IETF Logo Mail Archive

[jose] An attempt at unlinkable tokens with minimal magic

Vasileios Kalos <vasilis.kalos@mattr.global> Fri, 29 July 2022 00:44 UTC

Return-Path: <vasilis.kalos@mattr.global>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA839C14CF16 for <jose@ietfa.amsl.com>; Thu, 28 Jul 2022 17:44:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mattr.global
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EbGZIms-DOZ3 for <jose@ietfa.amsl.com>; Thu, 28 Jul 2022 17:44:40 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01on2125.outbound.protection.outlook.com [40.107.107.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D0A9C14F718 for <jose@ietf.org>; Thu, 28 Jul 2022 17:44:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jtqcs5d+wQcP47YSJ/O/TieohgBa3PRJn2G03OZcDLtWPv+hXvtLRslpAC1Q84XhyKI3Iu+UdLwUH+Zsb1KmTnFiBBDIHRRhu4HUMXihjlouwyYSsNEly3Jl5htPgL0bHD5Lmg5NSc60s2qNtnEZv+x28oPSSCLMfg0YayPs+KV5PdFHj9Jw9X3i9SXqFb7UCBjvC+QKOowNQgR38kyQBRp4MYtKfFgGbJkNcq1oho4ho2vkyCjuKmtv70r7DZI/UKSQlBOYxbkZKtW7IW+dGa01Ot2cddobmev6nWYna2iGQ6T3KMwTzY92etf4UgShxqXfcG1NGNByrU4Qyy01Dg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=16PktqUmFc9UjYgW2IBB8D3qnfPBLq14WQ7OsTmyBbM=; b=QydZthNTHsdfNU6i1eeFCuW0WkiLSalnjglGAEYDto2V4V47s0GKpRk+GemitsDfSFlFy4kFyLHtLQGViHuO1AQPwSsHYxLZnRryrm1vaN8BCsC4dNKopQEm2djVSB7bURwlK8dsHsnyLOo3U5CXa+1M0qzU3nc7Ub4hh0l9iCoMYcRgOhGLbpZajAupr+UhMOJWTMByTGkJOODqKno70hAlpvwPhVIIXEHh3MJtbH3SC4/iepKFa29tDZiCr+KdmG+3FNdrrY5JYpCYLzrLuEaX68O2TWG9Hn29h7LFZjNwHLaZcciRKKbtPphHqETtpSR3hklo/U6XAk/hv4SF/g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mattr.global; dmarc=pass action=none header.from=mattr.global; dkim=pass header.d=mattr.global; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mattr.global; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=16PktqUmFc9UjYgW2IBB8D3qnfPBLq14WQ7OsTmyBbM=; b=fc+Fh6AZ+9wxjt2emicR8koxFjVp+6asbueWvdLl62A1tA3feCW/lrIiFg11GBWr3whb4/Ni8NCMkJE5qbDTttiFpUVPxy3F19ZTvT1MSk6/xwqeXuAXTMDVsMsZ+fKS2+vmtpbK+Flp/OhckWd0C8BqpPledw/VouOSqCrSfxg=
Received: from ME4P282MB0984.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:91::15) by ME3P282MB4241.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:18f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5482.11; Fri, 29 Jul 2022 00:44:34 +0000
Received: from ME4P282MB0984.AUSP282.PROD.OUTLOOK.COM ([fe80::594:16e7:41d0:d3e0]) by ME4P282MB0984.AUSP282.PROD.OUTLOOK.COM ([fe80::594:16e7:41d0:d3e0%4]) with mapi id 15.20.5482.011; Fri, 29 Jul 2022 00:44:34 +0000
From: Vasileios Kalos <vasilis.kalos@mattr.global>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [jose] An attempt at unlinkable tokens with minimal magic
Thread-Index: AQHYotyHaqvJYmIf+EOYHOHd9+kEmg==
Date: Fri, 29 Jul 2022 00:44:34 +0000
Message-ID: <ME4P282MB0984F3582C4BD1707B86C8068E969@ME4P282MB0984.AUSP282.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: f9f2e900-67c9-06ee-2e85-a166a37f4e2f
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mattr.global;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5691f8a3-b075-422d-b780-08da70fb81cc
x-ms-traffictypediagnostic: ME3P282MB4241:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3X+cNImCtl1T/J4faUI5gKSuuQIdxGdYBWQL+AjlYxDII7TYwS+QHLjpvOnEvG8Xw3EgZ0pg08xvOm7LlXuZ7GJ/lYk0m4rsRbv8pODYHR5jnhyRC2dpbjZarUTr+ZKUn7p/fEaDmLX/IvFijaRu71Mj7Iv2XsALP8twejLbWbMkxy+4otJwhuCk/NV0BQ7cGAZxoCBXouG7HceRGua7a1bNP4o9WaxHRWHekbBAkquMvFq5yqCZbNOmnP1bS3tRr5FZu9+0nvD3S9NkmqrS6PtZ+2HlR0MmjzGoWUTl7FDxrWC+RKY36eKwbAcxrbHJWv3llkG8E6jNMeM2hroUMSel0gmaqz7LZjYDASWE0ZsKKjdLkKR4f0QJA1tYKVgcKwJ8df0bYMZUYgPqwJpJB/JvNOEguZzskyZahyG/2ZG+4sa9ZjPJgtXzrX21I9GrPYVoGvKuRgo9TQ2oQt/rgaghLez64IxPw+YsG4oh3yYPpZEFnWfz8zgxhl0/wleKiA/PYUa4GqSu/IdhV4MZW57PpZ7s/AAc3fcl9tRHcXETL7pboSHNnc3WHy/hce3A8R6zEdJtrZ575hujXzsaa+3rFIuZoCskwGy7KIKMNX5js6TFgLnC8512432OzzEEWwFrQhGOyLUOMKMjwIAC3OuHW+GgU5vWC/ca9dlF2+/L9ju72+715WRTGF6fHVO6n5bDf2xRzS1orTxeM8uMEVKBeJ1i0MY7LjoKmfsk9vpos63K1wJkJH+HztwEmSgYEIWmWfT05RA/k2R+9vcWA/xLfqQNvrBP5mg7o14R3A4cMg6gpS0CDHkRhqhRke7i
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:ME4P282MB0984.AUSP282.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(376002)(346002)(396003)(39840400004)(366004)(136003)(19627405001)(5660300002)(83380400001)(38100700002)(186003)(91956017)(8936002)(33656002)(52536014)(2906002)(76116006)(66446008)(66946007)(66556008)(66476007)(64756008)(8676002)(966005)(71200400001)(478600001)(7696005)(9686003)(41300700001)(316002)(55016003)(6506007)(6916009)(166002)(122000001)(86362001)(38070700005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: n+ZNjNiXYNgkr6cjoGT8bO2TBgOaE/gJefRswlx2x1ZYldbNyp8Zc7hkI1F/5DI7NZB6HLiu+7HXdy6Ut2jzuxotRIDj6b4fK6nYzM1pJOMl11oPCA53g3t2j5VLaBlsvlF5265Vk7HTLXGJppnOiK+Jpn5pO7yJFcT60jdl10EKbB/lEPZDDK29qzLQmBhpzHb1VJKZZpxaUFy4kIwM3daFWZ4rDhKe6cz4fr5MM7xL6VCbcfhQJy+UvPEUDVZyeoKajSzNAsIXtYVYMWNxELff+yQYe2p09NutJ1++skZr7NAMxJE4UdTevS6HZTYQZWq3cMuDw3ZdvWfTmNk0GaihJkCCQLtUs3McI1+OpLXwF+cT0qvWulnBVtdjqTjKgB1tMK8+jcMBHhzOrnMmFGuV29HdYo5IhqPgo29vaiKR4bkBp3k98KHEM/V9PtfkvZPm23ST3EU16p7E3+SOmdD1VejbXXUICKJS4BO4r4I6lFwfKRqI3HOQLLfr186NYA79szf/1vTTh8o5ofSvZrktQIbQqcNZBRv6cLgz6fIsWnMo8H63zYXRDYNtiATUY2ha57aG2LukYIIpjSsus+ryLX5VsA+8zAopJUMckXIVGHDifybgkoljTV8VyTWFd5Hamotwui5vTYiR8NV9CS62DNDHvvqk/KCWqlkC2BrvfQUMD+5XbLLxFNSbQ/ayitbmceto/vQfE3/8D8q2ZYM5PobmMe1ayXwnVCPK6N0WwBaSCFBqhHNsIIl7IMDzfBSqSUReOcuw56kVEzCzTwDHsmCfKP+keOc7vAtsySh1dke1wMfmBQ32y6TJT4cwH18SAczTNvB08xm+fp3EJ4w2SFa0bx5J8Mi2TfD3gp4IbN0zKNBSeyWp4Qlhgcz7dOQTBoC2QmDY5IT0i4pULE6/FrPAAwYkCMMgy3Dqzv8tJ95n8DWaVwDSp48RBQClPrFlPKOfGqij6wzF0xz3wNKPPjehZRC+6K/aQv1F6j7AaonfInLQ8Lizy/PKFUcaN3R/o+sZCBvCt92xP0xgum4GIgWIj0foydnRLNl7r0cI4qJwZndzLFBn3ga8uPo3HVyFnqgFRkyOPm8TcLLxuY9VuHBb47fnvQPwZsMLZjajzQaWNbaChAMeXaO5DMHLHA7hdvVClyfFJ6g4/EeHzV8+KPxb+leQcaXD6oyr20S/Vqg00GkcIF2NxNgh8WpKT62lNYK5D+9RHWVF40rZjKk+99iBvXIbW+hV74+cbNazSSh+OtcmmYVbn/AtZQ7plOg2L+2mM74YUr/bPmDbZadYyy7+A3ipzXpGmN+QZhw6x7k9gNjig2HOzlTQaH6ZSCazHenE8mnTY4twscndmcijsdZC3IIpAoU2YjS5UOtcKWHRPjrVpoA/wIOxR6hnRWwO8Fk5E5VXGrEIJbCga1kwfP6v1lK5XfiOZq6hpBsvYWOTPNAtXw5S4jAdogmf8pvHw7WSSSEpqSVyp7N+ca2EVgAa3srJn9KoeSq69p09+XagqigN0ibR4RWUNQL9mwVXq9Tc/3OnLsXX4HnEmcnjhuvslPI0tU4of+xyOeBn9DUcUbXKnyYMkab9uJJXIWDnqiuTV22vcS9rKxurIapM4SmO6rU+CbSpDNaA0gDe1OS/oyT51A1yJptvMV1T
Content-Type: multipart/alternative; boundary="_000_ME4P282MB0984F3582C4BD1707B86C8068E969ME4P282MB0984AUSP_"
MIME-Version: 1.0
X-OriginatorOrg: mattr.global
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME4P282MB0984.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 5691f8a3-b075-422d-b780-08da70fb81cc
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2022 00:44:34.2969 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c2c9cf73-6aae-4702-9844-02adab723771
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cBe8rbcf/b1M0zzaTT1FBgLbLzy8dTXq6RkwB4Cv7P28L3JaFs1eORopiO5AwOcAjZnc5X+bgVFnr5MPaf23s41Rlcy0xfP9ut5zD5bw/wc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME3P282MB4241
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/5ERjYdl0ArbFzgdsu54EPMNmBgk>
Subject: [jose] An attempt at unlinkable tokens with minimal magic
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2022 00:44:44 -0000

Hey all,

What JWP allows that I find very useful is the following: the Verifier will learn nothing more than what the user reveals, even if they (the Verifier) cooperate with the Issuer (or anyone else).

The above is essentially unlickability but it also says something stronger, which makes the protocols using it more robust. It also makes it easier to use jwp in other protocols easiest (instead of having to claim unlikability under only certain circumstances for example).

Also, even if we remove the possibility of a Verifier/Issuer coalition, it is not straight forward to achieve the above property using (N) SD-JWT tokens. As an example, the Issuer could potentially measure the amount of time it takes for a user to request a new set of tokens and derive behavior statistics.

Another thing worth considering is efficiency. Even if you could achieve a subset of the properties enlisted here by other “traditional” means, the proposed solutions are simpler, more flexible, and efficient.

>  That seems like a pretty exotic property compared to how current authentication systems work.  Even in the good old Web PKI, with 2-year certificates, the issuer had to stay alive to serve OCSP responses or CRLs. Even driver's licenses and passports have revocation!

Yes, however, the token issuance protocol itself should not make that a requirement IMO since there are better (again MO) alternatives. Each use case is then free to utilize the Issuer to the extend it needs.

>  I'm having trouble imagining how you achieve that along with
other properties, so an intro to the relevant crypto would be helpful.

I will take BBS as an example. BBS are based on the extremely well studied and widely used Schnorr-proofs (or rather generalized Schnorr-proofs [1]). The BBS proof can be mathematically proven to be a zero-knowledge proof-of-knowledge i.e., that it does not reveal any information beyond the disclosed claims while proving knowledge of a signature [2].

Those properties may seem like “magic”, but they are based in very well studied and understood cryptographic schemes and techniques. Of course, I would be more than happy to go more over the crypto!

All the best!
Vasilis

[1] https://link.springer.com/content/pdf/10.1007/978-3-642-01001-9_25.pdf
[2] https://eprint.iacr.org/2016/663.pdf

v2.23.0 | Report a Bug | By Email