Table of Contents
Fetching ...

Multiparty Selective Disclosure using Attribute-Based Encryption

Shigenori Ohashi

TL;DR

The paper addresses the privacy and flexibility gap in SD-JWT by integrating Ciphertext-Policy Attribute-Based Encryption (CP-ABE). It introduces a three-party workflow (Issuer, Holder, Verifier) where Disclosures within an SD-JWT are CP-ABE-encrypted with per-disclosure decryption policies, and a Key Binding JWT is used to ensure integrity and facilitate policy-based decryption. Feasibility is demonstrated in a virtualized environment, revealing that SD-JWT generation remains lightweight while ABE-based encryption/decryption scale roughly linearly with the number of Disclosures, raising considerations for real-time and resource-constrained settings. The approach shows promise for privacy-preserving, fine-grained access control across healthcare, financial services, and supply chain scenarios, though optimization and scalability enhancements are needed for deployment in IoT and large-scale systems.

Abstract

This study proposes a mechanism for encrypting SD-JWT (Selective Disclosure JSON Web Token) Disclosures using Attribute-Based Encryption (ABE) to enable flexible access control on the basis of the Verifier's attributes. By integrating Ciphertext-Policy ABE (CP-ABE) into the existing SD-JWT framework, the Holder can assign decryption policies to Disclosures, ensuring information is selectively disclosed. The mechanism's feasibility was evaluated in a virtualized environment by measuring the processing times for SD-JWT generation, encryption, and decryption with varying Disclosure counts (5, 10, 20). Results showed that SD-JWT generation is lightweight, while encryption and decryption times increase linearly with the number of Disclosures. This approach is suitable for privacy-sensitive applications like healthcare, finance, and supply chain tracking but requires optimization for real-time use cases such as IoT. Future research should focus on improving ABE efficiency and addressing scalability challenges.

Multiparty Selective Disclosure using Attribute-Based Encryption

TL;DR

The paper addresses the privacy and flexibility gap in SD-JWT by integrating Ciphertext-Policy Attribute-Based Encryption (CP-ABE). It introduces a three-party workflow (Issuer, Holder, Verifier) where Disclosures within an SD-JWT are CP-ABE-encrypted with per-disclosure decryption policies, and a Key Binding JWT is used to ensure integrity and facilitate policy-based decryption. Feasibility is demonstrated in a virtualized environment, revealing that SD-JWT generation remains lightweight while ABE-based encryption/decryption scale roughly linearly with the number of Disclosures, raising considerations for real-time and resource-constrained settings. The approach shows promise for privacy-preserving, fine-grained access control across healthcare, financial services, and supply chain scenarios, though optimization and scalability enhancements are needed for deployment in IoT and large-scale systems.

Abstract

This study proposes a mechanism for encrypting SD-JWT (Selective Disclosure JSON Web Token) Disclosures using Attribute-Based Encryption (ABE) to enable flexible access control on the basis of the Verifier's attributes. By integrating Ciphertext-Policy ABE (CP-ABE) into the existing SD-JWT framework, the Holder can assign decryption policies to Disclosures, ensuring information is selectively disclosed. The mechanism's feasibility was evaluated in a virtualized environment by measuring the processing times for SD-JWT generation, encryption, and decryption with varying Disclosure counts (5, 10, 20). Results showed that SD-JWT generation is lightweight, while encryption and decryption times increase linearly with the number of Disclosures. This approach is suitable for privacy-sensitive applications like healthcare, finance, and supply chain tracking but requires optimization for real-time use cases such as IoT. Future research should focus on improving ABE efficiency and addressing scalability challenges.
Paper Structure (14 sections, 1 figure, 1 table)