Provenance of legacy-compatible data in the decentralized world and its applications

Abstract

A novel identity management concept known as decentralized identity (or self-sovereign identity) has drawn significant interest and extensive development within both academic and industrial circles. Decentralized oracles empower users to demonstrate the origin of data accessed through TLS from a specific website and verify statements concerning that data. This system operates without the reliance on trusted hardware or requiring modifications on the server side. In DECO (CCS 2020), the first decentralized oracle within TLS 1.2 was introduced. It also investigates the methodology of optionally proving statements about this data in a zero-knowledge setting, preserving the confidentiality of the data itself. Furthermore, a separate study proposed an attribute-based anonymous credential system incorporating a commitment scheme (ASIACRYPT 2020), introducing show proofs to verify a set of attributes in a credential to verifiers without disclosing attribute specifics. Building upon these research findings, this thesis presents a series of optimizations and expansions aimed at advancing self-sovereign identity solutions.

First, we present DIDO and DIDO+ (decentralized identification oracle), which expands DECO to TLS 1.3. In DIDO, we address several unresolved challenges, encompassing the incorporation of X25519 key exchange, the creation of a round-optimal three-party key exchange, the structuring of a 2PC system for TLS 1.3 key scheduling, and the optimization of circuit design for 2PC protocols. Furthermore, we expand upon DIDO to create DIDO+, which introduces a protocol named selective disclosure. This protocol facilitates the extraction of particular plaintext substrings from websites, enhancing the functionality and flexibility of the system. Our implementation is verified against real-world websites, and a security proof is furnished to validate its integrity.

Next, we introduce DEVS (decentralized verification service), the first generic decentralized verification service built on a decentralized oracle. DEVS enhances the traditional single-verifier oracle by incorporating a multi-verifier mechanism. Our aim is to streamline the protocol for reduced communication and computation costs while enabling reusable proofs and maintaining security. DEVS comprises three key components: a reconstructed decentralized oracle to bolster data trust, secure storage for share retention, and a verification process tailored to the needs of verifiers and authorities. Considering 10 verifiers, the reconstruction reduces the running time (approximately 89.1% or 89.6%) in WAN settings and communication bandwidth (approximately 89.1% or 87.8%) of TLS 1.2 or 1.3, it provides a significant improvement when working with multiple verifiers.

Lastly, we introduce a unified attribute-based anonymous credential system where users consistently receive credentials in a standardized format from the issuer. This system allows users to opt for efficient multi-use or single-use show proofs, offering a more user-centric perspective compared to current schemes. Technically, we suggest an interactive method for the credential issuance protocol utilizing two-party computation with additive homomorphic encryption. This approach maintains crucial security features such as impersonation resilience, anonymity, and unlinkability. In addition to the interactive protocol, we develop show proofs tailored for efficient single-use credentials that uphold user anonymity throughout the process.