Advertisement

Who Am I? Secure Identity Registration on Distributed Ledgers

  • Sarah AzouviEmail author
  • Mustafa Al-Bassam
  • Sarah Meiklejohn
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10436)

Abstract

Bitcoin is a decentralized cryptocurrency that uses a ledger (or “blockchain”) to keep track of the transactions made between its users. Because it is a fully decentralized system and anyone can join, every transaction is by necessity public. Thus, to preserve some semblance of privacy, users in the system are represented not by their real-world identities but by pseudonyms. While pseudonyms are acceptable for a standalone cryptocurrency, the emergence of other potential blockchain-based applications — e.g., using them to administer benefits and pensions — poses a need to associate certain attributes with the users of the system. In this paper, we address the question of how to register identities and attributes in a system built on globally visible ledgers. We propose a variety of possible solutions and in each case, we analyze the tradeoff our solution provides between privacy (ensuring that no one can associate the user’s real-world identity with the pseudonym or other attributes they use on the ledger), usability (ensuring that verification of their attributes poses the lowest possible burden to users), and integrity (ensuring that no one can impersonate a user). We also present an implementation of one of our solution using Ethereum.

Notes

Acknowledgements

This project was supported in part by EPSRC Grant EP/N028104/1.

References

  1. 1.
    Al-Bassam, M.: SCPKI: a smart contract-based PKI and identity system. In: Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts, BCC 2017, pp. 35–40. ACM, New York (2017)Google Scholar
  2. 2.
    Alvisi, L., Clement, A., Epasto, A., Lattanzi, S., Panconesi, A.: SoK: the evolution of sybil defense via social networks. In: 2013 IEEE Symposium on Security and Privacy, pp. 382–396. IEEE Computer Society Press, Berkeley, 19–22 May 2013Google Scholar
  3. 3.
    Basin, D., Cremers, C., Kim, T.H.-J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: Proceedings of ACM CCS 2014, pp. 382–393 (2014)Google Scholar
  4. 4.
    Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from Bitcoin. In: Proceedings of the IEEE Symposium on Security and Privacy (2014)Google Scholar
  5. 5.
    Brandão, L.T.A.N., Christin, N., Danezis, G., Anonymous: Towards mending two nation-scale brokered identification systems. In: Proceedings on Privacy Enhancing Technologies (2015)Google Scholar
  6. 6.
    Caldwell, M., Voisine, A.: Passphrase-protected private key (2016)Google Scholar
  7. 7.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001). doi: 10.1007/3-540-44987-6_7CrossRefGoogle Scholar
  8. 8.
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_4CrossRefGoogle Scholar
  9. 9.
    Cellan-Jones, R.: Blockchain and benefits - a dangerous mix? http://www.bbc.com/news/technology-36785872. Accessed 04 Aug 2016
  10. 10.
    Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO 1982, Santa Barbara, CA, USA, pp. 199–203. Plenum Press, New York (1982)Google Scholar
  11. 11.
    Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  12. 12.
    Consensys: uPort: The wallet is the new browser. https://medium.com/@ConsenSys/uport-the-wallet-is-the-new-browser-b133a83fe73#.jquv8q5u3. Accessed 04 Aug 2016
  13. 13.
    Evenstad, L.: DWP trials blockchain technology for benefit payments. http://www.computerweekly.com/news/450300034/DWP-trials-blockchain-technology-for-benefit-payments. Accessed 04 Aug 2016
  14. 14.
    Fromknecht, C., Velicanu, D., Yakoubov, S.: A decentralized public key infrastructure with identity retention. IACR Cryptology ePrint Archive, Report 2014/803 (2014). http://eprint.iacr.org/2014/803.pdf
  15. 15.
    Garman, C., Green, M., Miers, I.: Decentralized anonymous credentials. In: Proceedings of the NDSS Symposium 2014 (2014)Google Scholar
  16. 16.
    Goldwasser, S., Bellare, M.: Lecture notes on cryptography (2000). http://cseweb.ucsd.edu/~mihir/papers/gb.pdf
  17. 17.
    Hardjono, T., Pentland, A.S.: Verifiable anonymous identities and access control in permissioned blockchains (2016). http://www.mit-trust.org/s/ChainAnchor-Identities-04172016.pdf
  18. 18.
    U.C. Office and G.D. Service: Introducing GOV.UK Verify, September 2015. https://www.gov.uk/government/publications/introducing-govuk-verify
  19. 19.
    Plimmer, G.: Use of bitcoin tech to pay UK benefits sparks privacy concerns. http://www.ft.com/cms/s/0/33d5b3fc-4767-11e6-b387-64ab0a67014c.html
  20. 20.
    Schmidt, P.: Certificates, Reputation, and the Blockchain (2015)Google Scholar
  21. 21.
    U.S.P. Service: Federal cloud credential exchange (FCCX), August 2013. https://www.fbo.gov/spg/USPS/SSP/HQP/1B-13-A-0003/listing.html

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Sarah Azouvi
    • 1
    Email author
  • Mustafa Al-Bassam
    • 1
  • Sarah Meiklejohn
    • 1
  1. 1.University College LondonLondonUK

Personalised recommendations