On cryptographic mechanisms for the selective disclosure of verifiable credentials

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2024-05-18 DOI:10.1016/j.jisa.2024.103789

Andrea Flamini , Giada Sciarretta , Mario Scuro , Amir Sharif , Alessandro Tomasi , Silvio Ranise

{"title":"On cryptographic mechanisms for the selective disclosure of verifiable credentials","authors":"Andrea Flamini , Giada Sciarretta , Mario Scuro , Amir Sharif , Alessandro Tomasi , Silvio Ranise","doi":"10.1016/j.jisa.2024.103789","DOIUrl":null,"url":null,"abstract":"<div><p>Verifiable credentials are a digital analogue of physical credentials. Their authenticity and integrity are protected by means of cryptographic techniques, and they can be presented to verifiers to reveal attributes or even predicates about the attributes included in the credential. One way to preserve privacy during presentation consists in selectively disclosing the attributes in a credential. In this paper we present the most widespread cryptographic mechanisms used to enable selective disclosure of attributes identifying two categories: the ones based on hiding commitments - e.g., m<span>dl</span> ISO/IEC 18013-5 - and the ones based on non-interactive zero-knowledge proofs - e.g., BBS signatures. We also include a description of the cryptographic primitives used to design such cryptographic mechanisms.</p><p>We describe the design of the cryptographic mechanisms and compare them by performing an analysis on their standard maturity in terms of standardization, cryptographic agility and quantum safety, then we compare the features that they support with main focus on the unlinkability of presentations, the ability to create predicate proofs and support for threshold credential issuance.</p><p>Finally we perform an experimental evaluation based on the Rust open source implementations that we have considered most relevant. In particular we evaluate the size of credentials and presentations built using different cryptographic mechanisms and the time needed to generate and verify them. We also highlight some trade-offs that must be considered in the instantiation of the cryptographic mechanisms.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"83 ","pages":"Article 103789"},"PeriodicalIF":3.8000,"publicationDate":"2024-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624000929/pdfft?md5=1bce8c58c9db5a9373aa03e3cb8a620d&pid=1-s2.0-S2214212624000929-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624000929","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Verifiable credentials are a digital analogue of physical credentials. Their authenticity and integrity are protected by means of cryptographic techniques, and they can be presented to verifiers to reveal attributes or even predicates about the attributes included in the credential. One way to preserve privacy during presentation consists in selectively disclosing the attributes in a credential. In this paper we present the most widespread cryptographic mechanisms used to enable selective disclosure of attributes identifying two categories: the ones based on hiding commitments - e.g., mdl ISO/IEC 18013-5 - and the ones based on non-interactive zero-knowledge proofs - e.g., BBS signatures. We also include a description of the cryptographic primitives used to design such cryptographic mechanisms.

We describe the design of the cryptographic mechanisms and compare them by performing an analysis on their standard maturity in terms of standardization, cryptographic agility and quantum safety, then we compare the features that they support with main focus on the unlinkability of presentations, the ability to create predicate proofs and support for threshold credential issuance.

Finally we perform an experimental evaluation based on the Rust open source implementations that we have considered most relevant. In particular we evaluate the size of credentials and presentations built using different cryptographic mechanisms and the time needed to generate and verify them. We also highlight some trade-offs that must be considered in the instantiation of the cryptographic mechanisms.

查看原文本刊更多论文

关于选择性披露可验证凭证的加密机制

可验证凭据是实物凭据的数字类似物。它们的真实性和完整性通过加密技术得到保护，可向验证者展示它们，以揭示凭证中的属性，甚至是有关属性的谓词。在出示过程中保护隐私的一种方法是有选择地披露凭证中的属性。在本文中，我们介绍了用于选择性披露属性的最普遍的加密机制，并将其分为两类：基于隐藏承诺的机制（如 mdl ISO/IEC 18013-5）和基于非交互式零知识证明的机制（如 BBS 签名）。我们描述了加密机制的设计，并通过分析它们在标准化、加密敏捷性和量子安全性方面的标准成熟度对它们进行了比较，然后我们比较了它们支持的功能，主要侧重于演示的不可链接性、创建谓词证明的能力以及对阈值凭证签发的支持。最后，我们基于我们认为最相关的 Rust 开源实现进行了实验评估。最后，我们基于我们认为最相关的 Rust 开源实现进行了一次实验评估。我们特别评估了使用不同加密机制创建的凭证和演示的大小，以及生成和验证它们所需的时间。我们还强调了在加密机制实例化过程中必须考虑的一些权衡因素。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.