Abstract. In this talk, we'll explore Provably Forgotten Signatures, an approach that adds privacy by upgrading existing systems to prevent linkability (or ``correlation'') and instead of overhauling them entirely. It aims to be compatible with already-deployed implementations of digital credential standards such as ISO/IEC 18013-5 mDL, SD-JWT, and W3C Verifiable Credentials, while also aligning with cryptographic security standards such as FIPS 140-2/3. It is compatible with and can even pave the way for future privacy technologies such as post-quantum cryptography (PQC) or zero-knowledge proofs (ZKPs) while unlocking beneficial use cases today. Given the challenges in deploying zero-knowledge proof systems in today's production environments, we propose a simpler approach that, when combined with key and signature cycling, can provide protection from both verifier-verifier collusion and issuer-verifier collusion by using confidential computing environments: the issuer can forget the unique values that create the risk in the first place, and provide proof of this deletion to the user. This is implementable today, and would be supported by existing hardware security mechanisms that are suitable for high-assurance environments.
[Slides]
WPEC 2024: NIST Workshop on Privacy-Enhancing Cryptography 2024. Virtual, 2024-Sep-24–26.
NIST Workshop on Privacy-Enhancing Cryptography 2024
Starts: September 24, 2024Virtual
Security and Privacy: cryptography