As digital identity gains increasing importance, current centralized digital identity systems face significant limitations. Recent years have seen a shift towards decentralized and self-sovereign identity models, underpinned by verifiable credentials and cryptographic signatures. A critical challenge in these systems is credential revocation, presenting unique issues absent in centralized systems. In this context, blockchain (BC) systems offer a viable support for implementing revocation mechanisms without compromising the advantages of decentralized identity. However, they introduce storage and cost challenges. This work proposes a credential revocation approach utilizing a Merkle tree-based accumulator. Our accumulator enables a trade-off between anonymity and proof complexity, offers resistance to credential tracking, and relies solely on hash function collision resistance, making it quantum-safe. Additionally, we have integrated the accumulator within a broader identity management library and reported its performance on standard hardware.
An Untraceable Credential Revocation Approach Based on a Novel Merkle Tree Accumulator
Sitouah, Nacereddine;Bruschi, Francesco;Mencucci, Riccardo;Sciuto, Donatella
2024-01-01
Abstract
As digital identity gains increasing importance, current centralized digital identity systems face significant limitations. Recent years have seen a shift towards decentralized and self-sovereign identity models, underpinned by verifiable credentials and cryptographic signatures. A critical challenge in these systems is credential revocation, presenting unique issues absent in centralized systems. In this context, blockchain (BC) systems offer a viable support for implementing revocation mechanisms without compromising the advantages of decentralized identity. However, they introduce storage and cost challenges. This work proposes a credential revocation approach utilizing a Merkle tree-based accumulator. Our accumulator enables a trade-off between anonymity and proof complexity, offers resistance to credential tracking, and relies solely on hash function collision resistance, making it quantum-safe. Additionally, we have integrated the accumulator within a broader identity management library and reported its performance on standard hardware.| File | Dimensione | Formato | |
|---|---|---|---|
|
Merkle_tree_accumulator_for_VC_revocation_.pdf
Accesso riservato
:
Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione
206.7 kB
Formato
Adobe PDF
|
206.7 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
