Abstract
Bitcoin is a decentralized cryptocurrency that uses a ledger (or “blockchain”) to keep track of the transactions made between its users. Because it is a fully decentralized system and anyone can join, every transaction is by necessity public. Thus, to preserve some semblance of privacy, users in the system are represented not by their real-world identities but by pseudonyms. While pseudonyms are acceptable for a standalone cryptocurrency, the emergence of other potential blockchain-based applications — e.g., using them to administer benefits and pensions — poses a need to associate certain attributes with the users of the system. In this paper, we address the question of how to register identities and attributes in a system built on globally visible ledgers. We propose a variety of possible solutions and in each case, we analyze the tradeoff our solution provides between privacy (ensuring that no one can associate the user’s real-world identity with the pseudonym or other attributes they use on the ledger), usability (ensuring that verification of their attributes poses the lowest possible burden to users), and integrity (ensuring that no one can impersonate a user). We also present an implementation of one of our solution using Ethereum.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Al-Bassam, M.: SCPKI: a smart contract-based PKI and identity system. In: Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts, BCC 2017, pp. 35–40. ACM, New York (2017)
Alvisi, L., Clement, A., Epasto, A., Lattanzi, S., Panconesi, A.: SoK: the evolution of sybil defense via social networks. In: 2013 IEEE Symposium on Security and Privacy, pp. 382–396. IEEE Computer Society Press, Berkeley, 19–22 May 2013
Basin, D., Cremers, C., Kim, T.H.-J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: Proceedings of ACM CCS 2014, pp. 382–393 (2014)
Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from Bitcoin. In: Proceedings of the IEEE Symposium on Security and Privacy (2014)
Brandão, L.T.A.N., Christin, N., Danezis, G., Anonymous: Towards mending two nation-scale brokered identification systems. In: Proceedings on Privacy Enhancing Technologies (2015)
Caldwell, M., Voisine, A.: Passphrase-protected private key (2016)
Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001). doi:10.1007/3-540-44987-6_7
Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28628-8_4
Cellan-Jones, R.: Blockchain and benefits - a dangerous mix? http://www.bbc.com/news/technology-36785872. Accessed 04 Aug 2016
Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO 1982, Santa Barbara, CA, USA, pp. 199–203. Plenum Press, New York (1982)
Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)
Consensys: uPort: The wallet is the new browser. https://medium.com/@ConsenSys/uport-the-wallet-is-the-new-browser-b133a83fe73#.jquv8q5u3. Accessed 04 Aug 2016
Evenstad, L.: DWP trials blockchain technology for benefit payments. http://www.computerweekly.com/news/450300034/DWP-trials-blockchain-technology-for-benefit-payments. Accessed 04 Aug 2016
Fromknecht, C., Velicanu, D., Yakoubov, S.: A decentralized public key infrastructure with identity retention. IACR Cryptology ePrint Archive, Report 2014/803 (2014). http://eprint.iacr.org/2014/803.pdf
Garman, C., Green, M., Miers, I.: Decentralized anonymous credentials. In: Proceedings of the NDSS Symposium 2014 (2014)
Goldwasser, S., Bellare, M.: Lecture notes on cryptography (2000). http://cseweb.ucsd.edu/~mihir/papers/gb.pdf
Hardjono, T., Pentland, A.S.: Verifiable anonymous identities and access control in permissioned blockchains (2016). http://www.mit-trust.org/s/ChainAnchor-Identities-04172016.pdf
U.C. Office and G.D. Service: Introducing GOV.UK Verify, September 2015. https://www.gov.uk/government/publications/introducing-govuk-verify
Plimmer, G.: Use of bitcoin tech to pay UK benefits sparks privacy concerns. http://www.ft.com/cms/s/0/33d5b3fc-4767-11e6-b387-64ab0a67014c.html
Schmidt, P.: Certificates, Reputation, and the Blockchain (2015)
U.S.P. Service: Federal cloud credential exchange (FCCX), August 2013. https://www.fbo.gov/spg/USPS/SSP/HQP/1B-13-A-0003/listing.html
Acknowledgements
This project was supported in part by EPSRC Grant EP/N028104/1.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Azouvi, S., Al-Bassam, M., Meiklejohn, S. (2017). Who Am I? Secure Identity Registration on Distributed Ledgers. In: Garcia-Alfaro, J., Navarro-Arribas, G., Hartenstein, H., Herrera-Joancomartí, J. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2017 2017. Lecture Notes in Computer Science(), vol 10436. Springer, Cham. https://doi.org/10.1007/978-3-319-67816-0_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-67816-0_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67815-3
Online ISBN: 978-3-319-67816-0
eBook Packages: Computer ScienceComputer Science (R0)