL.js use quadstore based on jsonld-signatures-bbs Data Consumer Data Source Veanpods owner

10. Future Work 9 ◼ create, update, delete function (CRUD) ◼

    more than SELECT queries, i.e., ASK, CONSTRUCT, ... ◼ rich predicate proofs ⚫ require general-purpose zero-knowledge proofs, e.g., zk-SNARK, zk-STARK, bulletproofs ◼ zk-GraphQL, zk-GQL, zk-Cypher, ... ⚫ (maybe) possible by using existing translators (e.g., GraphQL-LD by Comunica) ◼ associate with Solid Pods (need to enhance my Solid knowledge) ◼ secure storage for signed data (VCs) and keys ◼ security & privacy formalization ◼ and more ⚫ revocation, PPID, issuer-hiding, mobile, ...