Decentralized identity mechanisms endeavor to endow users with complete sovereignty over their digital assets within the Web3 ecosystem. Unfortunately, this benefit frequently comes at the expense of users' credential and identity privacy. Additionally, existing schemes fail to resist Sybil attacks that have long plagued Web3, and lack reasonable key recovery mechanisms to regain control of digital assets after loss. In this work, we propose LinkDID, a privacy-preserving, Sybil-resistant, and key-recoverable decentralized identity scheme that supports selective disclosure of credentials for arbitrary predicates while maintaining privacy for credentials and identities. Through an identifier association mechanism, LinkDID can privately and forcibly aggregate users' identifiers, providing Sybil resistance without relying on any external data or collateral from benign users. To enable key recovery, LinkDID permits users to establish proofs of ownership for identifiers with lost keys and request an update of corresponding keys from the decentralized ledger. We provide a detailed theoretical analysis and security proofs of LinkDID, along with an exhaustive performance evaluation that shows its ability to complete interactions in less than 10 seconds on consumer-grade devices.

翻译：去中心化身份机制旨在赋予用户在Web3生态系统中对其数字资产的完全主权。然而，这一优势往往以牺牲用户的凭证和身份隐私为代价。此外，现有方案无法抵御长期困扰Web3的女巫攻击，且缺乏合理的密钥恢复机制以在资产丢失后重新获得控制权。本文提出LinkDID——一种保护隐私、抗女巫攻击且支持密钥恢复的去中心化身份方案，该方案支持针对任意谓词的选择性凭证披露，同时保障凭证与身份的隐私性。通过标识符关联机制，LinkDID能够以隐私方式强制聚合用户的标识符，在不依赖任何外部数据或良性用户抵押的情况下实现抗女巫攻击。为实现密钥恢复，LinkDID允许用户为丢失密钥的标识符建立所有权证明，并向去中心化账本请求更新对应密钥。我们提供了LinkDID的详细理论分析与安全性证明，并通过详尽的性能评估表明，该方案能在消费级设备上于10秒内完成交互。