Privacy shall be at the heart of ARF #192
Replies: 66 comments
-
Both MSO and SD-JWT support selective disclosure. Unlinkability for MSO and SD-JWT can be reached by issuing multiple copies of the same credential so that a different credential can be used per Verifier. This way, Verifiers cannot correlate the user even if they collude. Selective Disclosure and Unlinkability can be achieved without necessarily using advanced cryptography like ZKP. |
Beta Was this translation helpful? Give feedback.
-
There are multiple related reasons why we advise against relying on such a “multi-VC” mechanism: In summary, given the long-term implications of the infrastructure design for eIDAS 2.0, and in the absence of any legacy considerations, we strongly advise against a method with such drawbacks. Further details on this issue and other eIDAS 2.0 privacy related topics can be found in the attached paper. [PRIVACY PAPER Attached]. NLW-Design-Considerations-v1.0.3-for-release.pdf |
Beta Was this translation helpful? Give feedback.
-
Only (ECDSA) signature unlinkability between colluding RPs. Issuers can collude with RPs to link the issued signature to a verification session. Idemix and BBS+ also prevent such 'issuer linkability'. |
Beta Was this translation helpful? Give feedback.
-
First, Credentials and Cryptographic keys are already managed by the "wallet" on behalf of the End-User, even without "multi-VC" approach. Idemix, BBS, etc. are great, and probably will be the solution in the long-term, but they need to undergo review of the IETF CFRG so that they can pass reviews of the crypto boards and be deployed at scale. Also HW modules do not support these new algorithms/curves (yet), so when HW bound keys are important for high assurance scenarios (like government-issued credentials), conventional curves become the current way to go. |
Beta Was this translation helpful? Give feedback.
-
"First, Credentials and Cryptographic keys are already managed by the "wallet" on behalf of the End-User, even without "multi-VC" approach.". “HW modules do not support these new algorithms/curves (yet), so when HW bound keys are important for high assurance scenarios (like government-issued credentials), conventional curves become the current way to go." Overall we would like to understand if the main concern raised is that BBS+ is unnecessary (#66 (comment) ) or not possible to implement (#66 (comment) ) . We also believe that short-term considerations should not prevent the industry from innovating to deliver an ecosystem that will last for years or even decades, especially on privacy which is key success factor for eIDAS 2.0. |
Beta Was this translation helpful? Give feedback.
-
While Idexmix/Anoncreds offer great privacy features they lack:
Hardware-backed keys are needed to protect against credential duplication which is one of the attack vectors that you need to cover to achieve LoA high. |
Beta Was this translation helpful? Give feedback.
-
RESPONSE: • Final standardization: True. BBS+ is in advanced draft at the ietf in particular, but not final. BBS (same cryptographic underpinnings as BBS+) and several variants of it are however ISO standardized (ISO/IEC 20008-2) and already deployed in hundreds of millions of TPM and Intel SGX enclaves and in some existing wallets. Also, we note with interest that in [https://edi.pleio.nl/file/download/f316c8d9-b048-4dc9-a520-f5f5ab55c605/nlw-design-considerations-v1.pdf] BBS+ is considered a "valuable alternative". Standardisation is not considered as an open issue. . PQC algorithms mentioned later are not standardized either. • Acknowledgement by regulator: True but not yet. The reasons therefore are not fundamental (except maybe for PQC, more on that later) and in particular, BBS+ is formally proven secure (reference link https://eprint.iacr.org/2016/663.pdf) with no cryptographic flaws proven on these algorithms that exist for more than 20 years. Furthermore, the PQC algorithms are not standardised nor accepted by the regulators either. • Cryptographic agility: A clear definition of cryptographic agility is still unknown. Nonetheless, some less efficient algorithms than BBS+ with similar properties exists and could replace it in case of a breach: Idemix, CL, PS, etc. so that this claim of lack of "cryptographic agility" for BBS+ like algorithms would need to be substantiated further. Also, if used only as a "classic" signature algorithm and not as an enabler to ZKP, BBS+ is easily swappable with any other signature algorithm. • Potential to move to PQC algorithm: If the fundamental crypto behind BBS+ gets broken (not just a particular implementation that would require only a software patch) e.g. through the advent of quantum computing, then it is very likely that algorithms like ECDSA and ECSchnorr would be broken at the same time as they rely on very similar underlying mathematical problems. Furthermore, the currently considered algorithms like ECDSA (used in mDL) are not PQC either so it is not really clear what would be lost by moving to BBS+. Finally,, BBS+ offers "everlasting privacy", meaning that even if it got broken (e.g. through quantum computing), the past transactions would remain private forever; a fraudster could only forge falsified Verifiable Credentials. Many of the currently proposed PQC algorithm (and clearly neither ECDSA nor RSA) do not possess this property which is arguably way more important at this stage than PQC for which algorithms are much less mature and standardised than BBS+. How the use of BBS+ could prevent a "potential move to QPC algorithm" is not really clear; indeed it is not clear how the use of any specific algorithm could prevent the "potential move to QPC algorithm". • Support of hardware backed keys: current SEs on smartphones or in external hardware tokens do not offer BBS+ or the necessary underlying mathematical enabling function to implement it. However, it does not prevent its use in HSMs. Furthermore, GSMA members have already prototyped the implementation of BBS+ on old SIM cards with very satisfying results as indicated in the GSMA paper linked above in this thread, meaning the implementation of BBS+ in SE is a matter of time and political willingness, not an impossibility. As mentioned above, before that happens, HSM can be used. Generally, the comments made here relate to the balancing act of taking into account short term implementation constraints vs securing the right place for privacy that is a fundamental right of European citizens, especially for such a sensitive object as a universal ID wallet. If privacy is taken seriously, the necessary processes can be accelerated; such agility was demonstrated in response to the Covid-19 crisis. |
Beta Was this translation helpful? Give feedback.
-
I don't think the multi-VC approach is such a complex solution. As I see it, it can be approached using the intuitive idea of a "proxy". In this case, next to the original issuer, we place a issuer "proxy". The proxy unconditionally and in real time (synchronously) emits new custom VCs as soon as the original VC is provided. The wallet on-demand requests new proxy VCs and use them to present to third party relying parties. This on-demand process is completely transparent to the user. This proxy scenario also allows the original issuer to control the usage of identities. The attached "buy" purpose does not leak any personal information, since no money, asset or quantity is attached. It acts sort of a OAuth scope but if simplifies anomaly detections:The issuer proxy can easily detect time-series anomalies (wallet was stolen) and block the issuance or even notify the original owner. The wallet can even tell to the Issuer proxy "I want a VC telling that I'm older than 18 to be presented to this relying-party". The issuer-proxy can have extra intelligence to fetch the needed extra attributes and issue them automatically. In this regard, the proxy becomes "intelligent". We are creating a mesh-network of issuers and relying parties following the same proxy pattern used for mesh networks and HTTP services (think of an Istio/Envoy proxy for the Identity network). Wallets delegate their intelligence to the proxies, making their design much more simple. Certainly, network and computation resources are duplicated, but they are still quite small (when compared to standard apps as Gmail, Facebook, video-games,...) and even supported by IoT devices. This is quite similar to the duplication of resources in mesh networks with side-car proxy containers. Also, the extra proxy-intelligence can avoid resource consumption in other ways, as it is the case with the previous "older than 18" VC example. Notice also that this zero-knowledge use-case apply to corner scenarios, since in normal scenarios, the relaying-party is obligated by law to known the real identity of the user. |
Beta Was this translation helpful? Give feedback.
-
RESPONSE: Most importantly, it doesn’t seem to resolve the privacy issue: the “proxies” would be in a position to track the real time actions of each citizen (as opposed to the model where once a VC is issued, the visibility is restricted only to the wallet. This would mean that neither the issuer nor anyone else can track the use of this VC throughout the ecosystem as proposed in our ZKP/BBS+ approach). Secondly, these “proxies” would never be an easy actor to integrate in the ecosystem. Firstly, it would force a model where the transactions can only ever be online. Secondly, it is a structuring revamp of the architecture model of the ARF that raises a lot of questions about responsibility, security and not least business models. Furthermore, the claimed improvements remain to be proven and analyzed for ramification.
|
Beta Was this translation helpful? Give feedback.
-
RESPONSE: @GSMA-EIG Just an small clarification, the VC proxy "idea" does not compete with ZKP/BBS+. While a ZKP solution is the "ideal solution", the concept of proxy VC plays the role of "supporting utility". It can fix some privacy problems in the absence of a fully working ZKP, or in cases where there is some usability problem with ZKP in scenario. My intuition tells me that it could even simplify ZKP in some contexts.
I don't think so. A proxy can only trace statistics about how many times a user wants to hide some personal data in the presented VC, without revealing anything else. This can not be perfect from the point of view of pure cryptography, but it will be from the point of view of laws and regulations.
This is an example on how a proxy can simplify the work of "light" wallets and obviously it breaks privacy. I mention it as an example on how a VC proxy could be used as supporting utility. It is "good enough" when the user is just concerned in not revealing personal data to the verifier, while it doesn't care that much about the VC proxy knowing about the "visited site". And since PID data is delegated to trusted national bodies under the control of Conformance Assessment Bodies it is a sensible decision to think that VC-proxy issuers can be considered "trustable enough". This trust is in contrast to standard Web Proxies and DNS public servers under the control of Google, Akamai, Telcos and the likes with economic incentives to break the user privacy and link the activity of a given user in different sites.
Not really, the wallet just need to have a minimum logic to have a growing queue of prepared proxy-VCs to be used "later on", either on-line or offline, adding a minimum extra logic such as: Edit:
|
Beta Was this translation helpful? Give feedback.
-
This proposal undoubtedly has a lot of architectural (and other) impacts, including privacy, but probably not primarily privacy. We think it should be discussed in its own thread as it seems only lightly linked to the initial proposals and remarks made in this thread. |
Beta Was this translation helpful? Give feedback.
-
The absence of the SOG-IS is just a self-inflected excuse: if this is really important, they can do their jobs. Likewise the CFRG assessment can go faster, if it's going to be used, and it's not like the EU doesn't have cryptographers qualified to assess it. The fact that SD-JWT is being considered despite not meeting the security property required is disappointing. |
Beta Was this translation helpful? Give feedback.
-
As I read your text, I see that you more or less agree with all 5 arguments that I've given. eIDAS wants to start building something now and BBS+ is not ready for the given reasons. I've got even two more:
I like the idea of ZKP based VCs but the truth is they are not mature yet. Some issues could be improved but I don't see any momentum. |
Beta Was this translation helpful? Give feedback.
-
There's no reason eIDAS couldn't do the necessary work to develop a privacy preserving technology and improve the JSON-LD issues. Basically the message I'm getting is "we prefer writing less code and doing less work to ensuring Europeans have privacy" and being honest with the stakeholders that what they want is not possible. |
Beta Was this translation helpful? Give feedback.
-
Each organisation has its own internal process but we are indeed surprised by the choices that were made in the ARF if privacy is deemed important by the eIDAS expert group: At this stage, we have not yet received any official feedback from the commission to our comments and suggestions . We hope the detailed exchange here will help resolve matters soon so that privacy is at the heart of the upcoming eIDAS2 framework. |
Beta Was this translation helpful? Give feedback.
-
I have a reasonable understanding of ec-crypto and Schnorr signatures. Months ago, I documented my understanding of schnorr on my github for non crypto folks. After reading thru the BBS IETF draft, i still do not understand how you use the schnorr arithmetic to achieve issuer unlikability.
Issuer and verifier know the content of the disclosed credentials. Hopefully there is not enouth entropy in the credential data to achieve linkability at content level.
From reading the spec, this proof looked too complex to me, I really did not understand the math. It shall be simple enough to show common folk that there is no backdoor.
I could understand that BBS+ allows Holder to present a proof on knowledge of a valid signature, without disclosing that signature. What i am missing everywhere is de definition of a valid signature. Can i really conclude a signature valid without knowing the issuer or the pool of issuers? We do need real use cases to move forward here.
I many use cases, the attribute data themself will contain enough entropy to help issuer/verifier linkability.
A unique identifier is a unique identifier. spam mitigation implies linkability. The more we link at verifier side, the easier it is to link back at issuer.
Pseudonyms are unique identifiers! Thank for the hint on zkorum. I will try to allocate some reading time to it. |
Beta Was this translation helpful? Give feedback.
-
We need real use cases. In most of them, holder will be known to issuer.
Without being too ideological, i still do believe issuer unlinkability can not yet be solved with technology, as we don't have enough visibility on the extent of possible use cases. This is why EU technical standards will for the mean time foresee some sort of supervision/accreditation of issuers. |
Beta Was this translation helpful? Give feedback.
-
@francis-pouatcha that's the last time I respond here, because I am worried of spamming others, as we're gradually drifting off-topic. Nevertheless, feel free to reach out in the ZKorum monorepo directly.
I think the problem here is our definition of issuer unlinkability differs. Issuer unlinkability doesn't mean not knowing that a Verifiable Presentation comes from a Credential that was issued by an Issuer. It means if the Verifier gives the Presentation to the Issuer, the Issuer will not know from which Holder exactly it comes from.
That's a good point, but there are solutions. I address the problem here: zkorum/zkorum#6 (part on the "American Student").
Hmm, I am pretty sure it is well understood. Many things we use in life are only understood by a bunch of experts and it's fine!
Again, the same problem with the definition of issuer unlinkability. Of course the Verifier knows and trusts the Issuers, and knows the Presentation comes from some Issuer, it's wanted! The issue we solve is Holder privacy in the hands of the Holder: no need to trust that Issuers and Verifiers don't collude. And in my case, Verifiable Presentations are public data, so it's even worst. No need for collusions: without issuer unlinkability, Issuers could just get the public Verifiable Presentations from the forum and know who said what.
You've not read the documentation I linked, that's why you say that ;)
Thank you for taking time for it. We will release the closed alpha by the end of the year and have a whole University as our first users.
The above forum is not ideological, it's getting real! And it does require issuer unlinkability. |
Beta Was this translation helpful? Give feedback.
-
Actually - every single application except the root national structure SHOULD DEFAULT be pseudonymous and where possible anonymous according to GDPR as a way to operational data minimization. It is not even optional - see e.g. GDPR article 23 which do not make it possible to exclude the data minimization requirement in e.g. article 25 in national law. It is a basic problem in ARF that all use cases are assuming the purpose is linkable identification/linkable issuance incorporating keys or credentials (e.g. name) establishing linkability. It should be the exception according to the GDPR state-of-the-art principle.
That is deeply ideological as it - IMHO illegally - enforce data retention on Issuers. It simply means that some bad technical standard established without political oversight are in conflict with the EU Treaty itself trying to override fundamental rights. The consequence is enforcing digital architectures without internal security in Issuer applications as all data are inherently linkable across transactions. This was one of the main topics of my invited talk on state-of-the-art at EDPS Workshop on Digital Identity. |
Beta Was this translation helpful? Give feedback.
-
Without forcing a link to BBS+ as this is a about general requirements, issuer non-linkability is a bigger topic related to maintaining integrity when mixing credentials from multiple non-linkable sources in selective disclosure towards a new context. It is also about the issuance process as a dependency on reusing keys across multiple issuances 1) establish linkability and 2) establish a dependency on key revocation. |
Beta Was this translation helpful? Give feedback.
-
I would rather stay here, as the purpose of this discussion is to contribute to the ETSI TR 119 476 technical report on selective disclosure BTW: I have no affiliation to SD-JWT and do have objective discussions on SD-JWT weaknesses with others in other forums. Obvious issuer linkability is one of those. I also do have nothing against BBS+. I feed off crypto-algorithms and as soon a I understand the math, I will document it for mortals. Neither am I defending the ARF in it current form. It is a shame there is only one reaction on my critic on HW-defined Secure Environment and Privacy above. Not event the ack of @Sebastian-Elfors-IDnow that request comments on the ETSI document. If this forum is for advertising products, fighting for adoption of own technologies, European Tech will fail again!
This is not true! The world has witnessed a lot of backdoors in used and not well understood crypto over the years. We want to keep these risks at their lowest. Some technologies like pairing, zk circuits do not have enough academical contributions on their formal analysis to be considered safe for the commons now. With time things will look different as lot of contribution from crypto networks is pushing for adoption. On the other hand, schnorr on the other side is simple and straight forward. But in the EC-world, the curve used also matters. BBS+ seems to be a combination of all of those, and it has to presented as such to the audience here. DeFi/Crypto networks are being hacked every weekend!!! This shall send us great signals on complexity.
Keeping this at a non expert level, as long as pseudonyms allow the verifier to identify the holder, they are together characterized a unique identifier in the context of that verifier. No tech will help here! There is no need to guess pre-images when i can correlate on the commitments.
I navigated the project. Great one. Great idea. And I do understand the absolute need of ZKorum. And this is neutral and not publicity for ZKorum either, as I have no affiliation to it.
I do believe you. But I think we all massively underestimate the effort needed to achieve real issuer unlinkability. |
Beta Was this translation helpful? Give feedback.
-
Dear @francis-pouatcha (and the rest who comment in this thread), Thanks for all your feedback and comments on ETSI TR 119 476, the ARF, and ZKP schemes in general. We are following the discussion in this thread, but it is not possible to comment on all statements on a regular basis. So far we have received comments in this thread, by email, LinkedIn and other channels that exceed 100 pages. When the deadline for comments ends on October 13, we will compile all feedback, analyze it, and present the suggested changes to ETSI ESI, which will form the basis for the next revision of ETSI TR 119 476. Kind regards, |
Beta Was this translation helpful? Give feedback.
-
May I as a genuine party-pooper present some real-world observations? The we have the use-cases. How is tax collection supposed to be carried out if the tax department does not have your "dossier"? That Microsoft never managed to do anything useful with their investment in Uprove, indicates that market acceptance is not yet a reality. |
Beta Was this translation helpful? Give feedback.
-
@cyberphone Age verification is an example where the information being exchange is not inherently identifying |
Beta Was this translation helpful? Give feedback.
-
@wbl Right, in scenarios where you don't have a "relation" with a service provider, the mentioned issue doesn't apply. These use cases are though not particularly common. |
Beta Was this translation helpful? Give feedback.
-
You mean off-topic. The only relevant aspect is that U-Prove is of the same crypto-family as BBS (e.g. no dependence on key revocation) and U-Prove has a lot more needed functionality than is standardized withing BBS. It does not change the fact that constructing identity in all U-Prove/VC turned out to be quite hard especially if you want an open market with many issues, relying parties and technology providers.
You are clearly confusing the ability to reference, communicate and indirectly ensure integrity with means for identification. These are two entirely different issues but always at the application layer.
Law makers in general tend to forget the implications on implementation when they make complex rules (e.g. marginal tax rates require knowledge of total income and deductions), but we can make taxation as secure as we want to. If we validate trustworthy at source, we can make trustworthy taxation that do not need to know details. See e.g. this Danish Government report on training government officials even in complex cases
You can make al sorts of assumptions on what didn't happen. Personally I would suggest BigTech would never bite their own profit interests so they are the worst to provide security for society - only second to state bureaucracy. Microsoft twisted U-prove for MS interests (e.g. Card Space even though better than "One Wallet to rule them All" and choice of C#) But the real reason was timing as the client-side technologies such as smartcards hadn't matured - and timing/paradigm as the depth of the problems hadn't matured in the institutional space. E.g. GDPR (2018) and eIDAS (2016) only emerged after Microsoft abandoned the effort and the main people either left (Stefan Brands and Caspar Bowden) or died (Kim Cameron). EU regulatory process certainly miss Caspar Bowden. |
Beta Was this translation helpful? Give feedback.
-
People have relations with people - not with providers, even through you might have with specific people at providers (e.g. doctor, teacher, etc). Providers would like to see you as a relation in order to "manage" you for their profit - which is why technology needs to ensure maintaining a distance is both possible and default even if providers offer e.g. loyalty bonus pricing. |
Beta Was this translation helpful? Give feedback.
-
I'm just saying that the unlinkability of BBS and similar technologies seems to be at odds with the way we are currently communicating with service providers and people. |
Beta Was this translation helpful? Give feedback.
-
You are describing a problem that crypto is trying to solve, not a property that we should maintain. Presently markets don't work because consumers are reduced to products and all the power is on providers side. |
Beta Was this translation helpful? Give feedback.
-
Thank you for the insightful discussion and feedback. |
Beta Was this translation helpful? Give feedback.
-
Context: Guaranteed privacy of the EU citizens is a major concern for EC. The comments is related to privacy and request to update ARF to ensure EU citizen privacy when using the EU ID Wallet.
Issue: There is no mechanism in ISO mDL that ensure full privacy. This standard is not sufficient to ensure unlinkability and as such Data Minimization. SD-JWT doesn’t manage unlinkability or ZKP (zero-knowledge proof).
These 2 protocols do NOT allow proper data minimization and therefore should be replaced by the necessary tools and protocols enforcing unlinkability and data minimization.
Proposition: To ensure Privacy, Data Minimization that includes Selective Disclosure and Unlinkability shall be added in the ARF. We propose to add the definition of Data Minimization in the ARF and to add requirements on anonymization for PID and (Q)EEA. A section dedicated to privacy is needed in the ARF as in ISO/IEC 23220-1, section 5.2. This paragraph shall define Unlinkability and Data Minimization and requirements related to privacy
Beta Was this translation helpful? Give feedback.
All reactions