Sybil-Resistant Self-Sovereign Identity Utilizing Attested Execution Secure Processors and Zero-Knowledge Membership Proofs
Increasing attention to digital identity and self-sovereign identity (SSI) is gaining momentum. SSI brings various benefits to natural persons, such as owning controls; conversely, digital identity systems in the real world require Sybil-resistance to comply with anti-money laundering (AML) and othe...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10852291/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832576779269701632 |
|---|---|
| author | Koichi Moriyama Akira Otsuka |
| author_facet | Koichi Moriyama Akira Otsuka |
| author_sort | Koichi Moriyama |
| collection | DOAJ |
| description | Increasing attention to digital identity and self-sovereign identity (SSI) is gaining momentum. SSI brings various benefits to natural persons, such as owning controls; conversely, digital identity systems in the real world require Sybil-resistance to comply with anti-money laundering (AML) and other needs. CanDID by Maram et al. proposed that decentralized digital identity systems may achieve Sybil-resistance and preserve privacy by utilizing multi-party computation (MPC), assuming a distributed committee of trusted nodes. Pass et al. proposed the formal abstraction of attested execution secure processors (AESPs) while equipping hardware-assisted security in mobile devices has become the norm. We first describe our proposal to utilize AESPs for building secure Sybil-resistant SSI systems, the architecture with a set of system protocols <inline-formula> <tex-math notation="LaTeX">$\Pi ^{{\mathcal {G}}_{\mathtt {att}}}$ </tex-math></inline-formula>, which brings drastic flexibility and efficiency compared to existing systems. In addition, we propose a novel scheme that enables users (holders) to request verifiers to verify their credentials without AESPs, and it further achieves unlinkability among credentials created for public verification. Our scheme introduces a simplified format for computed claims and commitment-based anonymous identifiers. We also describe a technique to utilize zero-knowledge membership proofs, in particular, “One-Out-of-Many Proofs” <inline-formula> <tex-math notation="LaTeX">$\Sigma $ </tex-math></inline-formula>-protocol by Groth and Kohlweiss, which can prove the existence of an expected credential without identifying it. Along with other techniques, such as utilizing the BBS+ signature scheme, we demonstrate how our scheme can achieve its goals with the extended anonymous and Sybil-resistant SSI system protocols <inline-formula> <tex-math notation="LaTeX">$\Pi ^{{\mathcal {G}}_{\mathtt {att}}+}$ </tex-math></inline-formula>. Entitling unlinkability among derived credentials in the anonymous Sybil-resistant SSI results in proper privacy preservation. |
| format | Article |
| id | doaj-art-b95cae53d60a490dbd4ad66c8efa9339 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-b95cae53d60a490dbd4ad66c8efa93392025-01-31T00:00:35ZengIEEEIEEE Access2169-35362025-01-0113179191794410.1109/ACCESS.2025.353387710852291Sybil-Resistant Self-Sovereign Identity Utilizing Attested Execution Secure Processors and Zero-Knowledge Membership ProofsKoichi Moriyama0https://orcid.org/0009-0008-6378-649XAkira Otsuka1https://orcid.org/0000-0001-6862-2576NTT DOCOMO, Inc., Tokyo, JapanInstitute of Information Security, Yokohama, JapanIncreasing attention to digital identity and self-sovereign identity (SSI) is gaining momentum. SSI brings various benefits to natural persons, such as owning controls; conversely, digital identity systems in the real world require Sybil-resistance to comply with anti-money laundering (AML) and other needs. CanDID by Maram et al. proposed that decentralized digital identity systems may achieve Sybil-resistance and preserve privacy by utilizing multi-party computation (MPC), assuming a distributed committee of trusted nodes. Pass et al. proposed the formal abstraction of attested execution secure processors (AESPs) while equipping hardware-assisted security in mobile devices has become the norm. We first describe our proposal to utilize AESPs for building secure Sybil-resistant SSI systems, the architecture with a set of system protocols <inline-formula> <tex-math notation="LaTeX">$\Pi ^{{\mathcal {G}}_{\mathtt {att}}}$ </tex-math></inline-formula>, which brings drastic flexibility and efficiency compared to existing systems. In addition, we propose a novel scheme that enables users (holders) to request verifiers to verify their credentials without AESPs, and it further achieves unlinkability among credentials created for public verification. Our scheme introduces a simplified format for computed claims and commitment-based anonymous identifiers. We also describe a technique to utilize zero-knowledge membership proofs, in particular, “One-Out-of-Many Proofs” <inline-formula> <tex-math notation="LaTeX">$\Sigma $ </tex-math></inline-formula>-protocol by Groth and Kohlweiss, which can prove the existence of an expected credential without identifying it. Along with other techniques, such as utilizing the BBS+ signature scheme, we demonstrate how our scheme can achieve its goals with the extended anonymous and Sybil-resistant SSI system protocols <inline-formula> <tex-math notation="LaTeX">$\Pi ^{{\mathcal {G}}_{\mathtt {att}}+}$ </tex-math></inline-formula>. Entitling unlinkability among derived credentials in the anonymous Sybil-resistant SSI results in proper privacy preservation.https://ieeexplore.ieee.org/document/10852291/Attested execution secure processorsdecentralized digital identitypermissionless blockchainself-sovereign identitySybil-resistantverifiable credentials |
| spellingShingle | Koichi Moriyama Akira Otsuka Sybil-Resistant Self-Sovereign Identity Utilizing Attested Execution Secure Processors and Zero-Knowledge Membership Proofs IEEE Access Attested execution secure processors decentralized digital identity permissionless blockchain self-sovereign identity Sybil-resistant verifiable credentials |
| title | Sybil-Resistant Self-Sovereign Identity Utilizing Attested Execution Secure Processors and Zero-Knowledge Membership Proofs |
| title_full | Sybil-Resistant Self-Sovereign Identity Utilizing Attested Execution Secure Processors and Zero-Knowledge Membership Proofs |
| title_fullStr | Sybil-Resistant Self-Sovereign Identity Utilizing Attested Execution Secure Processors and Zero-Knowledge Membership Proofs |
| title_full_unstemmed | Sybil-Resistant Self-Sovereign Identity Utilizing Attested Execution Secure Processors and Zero-Knowledge Membership Proofs |
| title_short | Sybil-Resistant Self-Sovereign Identity Utilizing Attested Execution Secure Processors and Zero-Knowledge Membership Proofs |
| title_sort | sybil resistant self sovereign identity utilizing attested execution secure processors and zero knowledge membership proofs |
| topic | Attested execution secure processors decentralized digital identity permissionless blockchain self-sovereign identity Sybil-resistant verifiable credentials |
| url | https://ieeexplore.ieee.org/document/10852291/ |
| work_keys_str_mv | AT koichimoriyama sybilresistantselfsovereignidentityutilizingattestedexecutionsecureprocessorsandzeroknowledgemembershipproofs AT akiraotsuka sybilresistantselfsovereignidentityutilizingattestedexecutionsecureprocessorsandzeroknowledgemembershipproofs |