FORT: Right-proving and Attribute-blinding Self-sovereign Authentication

TL;DR

FORT is a decentralized authentication system that uses blockchain, NFTs, and zero-knowledge proofs to enable users to prove service rights without revealing sensitive information, enhancing privacy and decentralization.

Contribution

The paper introduces FORT, a novel decentralized authentication protocol utilizing blockchain and cryptographic primitives for privacy-preserving proof of rights.

Findings

Efficient protocol suitable for low-resource devices.

Uses NFTs to uniquely identify user rights.

Ensures user privacy with zero-knowledge proofs.

Abstract

Nowadays, there is a plethora of services that are provided and paid for online, like video streaming subscriptions, car or parking sharing, purchasing tickets for events, etc. Online services usually issue tokens directly related to the identities of their users after signing up into their platform, and the users need to authenticate using the same credentials each time they are willing to use the service. Likewise, when using in-person services like going to a concert, after paying for this service the user usually gets a ticket which proves that he/she has the right to use that service. In both scenarios, the main concerns are the centralization of the systems, and that they do not ensure customers' privacy. The involved Service Providers are Trusted Third Parties, authorities that offer services and handle private data about users. In this paper, we design and implement FORT, a decentralized system that allows customers to prove their right to use specific services (either online or in-person) without revealing sensitive information. To achieve decentralization we propose a solution where all the data is handled by a Blockchain. We describe and uniquely identify users' rights using Non-Fungible Tokens (NFTs), and possession of these rights is demonstrated by using Zero-Knowledge Proofs, cryptographic primitives that allow us to guarantee customers' privacy. Furthermore, we provide benchmarks of FORT which show that our protocol is efficient enough to be used in devices with low computing resources, like smartphones or smartwatches, which are the kind of devices commonly used in our use case scenario.