Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PRETTINESS -- Privacy pResErving aTTrIbute maNagEment SyStem

Jelizaveta Vakarjuk, Alisa Pankova

Abstract

European Digital Identity (EUDI) Wallet aims to provide end users with a way to get attested credentials from issuers, and present them to different relying parties. An important property mentioned in the regulatory frameworks is the possibility to revoke a previously issued credential. While it is possible to issue a short-lived credential, in some cases it may be inconvenient, and a separate revocation service which allows to revoke a credential at any time may be necessary. In this work, we propose a full end-to-end description of a generic credential revocation system, which technically relies on a single server and secure transmission channels between parties. We prove security of the proposed revocation functionality in the universal composability model, and estimate its efficiency based on a proof-of-concept implementation.

PRETTINESS -- Privacy pResErving aTTrIbute maNagEment SyStem

Abstract

European Digital Identity (EUDI) Wallet aims to provide end users with a way to get attested credentials from issuers, and present them to different relying parties. An important property mentioned in the regulatory frameworks is the possibility to revoke a previously issued credential. While it is possible to issue a short-lived credential, in some cases it may be inconvenient, and a separate revocation service which allows to revoke a credential at any time may be necessary. In this work, we propose a full end-to-end description of a generic credential revocation system, which technically relies on a single server and secure transmission channels between parties. We prove security of the proposed revocation functionality in the universal composability model, and estimate its efficiency based on a proof-of-concept implementation.
Paper Structure (57 sections, 3 theorems, 1 equation, 19 figures, 10 tables)

This paper contains 57 sections, 3 theorems, 1 equation, 19 figures, 10 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Related work
  4. System requirements
  5. Participants and Threat model
  6. Covert Adversary
  7. Universal Composability
  8. Building Blocks
  9. Signing functionality
  10. Threshold decryption
  11. Revocation mechanism
  12. Attribute management system
  13. Ideal functionality
  14. Properties of $\mathcal{F}_{\textsf{ideal}}$.
  15. The protocol set
  16. ...and 42 more sections

Key Result

theorem 1

An adversary $\adv$ and an environment $\mathcal{Z}$ running in parallel with $\mathcal{F}_{\textsf{ideal}}$, are not able to make a relying party accept an output $(\mathsf{verify\text{-}resp},\mathsf{sid},(\mathsf{pres},\mathsf{ch}),1)$ if there is no $\mathsf{cred}=(\_,\_,\mathsf{cID},\_,\_) \in

Figures (19)

  • Figure 1: The signing functionality $\mathcal{F}_{\textsf{sign}}$
  • Figure 2: Ideal functionality $\mathcal{F}_{\textsf{ideal}}$ (Part 1)
  • Figure 3: Ideal functionality $\mathcal{F}_{\textsf{ideal}}$ (Part 2)
  • Figure 4: Initialisation protocol (User, $\mathsf{ST}$)
  • Figure 5: Issuing protocol (User, $\mathsf{ST}$)
  • ...and 14 more figures

Theorems & Definitions (6)

  • definition 1: covertly corrupted AMS
  • theorem 1
  • proof
  • theorem 2
  • proof
  • theorem 3