DP-DID: A Dynamic and Proactive Decentralized Identity System

IF 8 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

IEEE Transactions on Information Forensics and Security Pub Date : 2025-04-16 DOI:10.1109/TIFS.2025.3561662

Jie Yin;Yang Xiao;Qian Chen;Yong zhi Lim;Xuefeng Liu;Qingqi Pei;Jianying Zhou

{"title":"DP-DID: A Dynamic and Proactive Decentralized Identity System","authors":"Jie Yin;Yang Xiao;Qian Chen;Yong zhi Lim;Xuefeng Liu;Qingqi Pei;Jianying Zhou","doi":"10.1109/TIFS.2025.3561662","DOIUrl":null,"url":null,"abstract":"Decentralized identity (DID) is a transformative paradigm that leverages blockchain, decentralized identifiers and verifiable credentials (VCs) to enable self-sovereign and decentralized identity management with myriad application areas. However, existing DID implementations are confronted with two key challenges: insufficient decentralization and vulnerability to mobile adversary attacks. First, they paradoxically introduce central identity resolvers, intermediaries or static committees to manage critical identity services, key management or credential issuance, which violates the decentralized controlling aim against a single point of failure. Second, these systems are vulnerable to mobile adversaries who can gradually compromise multiple nodes or committee members over a long period, eventually seizing control of the system. In this paper, we propose DP-DID, the first dynamic and proactive decentralized identity system specifically designed to resist mobile adversary attacks in dynamic committee settings. To eliminate centralized authorities, DP-DID leverages blockchain, dynamic committees and BLS (Named after Boneh, Lynn, and Shacham) signatures, which achieves decentralization. In addition, we design a dynamic and batch proactive secret sharing (DBPSS) scheme for DP-DID to ensure proactive security against mobile adversary attacks. This is achieved by allowing at most t (threshold) committees to be corrupted per period, with the set of corrupted committees changing dynamically even if all players are eventually compromised. By incorporating DBPSS, DP-DID achieves efficient key management for multiple users in dynamic settings, enhancing overall system scalability. Through rigorous analysis, DP-DID is proven to be forward secure and secure against mobile adversary attacks under a widely adopted malicious model. Extensive experiments show that DP-DID has efficient performance, and our DBPSS scheme outperforms FaB-DPSS by over <inline-formula> <tex-math>$11.67\\times $ </tex-math></inline-formula> in key handover efficiency.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4999-5014"},"PeriodicalIF":8.0000,"publicationDate":"2025-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10966852/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

Decentralized identity (DID) is a transformative paradigm that leverages blockchain, decentralized identifiers and verifiable credentials (VCs) to enable self-sovereign and decentralized identity management with myriad application areas. However, existing DID implementations are confronted with two key challenges: insufficient decentralization and vulnerability to mobile adversary attacks. First, they paradoxically introduce central identity resolvers, intermediaries or static committees to manage critical identity services, key management or credential issuance, which violates the decentralized controlling aim against a single point of failure. Second, these systems are vulnerable to mobile adversaries who can gradually compromise multiple nodes or committee members over a long period, eventually seizing control of the system. In this paper, we propose DP-DID, the first dynamic and proactive decentralized identity system specifically designed to resist mobile adversary attacks in dynamic committee settings. To eliminate centralized authorities, DP-DID leverages blockchain, dynamic committees and BLS (Named after Boneh, Lynn, and Shacham) signatures, which achieves decentralization. In addition, we design a dynamic and batch proactive secret sharing (DBPSS) scheme for DP-DID to ensure proactive security against mobile adversary attacks. This is achieved by allowing at most t (threshold) committees to be corrupted per period, with the set of corrupted committees changing dynamically even if all players are eventually compromised. By incorporating DBPSS, DP-DID achieves efficient key management for multiple users in dynamic settings, enhancing overall system scalability. Through rigorous analysis, DP-DID is proven to be forward secure and secure against mobile adversary attacks under a widely adopted malicious model. Extensive experiments show that DP-DID has efficient performance, and our DBPSS scheme outperforms FaB-DPSS by over

$11.67\times $

in key handover efficiency.

查看原文本刊更多论文

DP-DID：一个动态和主动的去中心化身份系统

去中心化身份（DID）是一种变革性范式，它利用区块链、去中心化标识符和可验证凭证（vc），在无数应用领域实现自我主权和去中心化身份管理。然而，现有的DID实现面临着两个关键挑战：去中心化不足和易受移动对手攻击。首先，它们矛盾地引入了中央身份解析器、中介机构或静态委员会来管理关键的身份服务、密钥管理或证书颁发，这违反了针对单点故障的分散控制目标。其次，这些系统很容易受到移动对手的攻击，这些对手可以在很长一段时间内逐渐危及多个节点或委员会成员，最终夺取对系统的控制。在本文中，我们提出了DP-DID，这是第一个动态和主动的分散身份系统，专门用于抵御动态委员会设置中的移动对手攻击。为了消除中央集权，DP-DID利用区块链、动态委员会和BLS（以Boneh、Lynn和Shacham命名）签名，实现了去中心化。此外，我们为DP-DID设计了一种动态和批量的主动秘密共享（DBPSS）方案，以确保对移动对手攻击的主动安全性。这是通过允许每个时期最多t个（阈值）委员会被破坏来实现的，即使所有玩家最终都受到损害，被破坏的委员会也会动态变化。通过集成DBPSS， DP-DID在动态设置中实现了对多个用户的高效密钥管理，增强了整个系统的可扩展性。通过严格的分析，DP-DID在广泛采用的恶意模型下具有前向安全性和对移动对手攻击的安全性。大量实验表明，DP-DID具有高效的性能，DBPSS方案的密钥切换效率比FaB-DPSS方案高出11.67倍以上。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Information Forensics and Security 工程技术-工程：电子与电气

CiteScore

14.40

自引率

7.40%

发文量

234

审稿时长

6.5 months

期刊介绍： The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features