Ensuring privacy and protection from issuer corruption in digital identity systems is crucial. We propose a method for selective disclosure and privacy-preserving revocation of digital credentials using second-order Elliptic Curves and Boneh-Lynn-Shacham (BLS) signatures. We make holders able to present proofs of possession of selected credentials without disclosing them, and we protect their presentations from replay attacks. Revocations may be distributed among multiple revocation issuers using publicly verifiable secret sharing (PVSS) and activated only by configurable consensus, ensuring robust protection against issuer corruption. Our system's unique design enables extremely fast revocation checks, even with large revocation lists, leveraging optimized hash map lookups.
翻译:在数字身份系统中确保隐私并防范发行方腐败至关重要。我们提出一种利用二阶椭圆曲线和Boneh-Lynn-Shacham(BLS)签名实现数字凭证选择性披露与隐私保护撤销的方法。该方法使持有者能够在不披露具体凭证内容的前提下证明其拥有特定凭证,并防止呈现过程遭受重放攻击。通过公开可验证秘密共享(PVSS)技术,撤销权限可分布式分配给多个撤销发行方,且仅当达成可配置共识时才激活撤销操作,从而有效防范发行方腐败。本系统的独特设计支持极速撤销验证——即使面对大规模撤销列表,仍可通过优化的哈希映射查找机制实现高效核查。