License: Creative Commons Attribution 4.0 International license (CC BY 4.0)
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.OPODIS.2022.9
URN: urn:nbn:de:0030-drops-176294
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2023/17629/
Go to the corresponding LIPIcs Volume Portal

Saramago, Rodrigo Q. ; Meling, Hein ; Jehl, Leander N.

A Privacy-Preserving and Transparent Certification System for Digital Credentials

pdf-format:
LIPIcs-OPODIS-2022-9.pdf (1 MB)

Abstract

A certification system is responsible for issuing digital credentials, which attest claims about a subject, e.g., an academic diploma. Such credentials are valuable for individuals and society, and widespread adoption requires a trusted certification system. Trust can be gained by being transparent when issuing and verifying digital credentials. However, there is a fundamental tradeoff between privacy and transparency. For instance, admitting a student to an academic program must preserve the student’s privacy, i.e., the student’s grades must not be revealed to unauthorized parties. At the same time, other applicants may demand transparency to ensure fairness in the admission process. Thus, building a certification system with the right balance between privacy and transparency is challenging.
This paper proposes a novel design for a certification system that provides sufficient transparency and preserves privacy through selective disclosure of claims such that authorized parties can verify them. Moreover, unauthorized parties can also verify the correctness of the certification process without compromising privacy. We achieve this using an incremental Merkle tree of cryptographic commitments to users' credentials. The commitments are added to the tree based on verifying zero-knowledge issuance proofs. Users store credentials off-chain and can prove the ownership and authenticity of credentials without revealing their commitments. Further, our approach enables users to prove statements about the credential’s claims in zero-knowledge. Our design offers a cost-efficient solution, reducing the amount of linkable on-chain data by up to 79% per credential compared to prior work, while maintaining transparency.

BibTeX - Entry

@InProceedings{saramago_et_al:LIPIcs.OPODIS.2022.9,
  author =	{Saramago, Rodrigo Q. and Meling, Hein and Jehl, Leander N.},
  title =	{{A Privacy-Preserving and Transparent Certification System for Digital Credentials}},
  booktitle =	{26th International Conference on Principles of Distributed Systems (OPODIS 2022)},
  pages =	{9:1--9:24},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-265-5},
  ISSN =	{1868-8969},
  year =	{2023},
  volume =	{253},
  editor =	{Hillel, Eshcar and Palmieri, Roberto and Rivi\`{e}re, Etienne},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/opus/volltexte/2023/17629},
  URN =		{urn:nbn:de:0030-drops-176294},
  doi =		{10.4230/LIPIcs.OPODIS.2022.9},
  annote =	{Keywords: verifiable credentials, privacy-preserving, zero-knowledge, blockchain}
}

Keywords: verifiable credentials, privacy-preserving, zero-knowledge, blockchain
Collection: 26th International Conference on Principles of Distributed Systems (OPODIS 2022)
Issue Date: 2023
Date of publication: 15.02.2023
Supplementary Material: Software (Source Code): https://github.com/r0qs/zkcertree archived at: https://archive.softwareheritage.org/swh:1:dir:491b29c170a47c1c5697bfe504075848d19a27bf

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI