Multi-Party Revocation in Sovrin: Performance through Distributed Trust

Lukas Helminger; Daniel Kales; Sebastian Ramacher; Roman Walch

doi:10.1007/978-3-030-75539-3_22

Multi-Party Revocation in Sovrin: Performance through Distributed Trust

Lukas Helminger, Daniel Kales, Sebastian Ramacher, Roman Walch^*

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Accumulators provide compact representations of large sets and compact membership witnesses. Besides constant-size witnesses, public-key accumulators provide efficient updates of both the accumulator itself and the witness. However, bilinear group based accumulators come with drawbacks: they require a trusted setup and their performance is not practical for real-world applications with large sets. In this paper, we introduce multi-party public-key accumulators dubbed dynamic (threshold) secret-shared accumulators. We present an instantiation using bilinear groups having access to more efficient witness generation and update algorithms that utilize the shares of the secret trapdoors sampled by the parties generating the public parameters. Specifically, for the q -SDH-based accumulators, we provide a maliciously-secure variant sped up by a secure multi-party computation (MPC) protocol (IMACC’19) built on top of SPDZ and a maliciously secure threshold variant built with Shamir secret sharing. For these schemes, a performant proof-of-concept implementation is provided, which substantiates the practicability of public-key accumulators in this setting. We explore applications of dynamic (threshold) secret-shared accumulators to revocation schemes of group signatures and credentials system. In particular, we consider it as part of Sovrin’s system for anonymous credentials where credentials are issued by the foundation of trusted nodes.

Original language	English
Title of host publication	Topics in Cryptology - CT-RSA 2021
Subtitle of host publication	Cryptographers’ Track at the RSA Conference 2021, Virtual Event, May 17–20, 2021, Proceedings
Editors	Kenneth G. Paterson
Place of Publication	San Francisco, CA, USA
Publisher	Springer, Cham
Pages	527-551
ISBN (Electronic)	978-3-030-75539-3
ISBN (Print)	978-3-030-75538-6
DOIs	https://doi.org/10.1007/978-3-030-75539-3_22
Publication status	Published - 17 May 2021
Event	Topics in Cryptology - The Cryptographer's Track at the RSA Conference 2021: CT-RSA 2021 - Virtuell Duration: 17 May 2021 → 20 May 2021

Publication series

Name	Lecture Notes in Computer Science
Volume	12704
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Topics in Cryptology - The Cryptographer's Track at the RSA Conference 2021
Abbreviated title	RSAC 2021
City	Virtuell
Period	17/05/21 → 20/05/21

Keywords

multiparty computation
dynamic accumulators
distributed trust
threshold accumulators
Multiparty computation
Distributed trust
Dynamic accumulators
Threshold accumulators

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-75539-3_22

https://eprint.iacr.org/2020/724

Cite this

Helminger, L., Kales, D., Ramacher, S., & Walch, R. (2021). Multi-Party Revocation in Sovrin: Performance through Distributed Trust. In K. G. Paterson (Ed.), Topics in Cryptology - CT-RSA 2021 : Cryptographers’ Track at the RSA Conference 2021, Virtual Event, May 17–20, 2021, Proceedings (pp. 527-551). (Lecture Notes in Computer Science; Vol. 12704). Springer, Cham. https://doi.org/10.1007/978-3-030-75539-3_22

Multi-Party Revocation in Sovrin: Performance through Distributed Trust. / Helminger, Lukas; Kales, Daniel; Ramacher, Sebastian et al.
Topics in Cryptology - CT-RSA 2021 : Cryptographers’ Track at the RSA Conference 2021, Virtual Event, May 17–20, 2021, Proceedings. ed. / Kenneth G. Paterson. San Francisco, CA, USA: Springer, Cham, 2021. p. 527-551 (Lecture Notes in Computer Science; Vol. 12704).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Helminger, L, Kales, D, Ramacher, S & Walch, R 2021, Multi-Party Revocation in Sovrin: Performance through Distributed Trust. in KG Paterson (ed.), Topics in Cryptology - CT-RSA 2021 : Cryptographers’ Track at the RSA Conference 2021, Virtual Event, May 17–20, 2021, Proceedings. Lecture Notes in Computer Science, vol. 12704, Springer, Cham, San Francisco, CA, USA, pp. 527-551, Topics in Cryptology - The Cryptographer's Track at the RSA Conference 2021, Virtuell, 17/05/21. https://doi.org/10.1007/978-3-030-75539-3_22

Helminger L, Kales D, Ramacher S, Walch R. Multi-Party Revocation in Sovrin: Performance through Distributed Trust. In Paterson KG, editor, Topics in Cryptology - CT-RSA 2021 : Cryptographers’ Track at the RSA Conference 2021, Virtual Event, May 17–20, 2021, Proceedings. San Francisco, CA, USA: Springer, Cham. 2021. p. 527-551. (Lecture Notes in Computer Science). doi: 10.1007/978-3-030-75539-3_22

Helminger, Lukas ; Kales, Daniel ; Ramacher, Sebastian et al. / Multi-Party Revocation in Sovrin: Performance through Distributed Trust. Topics in Cryptology - CT-RSA 2021 : Cryptographers’ Track at the RSA Conference 2021, Virtual Event, May 17–20, 2021, Proceedings. editor / Kenneth G. Paterson. San Francisco, CA, USA : Springer, Cham, 2021. pp. 527-551 (Lecture Notes in Computer Science).

@inproceedings{9b213a17d9cf413a8d9caefdf3d920e4,

title = "Multi-Party Revocation in Sovrin: Performance through Distributed Trust",

abstract = "Accumulators provide compact representations of large sets and compact membership witnesses. Besides constant-size witnesses, public-key accumulators provide efficient updates of both the accumulator itself and the witness. However, bilinear group based accumulators come with drawbacks: they require a trusted setup and their performance is not practical for real-world applications with large sets. In this paper, we introduce multi-party public-key accumulators dubbed dynamic (threshold) secret-shared accumulators. We present an instantiation using bilinear groups having access to more efficient witness generation and update algorithms that utilize the shares of the secret trapdoors sampled by the parties generating the public parameters. Specifically, for the q -SDH-based accumulators, we provide a maliciously-secure variant sped up by a secure multi-party computation (MPC) protocol (IMACC{\textquoteright}19) built on top of SPDZ and a maliciously secure threshold variant built with Shamir secret sharing. For these schemes, a performant proof-of-concept implementation is provided, which substantiates the practicability of public-key accumulators in this setting. We explore applications of dynamic (threshold) secret-shared accumulators to revocation schemes of group signatures and credentials system. In particular, we consider it as part of Sovrin{\textquoteright}s system for anonymous credentials where credentials are issued by the foundation of trusted nodes.",

keywords = "multiparty computation, dynamic accumulators, distributed trust, threshold accumulators, Multiparty computation, Distributed trust, Dynamic accumulators, Threshold accumulators",

author = "Lukas Helminger and Daniel Kales and Sebastian Ramacher and Roman Walch",

year = "2021",

month = may,

day = "17",

doi = "10.1007/978-3-030-75539-3_22",

language = "English",

isbn = "978-3-030-75538-6",

series = "Lecture Notes in Computer Science",

publisher = "Springer, Cham",

pages = "527--551",

editor = "Paterson, {Kenneth G.}",

booktitle = "Topics in Cryptology - CT-RSA 2021",

note = "Topics in Cryptology - The Cryptographer's Track at the RSA Conference 2021 : CT-RSA 2021, RSAC 2021 ; Conference date: 17-05-2021 Through 20-05-2021",

}

TY - GEN

T1 - Multi-Party Revocation in Sovrin: Performance through Distributed Trust

AU - Helminger, Lukas

AU - Kales, Daniel

AU - Ramacher, Sebastian

AU - Walch, Roman

PY - 2021/5/17

Y1 - 2021/5/17

N2 - Accumulators provide compact representations of large sets and compact membership witnesses. Besides constant-size witnesses, public-key accumulators provide efficient updates of both the accumulator itself and the witness. However, bilinear group based accumulators come with drawbacks: they require a trusted setup and their performance is not practical for real-world applications with large sets. In this paper, we introduce multi-party public-key accumulators dubbed dynamic (threshold) secret-shared accumulators. We present an instantiation using bilinear groups having access to more efficient witness generation and update algorithms that utilize the shares of the secret trapdoors sampled by the parties generating the public parameters. Specifically, for the q -SDH-based accumulators, we provide a maliciously-secure variant sped up by a secure multi-party computation (MPC) protocol (IMACC’19) built on top of SPDZ and a maliciously secure threshold variant built with Shamir secret sharing. For these schemes, a performant proof-of-concept implementation is provided, which substantiates the practicability of public-key accumulators in this setting. We explore applications of dynamic (threshold) secret-shared accumulators to revocation schemes of group signatures and credentials system. In particular, we consider it as part of Sovrin’s system for anonymous credentials where credentials are issued by the foundation of trusted nodes.

AB - Accumulators provide compact representations of large sets and compact membership witnesses. Besides constant-size witnesses, public-key accumulators provide efficient updates of both the accumulator itself and the witness. However, bilinear group based accumulators come with drawbacks: they require a trusted setup and their performance is not practical for real-world applications with large sets. In this paper, we introduce multi-party public-key accumulators dubbed dynamic (threshold) secret-shared accumulators. We present an instantiation using bilinear groups having access to more efficient witness generation and update algorithms that utilize the shares of the secret trapdoors sampled by the parties generating the public parameters. Specifically, for the q -SDH-based accumulators, we provide a maliciously-secure variant sped up by a secure multi-party computation (MPC) protocol (IMACC’19) built on top of SPDZ and a maliciously secure threshold variant built with Shamir secret sharing. For these schemes, a performant proof-of-concept implementation is provided, which substantiates the practicability of public-key accumulators in this setting. We explore applications of dynamic (threshold) secret-shared accumulators to revocation schemes of group signatures and credentials system. In particular, we consider it as part of Sovrin’s system for anonymous credentials where credentials are issued by the foundation of trusted nodes.

KW - multiparty computation

KW - dynamic accumulators

KW - distributed trust

KW - threshold accumulators

KW - Multiparty computation

KW - Distributed trust

KW - Dynamic accumulators

KW - Threshold accumulators

UR - http://www.scopus.com/inward/record.url?scp=85111036126&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-75539-3_22

DO - 10.1007/978-3-030-75539-3_22

M3 - Conference paper

SN - 978-3-030-75538-6

T3 - Lecture Notes in Computer Science

SP - 527

EP - 551

BT - Topics in Cryptology - CT-RSA 2021

A2 - Paterson, Kenneth G.

PB - Springer, Cham

CY - San Francisco, CA, USA

T2 - Topics in Cryptology - The Cryptographer's Track at the RSA Conference 2021

Y2 - 17 May 2021 through 20 May 2021

ER -

Multi-Party Revocation in Sovrin: Performance through Distributed Trust

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

EU - KRAKEN - Brokerage and market platform for personal data

Cite this

Multi-Party Revocation in Sovrin: Performance through Distributed Trust

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Projects

EU - KRAKEN - Brokerage and market platform for personal data

Cite this