Redactable Signature Schemes and Zero-knowledge Proofs: A comparative examination for applications in Decentralized Digital Identity Systems

Redactable Signature Schemes and Zero-Knowledge Proofs are two radically different approaches to enable privacy. This paper analyses their merits and drawbacks when applied to decentralized identity system. Redactable Signatures, though competitively quick and compact, are not as expressive as zero-knowledge proofs and do not provide the same level of privacy. On the other hand, zero-knowledge proofs can be much faster but some protocols require a trusted set-up. We conclude that given the benefits and drawbacks, redactable signatures are more appropriate at an earlier stage and zero-knowledge proofs are more appropriate at a later stage for decentralized identity systemsComment: 9 Pages, Trustworthy digital identity international conference 202

On the efficiency of revocation in RSA-based anonymous systems

© 2016 IEEEThe problem of revocation in anonymous authentication systems is subtle and has motivated a lot of work. One of the preferable solutions consists in maintaining either a whitelist L-W of non-revoked users or a blacklist L-B of revoked users, and then requiring users to additionally prove, when authenticating themselves, that they are in L-W (membership proof) or that they are not in L-B (non-membership proof). Of course, these additional proofs must not break the anonymity properties of the system, so they must be zero-knowledge proofs, revealing nothing about the identity of the users. In this paper, we focus on the RSA-based setting, and we consider the case of non-membership proofs to blacklists L = L-B. The existing solutions for this setting rely on the use of universal dynamic accumulators; the underlying zero-knowledge proofs are bit complicated, and thus their efficiency; although being independent from the size of the blacklist L, seems to be improvable. Peng and Bao already tried to propose simpler and more efficient zero-knowledge proofs for this setting, but we prove in this paper that their protocol is not secure. We fix the problem by designing a new protocol, and formally proving its security properties. We then compare the efficiency of the new zero-knowledge non-membership protocol with that of the protocol, when they are integrated with anonymous authentication systems based on RSA (notably, the IBM product Idemix for anonymous credentials). We discuss for which values of the size k of the blacklist L, one protocol is preferable to the other one, and we propose different ways to combine and implement the two protocols.Postprint (author's final draft

An investigation into graph isomorphism based zero-knowledge proofs.

Zero-knowledge proofs protocols are effective interactive methods to prove a node's identity without disclosing any additional information other than the veracity of the proof. They are implementable in several ways. In this thesis, I investigate the graph isomorphism based zero-knowledge proofs protocol. My experiments and analyses suggest that graph isomorphism can easily be solved for many types of graphs and hence is not an ideal solution for implementing ZKP

zkFaith: Soonami's Zero-Knowledge Identity Protocol

Individuals are encouraged to prove their eligibility to access specific services regularly. However, providing various organizations with personal data spreads sensitive information and endangers people's privacy. Hence, privacy-preserving identification systems that enable individuals to prove they are permitted to use specific services are required to fill the gap. Cryptographic techniques are deployed to construct identity proofs across the internet; nonetheless, they do not offer complete control over personal data or prevent users from forging and submitting fake data. In this paper, we design a privacy-preserving identity protocol called "zkFaith." A new approach to obtain a verified zero-knowledge identity unique to each individual. The protocol verifies the integrity of the documents provided by the individuals and issues a zero-knowledge-based id without revealing any information to the authenticator or verifier. The zkFaith leverages an aggregated version of the Camenisch-Lysyanskaya (CL) signature scheme to sign the user's commitment to the verified personal data. Then the users with a zero-knowledge proof system can prove that they own the required attributes of the access criterion of the requested service providers. Vector commitment and their position binding property enables us to, later on, update the commitments based on the modification of the personal data; hence update the issued zkFaith id with no requirement of initiating the protocol from scratch. We show that the design and implementation of the zkFaith with the generated proofs in real-world scenarios are scalable and comparable with the state-of-the-art schemes

Recent Advances and Success of Zero-Knowledge Security Protocols

How someone can get health insurance without sharing his health infor-mation? How you can get a loan without disclosing your credit score? There is a method to certify certain attributes of various data, either this is health metrics or finance information, without revealing the data itself or any other kind of personal data. This method is known as “zero-knowledge proofs”. Zero-Knowledge techniques are mathematical methods used to verify things without sharing or revealing underlying data. Zero-Knowledge protocols have vast applications from simple identity schemes and blockchains to de-fense research programs and nuclear arms control. In this article we present the basic principles behind ZKP technology, possible applications and the threats and vulnerabilities that it is subject to and we review proposed securi-ty solutions

Preserving Privacy: How Governments and Digital Services Can Harness Zero-Knowledge Proofs for Secure Identification

Amidst rapid technological advancement and digital transformation, ensuring privacy and data security is paramount. Governments and digital service providers face the challenge of establishing secure identification systems that protect individuals' personal information while enabling reliable authentication and seamless user experiences. Traditional identification methods often require individuals to disclose sensitive personal information, leading to privacy risks and potential data breaches. Zero-knowledge proofs (ZKPs) have emerged as a promising solution to address these concerns. By leveraging ZKPs, individuals can authenticate their identities or assert specific attributes without revealing sensitive data. This approach holds great potential for preserving privacy while enabling efficient and trustworthy verification processes. This paper explored ZKPs and how governments and digital service providers can utilize this technology to achieve secure identification while upholding privacy. A key focus was prototyping a secure identification protocol using ZKPs. Through practical implementation, this research aimed to demonstrate the reliability and effectiveness of ZKPs in real-world scenarios. Keywords: zero-knowledge proofs, privacy, digital identity, governments, digital services. DOI: 10.7176/ISDE/13-2-06 Publication date:September 30th 202

PECO: methods to enhance the privacy of DECO protocol

The DECentralized Oracle (DECO) protocol enables the verifiable provenance of data from Transport Layer Security (TLS) connections through secure two-party computation and zero-knowledge proofs. In this paper, we present PECO, an extension of DECO that enhances privacy features through the integration of two new private three-party handshake protocols (P3P-HS). PECO allows any web user to prove to a verifier the properties of data from TLS connections without disclosing the identity of the servers. Like DECO\u27s three-party handshake protocol, PECO\u27s P3P-HS methods do not require any changes on the server side. PECO offers two options: one that provides $k-$anonymity for the server\u27s identity, and another that completely masks the server\u27s identity from the verifier. PECO is based on three main protocols: (a) commit-and-proof zero-knowledge proofs (CP-ZKP) that enable the proof of relations under committed values in zero-knowledge, (b) verification of Elliptic Curve Digital Signature Algorithm (ECDSA) signatures under a committed public key without revealing the key (zkAttest), and (c) a proof of membership to verify that a committed key belongs to a set of keys. We estimate the performance of both P3P-HS protocols and compare it to TLS timeout using state-of-the-art implementations