Decentralized identity frameworks grant users full sovereignty over their digital assets in the Web3 ecosystem. However, allowing arbitrary creation of identifiers makes the system susceptible to Sybil attacks and puts assets at risk when keys are lost or compromised. Moreover, the lack of identification prevents anonymous credential schemes from deterring malicious transfers. While existing solutions attempt to address these issues by linking identifiers to entities through trusted intermediaries, these entities are not always accessible and require costly offline interactions. In this work, we introduce LinkDID, a decentralized identity scheme offering Sybil resistance, trustless key recovery, and nontransferable anonymous credentials. LinkDID creates blockchainbased bindings between identifiers and gradually combines identifiers belonging to the same holder into a unified associated identifier. As all identifiers within an association are presumed to belong to one individual, any fraudulent activity can be detected. The association grows larger as interactions increase, substantially reducing the likelihood of successful Sybil attacks. This mechanism allows holders to recover identifiers with lost or stolen keys by proving knowledge of specific association structures. Additionally, LinkDID prevents unauthorized transfers through blockchain-based identifier-key bindings and proofs of ownership for credentials. The evaluation shows that LinkDID effectively achieves progressive Sybil resistance while surpassing state-of-the-art anonymous credential schemes, achieving identifier association and credential presentation times of 2.41s and 3.31s on consumer-grade devices.
翻译:去中心化身份框架赋予用户在Web3生态系统中对其数字资产的完全主权。然而,允许任意创建标识符使系统易受女巫攻击,并在密钥丢失或泄露时使资产面临风险。此外,缺乏身份识别使得匿名凭证方案无法阻止恶意转移。现有解决方案试图通过可信中介将标识符与实体关联来解决这些问题,但这些中介并非总是可访问,且需要成本高昂的线下交互。本文中,我们提出LinkDID,一种具备抗女巫攻击、无需信任的密钥恢复以及不可转移匿名凭证功能的去中心化身份方案。LinkDID在区块链上建立标识符之间的绑定,并将属于同一持有者的标识符逐步合并为一个统一的关联标识符。由于关联内的所有标识符被假定属于同一主体,任何欺诈行为均可被检测。随着交互增加,关联规模不断扩大,从而显著降低女巫攻击成功的可能性。该机制允许持有者通过证明对特定关联结构的了解,来恢复密钥丢失或被盗的标识符。此外,LinkDID通过基于区块链的标识符-密钥绑定以及凭证所有权证明,防止未经授权的转移。评估结果表明,LinkDID有效实现了渐进式抗女巫攻击能力,同时超越了现有最先进的匿名凭证方案,在消费级设备上实现了2.41秒的标识符关联时间和3.31秒的凭证出示时间。