PRETTINESS -- Privacy pResErving aTTrIbute maNagEment SyStem
Jelizaveta Vakarjuk, Alisa Pankova
TL;DR
This paper presents a secure, efficient, and practical credential revocation system for digital identity wallets, ensuring privacy and regulatory compliance through a universal composability proof and a prototype implementation.
Contribution
It introduces a novel end-to-end credential revocation system relying on a single server, with formal security proof and efficiency evaluation.
Findings
Security of the revocation system is proven in the universal composability model.
The system is efficient based on a proof-of-concept implementation.
The approach supports privacy-preserving credential management in digital identity wallets.
Abstract
European Digital Identity (EUDI) Wallet aims to provide end users with a way to get attested credentials from issuers, and present them to different relying parties. An important property mentioned in the regulatory frameworks is the possibility to revoke a previously issued credential. While it is possible to issue a short-lived credential, in some cases it may be inconvenient, and a separate revocation service which allows to revoke a credential at any time may be necessary. In this work, we propose a full end-to-end description of a generic credential revocation system, which technically relies on a single server and secure transmission channels between parties. We prove security of the proposed revocation functionality in the universal composability model, and estimate its efficiency based on a proof-of-concept implementation.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptography and Data Security · Access Control and Trust · Blockchain Technology Applications and Security