Table of Contents
Fetching ...

Achieving Flexible and Secure Authentication with Strong Privacy in Decentralized Networks

Bin Xie, Rui Song, Xuyuan Cai

TL;DR

This paper tackles privacy-preserving authentication in decentralized networks by addressing the issuer identity leakage, rigid attribute schemas, and revocation weaknesses of prior issuer-hiding anonymous credential systems. It introduces IRAC, a flexible credential framework that unifies heterogeneous issuer attributes via vector commitments with padding, enabling issuer-hiding without a global static attribute set. A decentralized revocation mechanism lets holders prove non-revocation through gaps in issuer revocation lists, decoupling revocation from verifier policies and preserving issuer anonymity. Strong attribute hiding is achieved with zk-SNARKs and vector commitments, enabling predicate-based authentication with minimal attribute disclosure. Security analyses and practical benchmarks demonstrate IRAC's feasibility, with credential presentations finishing in about 1s in decentralized settings.

Abstract

Anonymous credentials (ACs) are a crucial cryptographic tool for privacy-preserving authentication in decentralized networks, allowing holders to prove eligibility without revealing their identity. However, a major limitation of standard ACs is the disclosure of the issuer's identity, which can leak sensitive contextual information about the holder. Issuer-hiding ACs address this by making a credential's origin indistinguishable among a set of approved issuers. Despite this advancement, existing solutions suffer from practical limitations that hinder their deployment in decentralized environments: unflexible credential models that restrict issuer and holder autonomy, flawed revocation mechanisms that compromise security, and weak attribute hiding that fails to meet data minimization principles. This paper introduces a new scheme called IRAC to overcome these challenges. We propose a flexible credential model that employs vector commitments with a padding strategy to unify credentials from heterogeneous issuers, enabling privacy-preserving authentication without enforcing a global static attribute set or verifier-defined policies. Furthermore, we design a secure decentralized revocation mechanism where holders prove non-revocation by demonstrating their credential's hash lies within a gap in the issuer's sorted revocation list, effectively decoupling revocation checks from verifier policies while maintaining issuer anonymity. IRAC also strengthens attribute hiding by utilizing zk-SNARKs and vector commitments, allowing holders to prove statements about their attributes without disclosing the attributes themselves or the credential structure. Security analysis and performance evaluations demonstrate its practical feasibility for decentralized networks, where presenting a credential can be finished in 1s.

Achieving Flexible and Secure Authentication with Strong Privacy in Decentralized Networks

TL;DR

This paper tackles privacy-preserving authentication in decentralized networks by addressing the issuer identity leakage, rigid attribute schemas, and revocation weaknesses of prior issuer-hiding anonymous credential systems. It introduces IRAC, a flexible credential framework that unifies heterogeneous issuer attributes via vector commitments with padding, enabling issuer-hiding without a global static attribute set. A decentralized revocation mechanism lets holders prove non-revocation through gaps in issuer revocation lists, decoupling revocation from verifier policies and preserving issuer anonymity. Strong attribute hiding is achieved with zk-SNARKs and vector commitments, enabling predicate-based authentication with minimal attribute disclosure. Security analyses and practical benchmarks demonstrate IRAC's feasibility, with credential presentations finishing in about 1s in decentralized settings.

Abstract

Anonymous credentials (ACs) are a crucial cryptographic tool for privacy-preserving authentication in decentralized networks, allowing holders to prove eligibility without revealing their identity. However, a major limitation of standard ACs is the disclosure of the issuer's identity, which can leak sensitive contextual information about the holder. Issuer-hiding ACs address this by making a credential's origin indistinguishable among a set of approved issuers. Despite this advancement, existing solutions suffer from practical limitations that hinder their deployment in decentralized environments: unflexible credential models that restrict issuer and holder autonomy, flawed revocation mechanisms that compromise security, and weak attribute hiding that fails to meet data minimization principles. This paper introduces a new scheme called IRAC to overcome these challenges. We propose a flexible credential model that employs vector commitments with a padding strategy to unify credentials from heterogeneous issuers, enabling privacy-preserving authentication without enforcing a global static attribute set or verifier-defined policies. Furthermore, we design a secure decentralized revocation mechanism where holders prove non-revocation by demonstrating their credential's hash lies within a gap in the issuer's sorted revocation list, effectively decoupling revocation checks from verifier policies while maintaining issuer anonymity. IRAC also strengthens attribute hiding by utilizing zk-SNARKs and vector commitments, allowing holders to prove statements about their attributes without disclosing the attributes themselves or the credential structure. Security analysis and performance evaluations demonstrate its practical feasibility for decentralized networks, where presenting a credential can be finished in 1s.
Paper Structure (26 sections, 2 theorems, 9 equations, 8 figures, 1 table)

This paper contains 26 sections, 2 theorems, 9 equations, 8 figures, 1 table.

Key Result

Theorem 1

If the signature scheme $\Sigma_\mathcal{I}\xspace$ is EUF-CMA secure, the vector commitment schemes satisfy the binding property, and the $\mathsf{zkSNARK}$ scheme $\Pi$ satisfies zero-knowledge and knowledge soundness, then IRAC satisfies unforgeability.

Figures (8)

  • Figure 1: Unflexible credential model (left) and our new credential model (right).
  • Figure 2: The EUF-CMA experiment for $\Sigma$.
  • Figure 3: The workflow of IRAC.
  • Figure 4: The oracles that the adversary can access during security experiments.
  • Figure 5: The games that capture the security properties of IRAC.
  • ...and 3 more figures

Theorems & Definitions (14)

  • Definition 1: EUF-CMA
  • Definition 2: Perfect Completeness
  • Definition 3: Knowledge Soundness
  • Definition 4: Succinctness
  • Definition 5: Zero-Knowledge
  • Definition 6: Correctness
  • Definition 7: Binding
  • Definition 8: IRAC
  • Definition 9: Unforgeability
  • Definition 10: Unlinkability
  • ...and 4 more