Ensuring privacy and protection from issuer corruption in digital identity systems is crucial. We propose a method for selective disclosure and privacy-preserving revocation of digital credentials using second-order Elliptic Curves and Boneh-Lynn-Shacham (BLS) signatures. We make holders able to present proofs of possession of selected credentials without disclosing them, and we protect their presentations from replay attacks. Revocations may be distributed among multiple revocation issuers using publicly verifiable secret sharing (PVSS) and activated only by configurable consensus, ensuring robust protection against issuer corruption. Our system's unique design enables extremely fast revocation checks, even with large revocation lists, leveraging optimized hash map lookups.
翻译:在数字身份系统中确保隐私并防范发行方腐败至关重要。本文提出一种利用二阶椭圆曲线与Boneh-Lynn-Shacham(BLS)签名实现数字凭证选择性披露与隐私保护撤销的方法。我们使持有者能够在不披露具体凭证内容的前提下,证明其拥有选定凭证的持有权,并保护其出示过程免受重放攻击。通过公开可验证秘密共享(PVSS)技术,撤销权限可分布式分配至多个撤销发行方,且仅当达成可配置共识时才被激活,从而确保对发行方腐败的强韧防护。本系统的独特设计借助优化的哈希映射查找机制,即使面对大规模撤销列表也能实现极速撤销验证。