Self Sovereign Identity (SSI) is an emerging identity system that facilitates secure credential issuance and verification without placing trust in any centralised authority. To bypass central trust, most SSI implementations place blockchain as a trusted mediator by placing credential transactions on-chain. Yet, existing SSI platforms face trust issues as all credential issuers in SSI are not supported with adequate trust. Current SSI solutions provide trust support to the officiated issuers (e.g., government agencies), who must follow a precise process to assess their credentials. However, there is no structured trust support for individuals of SSI who may attempt to issue a credential (e.g., letter of consent) in the context of business processes. Therefore, some risk-averse verifiers in the system may not accept the credentials from individual issuers to avoid carrying the cost of mishaps from potentially inadmissible credentials without reliance on a trusted agency. This paper proposes a trust propagation protocol that supports individual users to be trusted as verifiable issuers in the SSI platform by establishing a trust propagation credential template in the blockchain. Our approach utilises (i) the sanitizable signature scheme to propagate the required trust to an individual issuer, (ii) a voting mechanism to minimises the possibility of collusion. Our implementation demonstrates that the solution is both practical and performs well under varying system loads.

翻译：自主身份（SSI）是一种新兴的身份系统，可促进安全的凭证签发与验证，且无需依赖任何中心化权威机构。为规避中心化信任，大多数SSI实现将区块链作为可信中介，将凭证交易上链存储。然而，现有SSI平台面临信任问题——并非所有凭证发行者都能获得充分信任支持。当前SSI解决方案为官方发行者（如政府机构）提供信任支撑，这些机构必须遵循精确流程来评估其凭证。但对于在业务流程中尝试签发凭证（如同意函）的SSI个人用户，目前缺乏结构化的信任支持。因此，系统中规避风险的验证者可能拒绝接受个人发行者的凭证，以避免在无可信机构依赖的情况下，因潜在不可接受凭证引发的风险成本。本文提出一种信任传播协议，通过在区块链上建立信任传播凭证模板，支持个人用户成为SSI平台中可信的可验证发行者。该方案采用：（i）可净化签名机制向个人发行者传播所需信任，（ii）投票机制最小化共谋可能性。实验表明，该方案具有实际可行性，且在不同系统负载下均表现良好。