New Approach to Digital Identity Security Introduced
/ 4 min read
Quick take - Eysa Lee and Anna Lysyanskaya from Brown University have published a paper introducing a multi-holder anonymous credential scheme that enhances digital identity security in response to the eIDAS 2.0 regulation, allowing users to prove identity claims while maintaining privacy and preventing tracking through a collaborative, threshold-based approach.
Fast Facts
- The paper “Multi-Holder Anonymous Credentials from BBS Signatures” by Eysa Lee and Anna Lysyanskaya introduces a new approach to digital identity security in response to the eIDAS 2.0 regulation, which mandates unlinkable credentials for user privacy.
- The proposed multi-holder anonymous credential scheme (MHAC) allows users to prove identity claims without revealing their identity, preventing tracking of credential usage by dividing credentials into shares assigned to different holders.
- The scheme employs a threshold presentation protocol requiring cooperation among multiple holders, enhancing security features such as unforgeability, identifiable abort, and unlinkability.
- Built on efficient BBS signatures, the MHAC scheme integrates with existing systems and significantly improves decentralized identity systems by distributing credential shares, thus mitigating identity theft and insider threats.
- The implementation of MHAC supports secure cross-border transactions and simplifies multi-factor authentication (MFA), advancing the secure management of digital identities while addressing privacy and cyber threat challenges.
Multi-Holder Anonymous Credentials from BBS Signatures
A recent paper titled “Multi-Holder Anonymous Credentials from BBS Signatures” has been published by Eysa Lee and Anna Lysyanskaya from Brown University. The paper introduces a new approach to enhancing digital identity security in response to recent legislative changes, particularly the enactment of the eIDAS 2.0 regulation.
Enhancing Digital Identity Security
The eIDAS 2.0 regulation aims to create interoperable digital identities for European citizens, with a critical requirement that credentials must remain unlinkable to protect user privacy. The proposed multi-holder anonymous credential scheme (MHAC) allows users to prove identity claims without disclosing their identity, while also preventing the tracking of credential usage.
The scheme divides credentials into shares, assigning each share to different authentication factors or holders. The credential presentation process uses a threshold presentation protocol, requiring the cooperation of multiple holders to ensure security and privacy. The security framework of the MHAC scheme includes properties such as unforgeability, identifiable abort, and unlinkability.
Key Features of the MHAC Scheme
Unforgeability ensures that an adversary cannot present a credential without controlling at least a threshold number of shares. The identifiable abort feature adds accountability by identifying malicious participants who attempt to manipulate credential presentations. Unlinkability ensures that secret identity attributes remain undisclosed, even if adversaries control some authentication factors.
The MHAC scheme is built upon BBS (Boneh-Boyen-Shacham) signatures, which are efficient and compatible with existing single-holder anonymous credentials. The collaborative nature of credential issuance and presentation allows holders to generate a credential presentation that aligns with traditional BBS credential presentations, facilitating integration with current systems.
Implications for Digital Interactions
The paper includes a comprehensive security analysis demonstrating that the MHAC scheme fulfills critical properties such as correctness and resilience against attacks. By distributing credential shares across multiple devices, the MHAC approach significantly enhances security against identity theft, requiring multiple compromises for successful misuse. It also mitigates insider threats, as no single holder can independently present the credential.
The implementation of anonymous credentials is poised to enhance privacy in digital interactions, reducing the risks associated with surveillance and data profiling. Additionally, the scheme supports secure cross-border transactions, aligning with eIDAS 2.0 to ensure secure and anonymous digital credentials. The threshold-based approach of the MHAC scheme increases resilience, ensuring that credentials remain secure even if some holders are compromised or if a device is lost.
This flexibility allows remaining holders to generate valid presentations, maintaining the integrity of the credential system. The MHAC scheme can significantly improve decentralized identity systems, allowing users to maintain control over their personal information while addressing challenges related to privacy, identity theft, and cyber threats. The cryptographic properties of the MHAC method provide robust protection against advanced threats, including those posed by well-funded adversaries. By facilitating secure multi-factor authentication (MFA) through holder cooperation, the scheme simplifies the user experience and advances the secure management of digital identities.
Original Source: Read the Full Article Here
