Evaluation of trust service and software product regimes for zero-knowledge proof development under eIDAS 2.0

IF 3.3 3区 社会学 Q1 LAW
Raül Ramos Fernández
{"title":"Evaluation of trust service and software product regimes for zero-knowledge proof development under eIDAS 2.0","authors":"Raül Ramos Fernández","doi":"10.1016/j.clsr.2024.105968","DOIUrl":null,"url":null,"abstract":"<div><p>This paper delves into two legal models for zero-knowledge proof protocols in the context of the eIDAS 2.0 Regulation: a trust service or a software product. The ARIES: reliAble euRopean Identity EcoSystem EU project highlighted the need for a legal framework for stakeholders to accept proof of the existence of user data with legal certainty, while Hyperledger Indy shows that ZKP solutions are currently commercialized, stressing deficiencies in the eIDAS 2.0. An overview of ZKP applied to identity, its relationship to the European Digital Identity Wallet and the electronic attestations of attributes, both introduced by the eIDAS 2.0, and Self-Sovereign Identity systems, leads to the central question of proof of the existence of user-held data as a trust service or as a software product and its data privacy implications for each approach. Finally, we outline a possible solution based on the product approach for future work. Our findings reveal that ZKP technology must have legal value and a presumption system to be effective. However, the path we take could lead us either to develop a system of surveillance and control in electronic environments or to build an environment where we share not the data itself but proof of its existence.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"53 ","pages":"Article 105968"},"PeriodicalIF":3.3000,"publicationDate":"2024-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0267364924000359/pdfft?md5=857f41921a67e735151c4db9f816925c&pid=1-s2.0-S0267364924000359-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Law & Security Review","FirstCategoryId":"90","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0267364924000359","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}
引用次数: 0

Abstract

This paper delves into two legal models for zero-knowledge proof protocols in the context of the eIDAS 2.0 Regulation: a trust service or a software product. The ARIES: reliAble euRopean Identity EcoSystem EU project highlighted the need for a legal framework for stakeholders to accept proof of the existence of user data with legal certainty, while Hyperledger Indy shows that ZKP solutions are currently commercialized, stressing deficiencies in the eIDAS 2.0. An overview of ZKP applied to identity, its relationship to the European Digital Identity Wallet and the electronic attestations of attributes, both introduced by the eIDAS 2.0, and Self-Sovereign Identity systems, leads to the central question of proof of the existence of user-held data as a trust service or as a software product and its data privacy implications for each approach. Finally, we outline a possible solution based on the product approach for future work. Our findings reveal that ZKP technology must have legal value and a presumption system to be effective. However, the path we take could lead us either to develop a system of surveillance and control in electronic environments or to build an environment where we share not the data itself but proof of its existence.

评估 eIDAS 2.0 零知识证明开发的信任服务和软件产品制度
本文以 eIDAS 2.0 法规为背景,深入探讨了零知识证明协议的两种法律模式:信任服务或软件产品。ARIES:可靠的欧盟身份生态系统欧盟项目强调了利益相关者需要一个法律框架来接受具有法律确定性的用户数据存在证明,而Hyperledger Indy表明ZKP解决方案目前已经商业化,强调了eIDAS 2.0的不足之处。对 ZKP 应用于身份识别的概述、其与欧洲数字身份钱包和电子属性证明的关系(两者均由 eIDAS 2.0 和自治身份系统引入),引出了作为信任服务或软件产品的用户所持数据存在性证明这一核心问题及其对每种方法的数据隐私影响。最后,我们概述了基于产品方法的可能解决方案,供未来工作参考。我们的研究结果表明,ZKP 技术必须具备法律价值和推定系统才能有效。然而,我们所走的道路可能会导致我们要么开发出一种电子环境中的监视和控制系统,要么建立一种我们共享的不是数据本身而是数据存在证明的环境。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
5.60
自引率
10.30%
发文量
81
审稿时长
67 days
期刊介绍: CLSR publishes refereed academic and practitioner papers on topics such as Web 2.0, IT security, Identity management, ID cards, RFID, interference with privacy, Internet law, telecoms regulation, online broadcasting, intellectual property, software law, e-commerce, outsourcing, data protection, EU policy, freedom of information, computer security and many other topics. In addition it provides a regular update on European Union developments, national news from more than 20 jurisdictions in both Europe and the Pacific Rim. It is looking for papers within the subject area that display good quality legal analysis and new lines of legal thought or policy development that go beyond mere description of the subject area, however accurate that may be.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信