TY - GEN
T1 - A-PoA
T2 - 3rd IEEE International Conference on Blockchain and Cryptocurrency, ICBC 2021
AU - Lauinger, Jan
AU - Ernstberger, Jens
AU - Regnath, Emanuel
AU - Hamad, Mohammad
AU - Steinhorst, Sebastian
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021/5/3
Y1 - 2021/5/3
N2 - Self-sovereign Identity Management (SSIM) pro-motes self-control of credentials without relying on external administration. However, the state-of-the-art SSIM based on Decentralized Identifiers and Verifiable Credentials (VCs) defined by the World Wide Web Consortium does not enable credential holders to verify whether a Credential Issuing Authority (CIA) legitimately issued a credential.As a remedy, our work constructs a secure authentication protocol, called A-PoA, to provide decentralized and anonymous authorization of CIAs. We leverage a cryptographic accumulator to enable the Root Authority (registering a Credential Schema) with the ability to authorize a CIA (registering a Credential Definition) to issue a credential. The proof of accumulator membership relies on a non-interactive zero-knowledge proof. This allows a credential holder or validator node to verify the validity of a CIA, while the CIA remains anonymous. Our security analysis shows the integrity and confidentiality of our protocol against hostile network participants and our experimental evaluation shows constant verification times independent of the number of authenticated CIAs. Hence, A-PoA introduces the missing building block to develop SSIM-capable and VC-compatible ecosystems acting as a drop-in replacement for traditional Public Key Infrastructure schemes.
AB - Self-sovereign Identity Management (SSIM) pro-motes self-control of credentials without relying on external administration. However, the state-of-the-art SSIM based on Decentralized Identifiers and Verifiable Credentials (VCs) defined by the World Wide Web Consortium does not enable credential holders to verify whether a Credential Issuing Authority (CIA) legitimately issued a credential.As a remedy, our work constructs a secure authentication protocol, called A-PoA, to provide decentralized and anonymous authorization of CIAs. We leverage a cryptographic accumulator to enable the Root Authority (registering a Credential Schema) with the ability to authorize a CIA (registering a Credential Definition) to issue a credential. The proof of accumulator membership relies on a non-interactive zero-knowledge proof. This allows a credential holder or validator node to verify the validity of a CIA, while the CIA remains anonymous. Our security analysis shows the integrity and confidentiality of our protocol against hostile network participants and our experimental evaluation shows constant verification times independent of the number of authenticated CIAs. Hence, A-PoA introduces the missing building block to develop SSIM-capable and VC-compatible ecosystems acting as a drop-in replacement for traditional Public Key Infrastructure schemes.
KW - Anonymous Credentials
KW - Authentication
KW - Authorization
KW - Identity Trust Management
KW - Non-interactive Zero-Knowledge Proof
KW - RSA-Accumulators
KW - Verifiable Credentials
UR - http://www.scopus.com/inward/record.url?scp=85114517699&partnerID=8YFLogxK
U2 - 10.1109/ICBC51069.2021.9461082
DO - 10.1109/ICBC51069.2021.9461082
M3 - Conference contribution
AN - SCOPUS:85114517699
T3 - IEEE International Conference on Blockchain and Cryptocurrency, ICBC 2021
BT - IEEE International Conference on Blockchain and Cryptocurrency, ICBC 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 3 May 2021 through 6 May 2021
ER -