Publications-Theses
Article View/Open
Publication Export
-
Google ScholarTM
NCCU Library
Citation Infomation
Related Publications in TAIR
題名 去中心化身分驗證的隱私強化技術:基於指定驗證者簽章及泛用環簽章的可驗證憑證
Privacy-Enhancing Technologies for Decentralized Identity Authentication: Verifiable Credentials based on Designated Verifier Signature and Universal Ring Signature作者 鄭凱恩
Cheng, Kai-En貢獻者 左瑞麟
Tso, Raylin
鄭凱恩
Cheng, Kai-En關鍵詞 去中心化身分識別符
可驗證憑證
隱私保護
泛用環簽章
指定驗證者簽章
Decentralized Identifiers
Verifiable Credentials
Privacy-preserving
Universal Ring Signature
Designated Verifier Signature日期 2025 上傳時間 4-Aug-2025 15:47:08 (UTC+8) 摘要 在身分自主權(Self-Sovereign Identity, SSI)的概念逐漸受到重視後,中心化的身分驗證機制不再是使用者進行服務存取時最好的選擇。身分自主權的核心可以概括為:一,對身分屬性的存取必須在使用者的控制之下;二,使用者能夠在不同情境中有選擇地公開必要屬性、隱藏非必要屬性,而無需憑證發行者的協助。去中心化身分驗證機制因其可以提供隱私保護而受到重視,去中心化身分識別符(Decentralized Identifiers, DIDs)與可驗證憑證(Verifiable Credentials, VCs)技術就是典型的例子。利用去中心化系統能有效解決中心化架構中用戶身分被掌握在身分提供商手中的缺點。然而,當驗證者間存在共謀的疑慮時,支援選擇性揭露的JWT(Selective Disclosure for JWTs, SD-JWT)、零知識證明等現有機制仍可能讓用戶的隱私面臨風險。研究提出了一種結合去中心化身分識別符、可驗證憑證和數位簽章的隱私強化方案,保持便利性和去中心化特性的同時,即使在驗證者共謀的情況下也能確保用戶身份隱私受到保護。
With the growing emphasis on Self-Sovereign Identity, centralized identity verification mechanisms are no longer considered optimal for service access. Decentralized identity systems have gained attention for their ability to enhance privacy, with technologies such as Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) being representative examples. These systems address key drawbacks of centralized architectures, where identity information is controlled by Identity Providers. However, when verifiers are potentially colluding, existing solutions such as SD-JWT (Selective Disclosure for JWTs) and Zero-Knowledge Proofs may still pose privacy risks. The thesis proposes a privacy-enhancing solution that integrates DIDs, VCs, and digital signatures. The proposed approach maintains both usability and decentralization while ensuring that user identity privacy is preserved even in the presence of collusion between verifiers.參考文獻 [1] Masayuki Abe, Miyako Ohkubo, and Koutarou Suzuki. 1-out-of-n signatures from a variety of keys. In International conference on the theory and application of cryptology and information security, pages 415–432. Springer, 2002. [2] Man Ho Au, Willy Susilo, and Yi Mu. Constant-size dynamic k-taa. In International conference on security and cryptography for networks, pages 111–125. Springer, 2006. [3] David Bauer, Douglas M Blough, and David Cash. Minimal information disclosure with efficiently verifiable credentials. In Proceedings of the 4th ACM workshop on Digital identity management, pages 15–24, 2008. [4] Dan Boneh, Xavier Boyen, and Hovav Shacham. Short group signatures. In Annual international cryptology conference, pages 41–55. Springer, 2004. [5] Jan Camenisch and Markus Stadler. Proof systems for general statements about discrete logarithms. Technical Report/ETH Zurich, Department of Computer Science, 260, 1997. [6] Brian Campbell, Chuck Mortimore, and Michael B. Jones. Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants. RFC 7522, May 2015. [7] David Chaum and Torben Pryds Pedersen. Wallet databases with observers. In Annual international cryptology conference, pages 89–105. Springer, 1992. [8] David Chaum and Eugène Van Heyst. Group signatures. In Advances in Cryptology—EUROCRYPT’91: Workshop on the Theory and Application of Cryptographic Techniques Brighton, UK, April 8–11, 1991 Proceedings 10, pages 257–265. Springer, 1991. [9] Yevgeniy Dodis, Harish Karthikeyan, and Daniel Wichs. Updatable public key encryption in the standard model. In Theory of Cryptography: 19th International Conference, TCC 2021, Raleigh, NC, USA, November 8–11, 2021, Proceedings, Part III 19, pages 254–285. Springer, 2021. [10] European Commission. Eu digital identity wallet home, 2025. [11] Daniel Fett, Kristina Yasuda, and Brian Campbell. Selective Disclosure for JWTs (SD-JWT). Internet-Draft draft-ietf-oauth-selective-disclosure-jwt-14, Internet Engineering Task Force, November 2024. Work in Progress. [12] Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Conference on the theory and application of cryptographic techniques, pages 186–194. Springer, 1986. [13] Nikos Fotiou, Iakovos Pittaras, Spiros Chadoulos, Vasilios A Siris, George C Polyzos, Nikolaos Ipiotis, and Stratos Keranidis. Authentication, authorization, and selective disclosure for iot data sharing using verifiable credentials and zero-knowledge proofs. In International Workshop on Emerging Technologies for Authorization and Authentication, pages 88–101. Springer, 2022. [14] GOV.UK Wallet. Uk digital wallet, 2025. [15] Dick Hardt. The OAuth 2.0 Authorization Framework. RFC 6749, October 2012. [16] Patrick Herbke and Anish Sapkota. Decentralized credential verification. ArXiv preprint arXiv:2406.11535, 2024. [17] Japan Digital Agency. Japan digital identity wallet, 2025. [18] Emmanouil Koukoularis, Vasileios Markopoulos, and Nikos Voutsinas. A self-sovereign way to exchange educational credentials. Proceedings of European University, 95:311–319, 2023. [19] CD Nassar Kyriakidou, AM Papathanasiou, I Pittaras, N Fotiou, Y Thomas, and GC Polyzos. Attribute-based access control utilizing verifiable credentials for multi-tenant iot systems. In 2024 IEEE 4th International Conference on Electronic Communications, Internet of Things and Big Data (ICEIB), pages 57–62. IEEE, 2024. [20] Carlo Mazzocca, Abbas Acar, Selcuk Uluagac, Rebecca Montanari, Paolo Bellavista, and Mauro Conti. A survey on decentralized identifiers and verifiable credentials. arXiv preprint arXiv:2402.02455, 2024. [21] Christian Paquin, Guru-Vamsi Policharla, and Greg Zaverucha. Crescent: Stronger privacy for existing credentials. Cryptology ePrint Archive, 2024. [22] Blaž Podgorelec, Lukas Alber, and Thomas Zefferer. What is a (digital) identity wallet? a systematic literature review. In 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC), pages 809–818, 2022. [23] Ronald L Rivest, Adi Shamir, and Yael Tauman. How to leak a secret. In Advances in Cryptology—ASIACRYPT 2001: 7th International Conference on the Theory and Application of Cryptology and Information Security Gold Coast, Australia, December 9–13, 2001 Proceedings 7, pages 552–565. Springer, 2001. [24] Denis Roio, Rebecca Selvaggini, Gabriele Bellini, Andrea D’Intino, and BV Fork-bomb. Privacy preserving selective disclosure of verifiable credentials with unlinkable threshold revocation. 2024. [25] Shahrokh Saeednia, Steve Kremer, and Olivier Markowitch. An efficient strong designated verifier signature scheme. In Information Security and Cryptology-ICISC 2003: 6th International Conference, Seoul, Korea, November 27-28, 2003. Revised Papers 6, pages 40–54. Springer, 2004. [26] Amit Sahai and Brent Waters. Fuzzy identity-based encryption. In Advances in Cryptology–EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005. Proceedings 24, pages 457–473. Springer, 2005. [27] Arto Salomaa. Public-key cryptography. 2013. [28] Claus-Peter Schnorr. Efficient signature generation by smart cards. Journal of cryptology, 4:161–174, 1991. [29] Xiaoqiang Sun, F Richard Yu, Peng Zhang, Zhiwei Sun, Weixin Xie, and Xiang Peng. A survey on zero-knowledge proof in blockchain. IEEE network, 35(4):198–205, 2021. [30] Raylin Tso. A new way to generate a ring: Universal ring signature. Computers & Mathematics with Applications, 65(9):1350–1359, 2013. [31] World Wide Web Consortium (W3C). Verifiable credentials data model v2.0. https://www.w3.org/TR/vc-data-model-2.0/, 19, December, 2024. [32] World Wide Web Consortium (W3C). Decentralized identifiers (dids) v1.0. https://www.w3.org/TR/did-core/, 19, July, 2022. [33] Yalan Wang, Liqun Chen, Long Meng, and Christopher JP Newton. Vcadid: Verifiable credentials with anonymous decentralized identities. Classical and post-quantum anonymous signatures, page 55, 2024. [34] Tobias Wich, Detlef Hühnlein, Florian Otto, and Mike Prechtl. Qualified electronic signatures with the eu digital identity wallet. In Open Identity Summit 2024, pages 151–162. Gesellschaft für Informatik eV, 2024. 描述 碩士
國立政治大學
資訊安全碩士學位學程
112791011資料來源 http://thesis.lib.nccu.edu.tw/record/#G0112791011 資料類型 thesis dc.contributor.advisor 左瑞麟 zh_TW dc.contributor.advisor Tso, Raylin en_US dc.contributor.author (Authors) 鄭凱恩 zh_TW dc.contributor.author (Authors) Cheng, Kai-En en_US dc.creator (作者) 鄭凱恩 zh_TW dc.creator (作者) Cheng, Kai-En en_US dc.date (日期) 2025 en_US dc.date.accessioned 4-Aug-2025 15:47:08 (UTC+8) - dc.date.available 4-Aug-2025 15:47:08 (UTC+8) - dc.date.issued (上傳時間) 4-Aug-2025 15:47:08 (UTC+8) - dc.identifier (Other Identifiers) G0112791011 en_US dc.identifier.uri (URI) https://nccur.lib.nccu.edu.tw/handle/140.119/158785 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊安全碩士學位學程 zh_TW dc.description (描述) 112791011 zh_TW dc.description.abstract (摘要) 在身分自主權(Self-Sovereign Identity, SSI)的概念逐漸受到重視後,中心化的身分驗證機制不再是使用者進行服務存取時最好的選擇。身分自主權的核心可以概括為:一,對身分屬性的存取必須在使用者的控制之下;二,使用者能夠在不同情境中有選擇地公開必要屬性、隱藏非必要屬性,而無需憑證發行者的協助。去中心化身分驗證機制因其可以提供隱私保護而受到重視,去中心化身分識別符(Decentralized Identifiers, DIDs)與可驗證憑證(Verifiable Credentials, VCs)技術就是典型的例子。利用去中心化系統能有效解決中心化架構中用戶身分被掌握在身分提供商手中的缺點。然而,當驗證者間存在共謀的疑慮時,支援選擇性揭露的JWT(Selective Disclosure for JWTs, SD-JWT)、零知識證明等現有機制仍可能讓用戶的隱私面臨風險。研究提出了一種結合去中心化身分識別符、可驗證憑證和數位簽章的隱私強化方案,保持便利性和去中心化特性的同時,即使在驗證者共謀的情況下也能確保用戶身份隱私受到保護。 zh_TW dc.description.abstract (摘要) With the growing emphasis on Self-Sovereign Identity, centralized identity verification mechanisms are no longer considered optimal for service access. Decentralized identity systems have gained attention for their ability to enhance privacy, with technologies such as Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) being representative examples. These systems address key drawbacks of centralized architectures, where identity information is controlled by Identity Providers. However, when verifiers are potentially colluding, existing solutions such as SD-JWT (Selective Disclosure for JWTs) and Zero-Knowledge Proofs may still pose privacy risks. The thesis proposes a privacy-enhancing solution that integrates DIDs, VCs, and digital signatures. The proposed approach maintains both usability and decentralization while ensuring that user identity privacy is preserved even in the presence of collusion between verifiers. en_US dc.description.tableofcontents 誌謝 i 摘要 ii Abstract iii Contents iv List of Figures vi List of Tables vii 1 Introduction 1 1.1 Motivation 2 1.2 Contribution 3 1.3 Threat model 4 2 Related Work 8 2.1 Decentralized Identifiers 8 2.2 Verifiable Credentials 10 2.3 Applied technologies 12 3 Preliminaries 14 3.1 Universal Ring Signature 15 3.2 Designated Verifier Signature 18 3.3 Zero Knowledge Proof 19 4 Proposed Scheme 23 4.1 Process Overview 23 4.2 VC Transformation 25 4.3 VC with Designated Verifier Signature and Universal Ring Signature 28 5 Security Analysis 31 5.1 Attribute Leakage 31 5.2 Verifier Collusion 32 5.3 Implicit Information Inference 34 5.4 Issuing VCs in Plaintext 35 6 Experiments & Implementation 37 6.1 Experimental Setup and Performance Comparison 37 6.2 Application 38 7 Conclusions 40 Reference 41 zh_TW dc.format.extent 2334398 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0112791011 en_US dc.subject (關鍵詞) 去中心化身分識別符 zh_TW dc.subject (關鍵詞) 可驗證憑證 zh_TW dc.subject (關鍵詞) 隱私保護 zh_TW dc.subject (關鍵詞) 泛用環簽章 zh_TW dc.subject (關鍵詞) 指定驗證者簽章 zh_TW dc.subject (關鍵詞) Decentralized Identifiers en_US dc.subject (關鍵詞) Verifiable Credentials en_US dc.subject (關鍵詞) Privacy-preserving en_US dc.subject (關鍵詞) Universal Ring Signature en_US dc.subject (關鍵詞) Designated Verifier Signature en_US dc.title (題名) 去中心化身分驗證的隱私強化技術:基於指定驗證者簽章及泛用環簽章的可驗證憑證 zh_TW dc.title (題名) Privacy-Enhancing Technologies for Decentralized Identity Authentication: Verifiable Credentials based on Designated Verifier Signature and Universal Ring Signature en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [1] Masayuki Abe, Miyako Ohkubo, and Koutarou Suzuki. 1-out-of-n signatures from a variety of keys. In International conference on the theory and application of cryptology and information security, pages 415–432. Springer, 2002. [2] Man Ho Au, Willy Susilo, and Yi Mu. Constant-size dynamic k-taa. In International conference on security and cryptography for networks, pages 111–125. Springer, 2006. [3] David Bauer, Douglas M Blough, and David Cash. Minimal information disclosure with efficiently verifiable credentials. In Proceedings of the 4th ACM workshop on Digital identity management, pages 15–24, 2008. [4] Dan Boneh, Xavier Boyen, and Hovav Shacham. Short group signatures. In Annual international cryptology conference, pages 41–55. Springer, 2004. [5] Jan Camenisch and Markus Stadler. Proof systems for general statements about discrete logarithms. Technical Report/ETH Zurich, Department of Computer Science, 260, 1997. [6] Brian Campbell, Chuck Mortimore, and Michael B. Jones. Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants. RFC 7522, May 2015. [7] David Chaum and Torben Pryds Pedersen. Wallet databases with observers. In Annual international cryptology conference, pages 89–105. Springer, 1992. [8] David Chaum and Eugène Van Heyst. Group signatures. In Advances in Cryptology—EUROCRYPT’91: Workshop on the Theory and Application of Cryptographic Techniques Brighton, UK, April 8–11, 1991 Proceedings 10, pages 257–265. Springer, 1991. [9] Yevgeniy Dodis, Harish Karthikeyan, and Daniel Wichs. Updatable public key encryption in the standard model. In Theory of Cryptography: 19th International Conference, TCC 2021, Raleigh, NC, USA, November 8–11, 2021, Proceedings, Part III 19, pages 254–285. Springer, 2021. [10] European Commission. Eu digital identity wallet home, 2025. [11] Daniel Fett, Kristina Yasuda, and Brian Campbell. Selective Disclosure for JWTs (SD-JWT). Internet-Draft draft-ietf-oauth-selective-disclosure-jwt-14, Internet Engineering Task Force, November 2024. Work in Progress. [12] Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Conference on the theory and application of cryptographic techniques, pages 186–194. Springer, 1986. [13] Nikos Fotiou, Iakovos Pittaras, Spiros Chadoulos, Vasilios A Siris, George C Polyzos, Nikolaos Ipiotis, and Stratos Keranidis. Authentication, authorization, and selective disclosure for iot data sharing using verifiable credentials and zero-knowledge proofs. In International Workshop on Emerging Technologies for Authorization and Authentication, pages 88–101. Springer, 2022. [14] GOV.UK Wallet. Uk digital wallet, 2025. [15] Dick Hardt. The OAuth 2.0 Authorization Framework. RFC 6749, October 2012. [16] Patrick Herbke and Anish Sapkota. Decentralized credential verification. ArXiv preprint arXiv:2406.11535, 2024. [17] Japan Digital Agency. Japan digital identity wallet, 2025. [18] Emmanouil Koukoularis, Vasileios Markopoulos, and Nikos Voutsinas. A self-sovereign way to exchange educational credentials. Proceedings of European University, 95:311–319, 2023. [19] CD Nassar Kyriakidou, AM Papathanasiou, I Pittaras, N Fotiou, Y Thomas, and GC Polyzos. Attribute-based access control utilizing verifiable credentials for multi-tenant iot systems. In 2024 IEEE 4th International Conference on Electronic Communications, Internet of Things and Big Data (ICEIB), pages 57–62. IEEE, 2024. [20] Carlo Mazzocca, Abbas Acar, Selcuk Uluagac, Rebecca Montanari, Paolo Bellavista, and Mauro Conti. A survey on decentralized identifiers and verifiable credentials. arXiv preprint arXiv:2402.02455, 2024. [21] Christian Paquin, Guru-Vamsi Policharla, and Greg Zaverucha. Crescent: Stronger privacy for existing credentials. Cryptology ePrint Archive, 2024. [22] Blaž Podgorelec, Lukas Alber, and Thomas Zefferer. What is a (digital) identity wallet? a systematic literature review. In 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC), pages 809–818, 2022. [23] Ronald L Rivest, Adi Shamir, and Yael Tauman. How to leak a secret. In Advances in Cryptology—ASIACRYPT 2001: 7th International Conference on the Theory and Application of Cryptology and Information Security Gold Coast, Australia, December 9–13, 2001 Proceedings 7, pages 552–565. Springer, 2001. [24] Denis Roio, Rebecca Selvaggini, Gabriele Bellini, Andrea D’Intino, and BV Fork-bomb. Privacy preserving selective disclosure of verifiable credentials with unlinkable threshold revocation. 2024. [25] Shahrokh Saeednia, Steve Kremer, and Olivier Markowitch. An efficient strong designated verifier signature scheme. In Information Security and Cryptology-ICISC 2003: 6th International Conference, Seoul, Korea, November 27-28, 2003. Revised Papers 6, pages 40–54. Springer, 2004. [26] Amit Sahai and Brent Waters. Fuzzy identity-based encryption. In Advances in Cryptology–EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005. Proceedings 24, pages 457–473. Springer, 2005. [27] Arto Salomaa. Public-key cryptography. 2013. [28] Claus-Peter Schnorr. Efficient signature generation by smart cards. Journal of cryptology, 4:161–174, 1991. [29] Xiaoqiang Sun, F Richard Yu, Peng Zhang, Zhiwei Sun, Weixin Xie, and Xiang Peng. A survey on zero-knowledge proof in blockchain. IEEE network, 35(4):198–205, 2021. [30] Raylin Tso. A new way to generate a ring: Universal ring signature. Computers & Mathematics with Applications, 65(9):1350–1359, 2013. [31] World Wide Web Consortium (W3C). Verifiable credentials data model v2.0. https://www.w3.org/TR/vc-data-model-2.0/, 19, December, 2024. [32] World Wide Web Consortium (W3C). Decentralized identifiers (dids) v1.0. https://www.w3.org/TR/did-core/, 19, July, 2022. [33] Yalan Wang, Liqun Chen, Long Meng, and Christopher JP Newton. Vcadid: Verifiable credentials with anonymous decentralized identities. Classical and post-quantum anonymous signatures, page 55, 2024. [34] Tobias Wich, Detlef Hühnlein, Florian Otto, and Mike Prechtl. Qualified electronic signatures with the eu digital identity wallet. In Open Identity Summit 2024, pages 151–162. Gesellschaft für Informatik eV, 2024. zh_TW
