Decentralized identity mechanisms endeavor to endow users with complete sovereignty over their digital assets within the Web3 ecosystem. Unfortunately, this benefit frequently comes at the expense of users' credential and identity privacy. Additionally, existing schemes fail to resist Sybil attacks that have long plagued Web3, and lack reasonable key recovery mechanisms to regain control of digital assets after loss. In this work, we propose LinkDID, a privacy-preserving, Sybil-resistant, and key-recoverable decentralized identity scheme that supports selective disclosure of credentials for arbitrary predicates while maintaining privacy for credentials and identities. Through an identifier association mechanism, LinkDID can privately and forcibly aggregate users' identifiers, providing Sybil resistance without relying on any external data or collateral from benign users. To enable key recovery, LinkDID permits users to establish proofs of ownership for identifiers with lost keys and request an update of corresponding keys from the decentralized ledger. We provide a detailed theoretical analysis and security proofs of LinkDID, along with an exhaustive performance evaluation that shows its ability to complete interactions in less than 10 seconds on consumer-grade devices.

翻译：去中心化身份机制致力于在Web3生态中赋予用户对其数字资产的完全主权。然而，这一优势往往以牺牲用户的凭证和身份隐私为代价。此外，现有方案难以抵御长期困扰Web3的女巫攻击，且缺乏合理的密钥恢复机制以在密钥丢失后重新获得数字资产的控制权。针对这些问题，本文提出LinkDID——一种兼具隐私保护、抗女巫攻击和密钥恢复能力的去中心化身份方案。该方案支持针对任意谓词的凭证选择性披露，同时保障凭证与身份的隐私性。通过一种标识符关联机制，LinkDID能够以隐私保护的方式强制聚合用户标识符，实现无需依赖任何外部数据或良性用户抵押物的抗女巫攻击能力。在密钥恢复方面，LinkDID允许用户为丢失密钥的标识符建立所有权证明，并从去中心化账本请求相应密钥的更新。本文提供了LinkDID的详细理论分析与安全性证明，并通过全面的性能评估证明其在普通消费级设备上可在10秒内完成交互流程。