Enabling SSI-Compliant Use of EUDI Wallet Credentials through Trusted Execution Environment and Zero-Knowledge Proof

TL;DR

This paper proposes an architecture that leverages Trusted Execution Environments and Zero-Knowledge Proofs to enable European Digital Identity Wallet credentials to be used in a truly Self-Sovereign Identity manner, aligning with SSI principles.

Contribution

It introduces a novel architecture that makes EUDI Wallet credentials SSI-compliant by integrating Trusted Execution Environments and Zero-Knowledge Proofs, addressing current divergence from SSI principles.

Findings

Achieves SSI compliance for EUDI Wallet credentials.

Enhances privacy and control over digital identities.

Demonstrates feasibility through prototype implementation.

Abstract

The passing of the eIDAS amendment marks an important milestone for EU countries and changes how they must manage digital credentials for both public services and businesses. Italy has led in adopting eIDAS, first with CIE and SPID identity schemes, and now with the Italian Wallet (IO app) aligned to eIDAS 2.0. Self-Sovereign Identity (SSI) is a decentralized model born from the success of Distributed Ledgers, giving individuals full control over their digital identity. The current eIDAS 2.0 and its implementation acts diverge from SSI principles, rendering the European Digital Identity Wallet (EUDIW) centralized and merely user-centric, prioritizing security and legal protection over true self-sovereignty. This paper proposes an architecture that enables the use of IT Wallet credentials and services in an SSI-compliant environment through Trusted Execution Environments and Zero-Knowledge Proofs.