Towards Privacy-Preserving Revocation of Verifiable Credentials with Time-Flexibility

TL;DR

This paper addresses privacy-preserving revocation of verifiable credentials in Self-Sovereign Identity settings, focusing on the EU EUDI wallet use case. It proposes an encryption-enforced, time-flexible revocation mechanism based on Anonymous Hierarchical Identity-Based Encryption (AHIBE) that restricts verifier access to holders’ temporal authorizations, while ensuring untraceability for both Verifier and Issuer. The authors present a daily revocation structure using PRNG-derived digests and AHIBE-identified keys, analyze security against honest-but-curious adversaries, and discuss how their approach improves scalability, reduces Holder-side bandwidth, and enables time-flexible verification and censorship resistance. They also compare against existing approaches (RIL, OSP, VSL, STA, OSA) and outline future work including formal security proofs and a proof-of-concept implementation.

Abstract

Self-Sovereign Identity (SSI) is an emerging paradigm for authentication and credential presentation that aims to give users control over their data and prevent any kind of tracking by (even trusted) third parties. In the European Union, the EUDI Digital Identity wallet is about to become a concrete implementation of this paradigm. However, a debate is still ongoing, partially reflecting some aspects that are not yet consolidated in the scientific state of the art. Among these, an effective, efficient, and privacy-preserving implementation of verifiable credential revocation remains a subject of discussion. In this work-in-progress paper, we propose the basis of a novel method that customizes the use of anonymous hierarchical identity-based encryption to restrict the Verifier access to the temporal authorizations granted by the Holder. This way, the Issuer cannot track the Holder's credential presentations, and the Verifier cannot check revocation information beyond what is permitted by the Holder.