Today, digital identity management for individuals is either inconvenient and error-prone or creates undesirable lock-in effects and violates privacy and security expectations. These shortcomings inhibit the digital transformation in general and seem particularly concerning in the context of novel applications such as access control for decentralized autonomous organizations and identification in the Metaverse. Decentralized or self-sovereign identity (SSI) aims to offer a solution to this dilemma by empowering individuals to manage their digital identity through machine-verifiable attestations stored in a "digital wallet" application on their edge devices. However, when presented to a relying party, these attestations typically reveal more attributes than required and allow tracking end users' activities. Several academic works and practical solutions exist to reduce or avoid such excessive information disclosure, from simple selective disclosure to data-minimizing anonymous credentials based on zero-knowledge proofs (ZKPs). We first demonstrate that the SSI solutions that are currently built with anonymous credentials still lack essential features such as scalable revocation, certificate chaining, and integration with secure elements. We then argue that general-purpose ZKPs in the form of zk-SNARKs can appropriately address these pressing challenges. We describe our implementation and conduct performance tests on different edge devices to illustrate that the performance of zk-SNARK-based anonymous credentials is already practical. We also discuss further advantages that general-purpose ZKPs can easily provide for digital wallets, for instance, to create "designated verifier presentations" that facilitate new design options for digital identity infrastructures that previously were not accessible because of the threat of man-in-the-middle attacks.

翻译：当前，个人数字身份管理要么存在操作不便、易出错的问题，要么导致不良的锁定效应并违背隐私与安全预期。这些缺陷普遍阻碍数字化转型，在去中心化自治组织的访问控制、元宇宙身份识别等新型应用场景中尤为令人担忧。去中心化身份或自主主权身份（SSI）通过赋予个人在边缘设备"数字钱包"应用中存储机器可验证凭证，旨在解决这一困境。然而，当向依赖方出示这些凭证时，通常会暴露超出必要范围的属性，并允许追踪最终用户的活动。从简单的选择性披露到基于零知识证明（ZKP）的数据最小化匿名凭证，目前存在多项学术研究和实践方案来减少或避免此类过度信息披露。我们首先证明当前基于匿名凭证构建的SSI解决方案仍缺乏可扩展撤销、证书链、安全元件集成等关键功能，继而论证以zk-SNARK为代表的通用ZKP可有效应对这些紧迫挑战。通过在不同边缘设备上实施并开展性能测试，我们表明基于zk-SNARK的匿名凭证已具备实用性能。我们还探讨了通用ZKP能够为数字钱包提供的其他优势，例如创建"指定验证者展示"——这种设计为数字身份基础设施提供了先前因中间人攻击威胁而无法实现的新型设计选项。