Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Privacy-Preserving Authentication: Theory vs. Practice

Daniel Slamanig

TL;DR

The paper analyzes privacy-preserving authentication, arguing that current centralized identity solutions compromise privacy and data minimization. It surveys the theory of anonymous credentials, including dedicated constructions and generic approaches using zero-knowledge proofs, and scrutinizes practical implementations, standardization efforts, and deployment barriers. Using the EU Digital Identity Wallet as a focal case, it highlights privacy challenges such as issuer–verifier visibility and the need for stronger unlinkability. It also discusses post-quantum transition considerations and argues for cryptographic agility to enable scalable, privacy-preserving authentication in the near future.

Abstract

With the increasing use of online services, the protection of the privacy of users becomes more and more important. This is particularly critical as authentication and authorization as realized on the Internet nowadays, typically relies on centralized identity management solutions. Although those are very convenient from a user's perspective, they are quite intrusive from a privacy perspective and are currently far from implementing the concept of data minimization. Fortunately, cryptography offers exciting primitives such as zero-knowledge proofs and advanced signature schemes to realize various forms of so-called anonymous credentials. Such primitives allow to realize online authentication and authorization with a high level of built-in privacy protection (what we call privacy-preserving authentication). Though these primitives have already been researched for various decades and are well understood in the research community, unfortunately, they lack widespread adoption. In this paper, we look at the problems, what cryptography can do, some deployment examples, and barriers to widespread adoption. Latter using the example of the EU Digital Identity Wallet (EUDIW) and the recent discussion and feedback from cryptography experts around this topic. We also briefly comment on the transition to post-quantum cryptography.

Privacy-Preserving Authentication: Theory vs. Practice

TL;DR

The paper analyzes privacy-preserving authentication, arguing that current centralized identity solutions compromise privacy and data minimization. It surveys the theory of anonymous credentials, including dedicated constructions and generic approaches using zero-knowledge proofs, and scrutinizes practical implementations, standardization efforts, and deployment barriers. Using the EU Digital Identity Wallet as a focal case, it highlights privacy challenges such as issuer–verifier visibility and the need for stronger unlinkability. It also discusses post-quantum transition considerations and argues for cryptographic agility to enable scalable, privacy-preserving authentication in the near future.

Abstract

With the increasing use of online services, the protection of the privacy of users becomes more and more important. This is particularly critical as authentication and authorization as realized on the Internet nowadays, typically relies on centralized identity management solutions. Although those are very convenient from a user's perspective, they are quite intrusive from a privacy perspective and are currently far from implementing the concept of data minimization. Fortunately, cryptography offers exciting primitives such as zero-knowledge proofs and advanced signature schemes to realize various forms of so-called anonymous credentials. Such primitives allow to realize online authentication and authorization with a high level of built-in privacy protection (what we call privacy-preserving authentication). Though these primitives have already been researched for various decades and are well understood in the research community, unfortunately, they lack widespread adoption. In this paper, we look at the problems, what cryptography can do, some deployment examples, and barriers to widespread adoption. Latter using the example of the EU Digital Identity Wallet (EUDIW) and the recent discussion and feedback from cryptography experts around this topic. We also briefly comment on the transition to post-quantum cryptography.
Paper Structure (27 sections, 2 figures)

This paper contains 27 sections, 2 figures.

Table of Contents

  1. Introduction
  2. Traditional Authentication and Identity-Management
  3. Password-based Authentication
  4. Signature-based Authentication
  5. Single Sign-On
  6. Privacy Properties and Traditional Approaches
  7. Privacy Properties
  8. Selective Disclosure.
  9. Unlinkability.
  10. Discussion of Privacy in Traditional Approaches
  11. Anonymous Credentials: The Theory
  12. The Abstract Concept
  13. Anonymous Credentials and Distributed Ledger Technologies
  14. Features of Anonymous Credentials
  15. Construction Principles
  16. ...and 12 more sections

Figures (2)

  • Figure 1: Abstract concept of single sign-on.
  • Figure 2: Abstract concept of an anonymous credential system.