European Digital Identity (EUDI) Wallet aims to provide end users with a way to get attested credentials from issuers, and present them to different relying parties. An important property mentioned in the regulatory frameworks is the possibility to revoke a previously issued credential. While it is possible to issue a short-lived credential, in some cases it may be inconvenient, and a separate revocation service which allows to revoke a credential at any time may be necessary. In this work, we propose a full end-to-end description of a generic credential revocation system, which technically relies on a single server and secure transmission channels between parties. We prove security of the proposed revocation functionality in the universal composability model, and estimate its efficiency based on a proof-of-concept implementation.

翻译：欧洲数字身份（EUDI）钱包旨在为最终用户提供从签发机构获取经认证凭证，并将其呈现给不同依赖方的方式。监管框架中强调的一项重要特性是撤销先前签发凭证的可能性。虽然可以签发短期凭证，但在某些情况下这可能并不方便，因此可能需要一个独立的撤销服务，允许随时撤销凭证。本文提出了一种通用凭证撤销系统的完整端到端描述，该系统在技术上依赖单一服务器及各方之间的安全传输通道。我们证明了所提出的撤销功能在通用可组合模型中的安全性，并基于概念验证实现对其效率进行了评估。