University of Twente Student Theses


Comparing Zero-Knowledge Proof Protocols for Practical Open Source Self-Sovereign Identity Systems

Herbowo, Keanu Nurherbyanto (2022) Comparing Zero-Knowledge Proof Protocols for Practical Open Source Self-Sovereign Identity Systems.

[img] PDF
Abstract:Self-Sovereign Identities (SSI) are identity management systems that appoints users as the sole manager of their digital identities. Users of an SSI system are allowed to request digital credentials from issuers, and present a minimised set of data attributes to verifiers. Once issued to the user, digital credentials are only kept by the user themselves, or a third-party appointed by the user. Credential attributes can be shared by revealing them directly, or keeping them hidden to verifiers. Users can authenticate the presented attributes by providing a Zero-Knowledge Proof (ZKP) of valid issuer signatures on their credentials to the verifiers. A ZKP is one of the basis of SSI systems since it allows the user to proof that the signatures are true, without actually sending them to the verifier. Due to their growing popularity, several open source SSI systems have been developed. Some approaches such as Sovrin implement a blockchain, or a distributed ledger, to manage credential schemas. While other SSI projects such as IRMA does not. In this thesis, the two open source SSI systems; Sovrin and IRMA, will be studied using an SSI evaluation framework. Their differences in terms of their reliance to a central authority and usability of each system is highlighted. Then, a comparison of the ZKP protocol used in their underlying anonymous credential system was done. Both SSI system utilized the Identity Mixer (Idemix) anonymous credential system. Hence, the main difference between the Idemix implementation of Sovrin and IRMA is in the storage method of the credential schemas used to issue and verify credentials. Finally, the performance of the ZKP protocol used during credential disclosure in IRMA's Idemix implementation was pitted against the ZKP protocol of an alternative anonymous credential system based on Algebraic Message Authentication Code (AMAC). The evaluation was done in terms of the disclosure proof size, and disclosure proving time. The results showed that the AMAC implementation produced a proof with a smaller storage space than Idemix. However, while the AMAC implementation showed faster proof creation times than Idemix for a small number of attributes, its performance deteriorates when the number of proven attributes becomes larger than 25. Despite these benchmarks results, it seems that SSI systems such as IRMA prefer Idemix because the digital signatures on credentials can be verified using the issuer's public key. It was summarized that while alternative credential proving methods like AMACs are compatible with open source SSI systems such as IRMA, the best credential proving method depends on the SSI system's requirements.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page