Re: [Cfrg] ZKP for proving ownership of a credential
Tony Arcieri <bascule@gmail.com> Wed, 03 June 2015 09:39 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 969721A004A for <cfrg@ietfa.amsl.com>; Wed, 3 Jun 2015 02:39:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U9bvZxYIsKSW for <cfrg@ietfa.amsl.com>; Wed, 3 Jun 2015 02:39:35 -0700 (PDT)
Received: from mail-ob0-x22f.google.com (mail-ob0-x22f.google.com [IPv6:2607:f8b0:4003:c01::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8AAE1A0027 for <cfrg@irtf.org>; Wed, 3 Jun 2015 02:39:35 -0700 (PDT)
Received: by obbea3 with SMTP id ea3so3331464obb.0 for <cfrg@irtf.org>; Wed, 03 Jun 2015 02:39:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=xQfb1rqG4gPw7JU7GUoADAzqJBHtkHorPS/vgc7Kng8=; b=kh7OJlsMfwlG/gwPt4mUdHYkAIWcUKtDGZy8FR1EGAfB78JOLCPsuDC6a+x86woAGM /HTwF504n52WlikEI7FlF677A/mqLq52ghSTzv6Kli8CV6HOM+wgehyiMYx5xXHSP12m 0jjvyTa0zPrWK+XuUJQDQebbMgeJXN9PiKuUxT4JvVkj7GK2y0a5IP2bN+RutS76SvQ6 TyXQB7uArIQS1l+A8/S8YeRJ5bNzNYPihMLrboNwMTgnGMuR5O4Q4rC4pvE7TZVlqRnS K2owfgdAgvTPCkk+upgkDLZ6XZ8S8mWmDj3kurlgyIAmL4FrwG8SELwJ9ny+N24EbP8w axeQ==
X-Received: by 10.182.76.100 with SMTP id j4mr3225478obw.14.1433324375207; Wed, 03 Jun 2015 02:39:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.110.241 with HTTP; Wed, 3 Jun 2015 02:39:14 -0700 (PDT)
In-Reply-To: <556E63DB.8090904@digitalbazaar.com>
References: <556E63DB.8090904@digitalbazaar.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Wed, 03 Jun 2015 02:39:14 -0700
Message-ID: <CAHOTMVLn8=KUVM9_OdiPrgw1SCi1XK4SFZwe6LmLvRomtTS2NA@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Content-Type: multipart/alternative; boundary="047d7b6729243b76ed051799d66a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/w0HM8isxzxX7OKT8-bZDIcnbAMY>
Cc: Crypto Forum Research Group <cfrg@irtf.org>
Subject: Re: [Cfrg] ZKP for proving ownership of a credential
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2015 09:39:37 -0000
On Tue, Jun 2, 2015 at 7:18 PM, Manu Sporny <msporny@digitalbazaar.com> wrote: > We have a subset of credentials, like proof of citizenship ("this person > is a citizen of the United Kingdom") and proof of age ("this person is > above the age of 21"), that we believe could be asserted without leaking > information that could be used by colluding websites* to identify the > individual with the credential. Do you have more specific requirements than that? I know those are just some contrived examples, but if those are really your only requirements, the simple administrative solution in my mind is to simply only issue these types of credentials to people who meet these criteria in the first place. If you can solve the problem that way, I think you can use a simpler scheme than a zero knowledge proof. I say this specifically because I don't think getting any more fine-grained than citizenship and age is important to solve this particular problem, and if that's the case, there are simpler privacy-preserving systems that are easier to implement and reason about. Here's a scheme I think fits into this general problem space and doesn't require a zero knowledge proof. I should probably mention one of the chairs name is on the paper: https://eprint.iacr.org/2006/080.pdf I'm not sure this is particularly well suited to your proposed problem, but I'm wondering if your proposed problem could be simplified in such a way that it would fit. -- Tony Arcieri
- [Cfrg] ZKP for proving ownership of a credential Manu Sporny
- Re: [Cfrg] ZKP for proving ownership of a credent… Paul Lambert
- Re: [Cfrg] ZKP for proving ownership of a credent… Manu Sporny
- Re: [Cfrg] ZKP for proving ownership of a credent… William Whyte
- Re: [Cfrg] ZKP for proving ownership of a credent… Tony Arcieri
- Re: [Cfrg] ZKP for proving ownership of a credent… Alec Edgington
- Re: [Cfrg] ZKP for proving ownership of a credent… Paul Lambert
- Re: [Cfrg] ZKP for proving ownership of a credent… Tony Arcieri
- Re: [Cfrg] ZKP for proving ownership of a credent… David Jacobson
- Re: [Cfrg] ZKP for proving ownership of a credent… Vadym Fedyukovych