Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Presentation

WPEC 2024 Talk 3b4: Provably Forgotten Signatures: Adding Privacy to Digital Identity

September 26, 2024

Presenters

Wayne Chang - SpruceID

Description

Abstract. In this talk, we'll explore Provably Forgotten Signatures, an approach that adds privacy by upgrading existing systems to prevent linkability (or ``correlation'') and instead of overhauling them entirely. It aims to be compatible with already-deployed implementations of digital credential standards such as ISO/IEC 18013-5 mDL, SD-JWT, and W3C Verifiable Credentials, while also aligning with cryptographic security standards such as FIPS 140-2/3. It is compatible with and can even pave the way for future privacy technologies such as post-quantum cryptography (PQC) or zero-knowledge proofs (ZKPs) while unlocking beneficial use cases today. Given the challenges in deploying zero-knowledge proof systems in today's production environments, we propose a simpler approach that, when combined with key and signature cycling, can provide protection from both verifier-verifier collusion and issuer-verifier collusion by using confidential computing environments: the issuer can forget the unique values that create the risk in the first place, and provide proof of this deletion to the user. This is implementable today, and would be supported by existing hardware security mechanisms that are suitable for high-assurance environments.

[Slides]

Presented at

WPEC 2024: NIST Workshop on Privacy-Enhancing Cryptography 2024. Virtual, 2024-Sep-24–26.

Event Details

Location

    Virtual

Related Topics

Security and Privacy: cryptography

Created September 19, 2024, Updated October 08, 2024