Achieving Higher Level of Assurance in Privacy Preserving Identity Wallets

Recent advances in Decentralized Digital Identity solutions, revolving around the use of Verifiable Credentials towards identity sovereignty, are centered around Identity Wallets for ensuring that identity data control remains with the user. However, such schemes still lack the capabilities to provide higher Level of Assurance (LoA) guarantees, for identity verification, which restricts their full potential. In this paper, we design and showcase DOOR; a library that enables Identity Wallets to leverage hardware Roots-of-Trust (RoT) for binding user authentication factors to HW-based keys, thus, allowing for both proof of (User) identity and (Wallet) integrity, bringing them in alignment with emerging regulations and standards that require higher LoA for services (e.g. eIDAS). At the same time, we make sure that privacy-enhancing properties like selective-disclosure are fully supported in order to make the Wallet compliant with privacy regulations (e.g. GDPR). To achieve all the above, we have designed an enhanced variant of Attribute-based Direct Anonymous Attestation (DAA-A) crypto protocol for offering anonymity, unlinkability, and unforgeability, while being the first to offer strong guarantees on the Wallet’s integrity when constructing attribute attestations. We formally prove the security properties of DOOR, offered by the underlying crypto primitives used to enable selective disclosure of attributes, by describing their construction while also benchmarking their computational footprint and comparing them with other widespread cryptographic mechanisms (adopted by the standards) in terms of performance, size of the associated verifiable presentations while safeguarding user anonymous authentication and unlinkability.