Re: New Work Item Proposal: Revocation List 2020

Hi all,
In NDSS 2020 there was a paper that used the same technique to perform certificate revocation. The biggest advantage of this technique is that it is very scalable and fast. A privacy feature that the authors mention is privacy of the verifier: the verifier can receive the revocation list from a 3rd party without revealing for which certificate is really interested.  The paper was: "Let’s Revoke: Scalable Global Certificate Revocation by Trevor Smith, Luke Dickinson, and Kent Seamons from  Brigham Young University" and it can be found here:

https://www.ndss-symposium.org/wp-content/uploads/2020/02/24084-paper.pdf

Moreover, in the following link you can find the slides and the video of the paper presentation

https://www.ndss-symposium.org/ndss-program/2020-program/

Best,
Nikos


> On 2 May 2020, at 12:42 AM, Manu Sporny <msporny@digitalbazaar.com> wrote:
> 
> Hi all,
> 
> One of Digital Bazaar's deliverables for the DHS SVIP program was a
> privacy-preserving Verifiable Credential revocation mechanism that would
> be implementable and deployable by a large section of the Verifiable
> Credential implementer ecosystem. We have finished the first end-to-end
> implementation and testing of the system and feel that it's good enough
> to release to get feedback from the broader community at this time.
> 
> At the most basic level, this technology expresses revocation
> information for all Verifiable Credentials issued by an issuer  as
> simple binary values. The issuer keeps a bitstring list of all
> Verifiable Credentials it has issued. Each Cerifiable Credential is
> associated with a position in the list. If the binary value of the
> position in the list is 1 (one), the verifiable credential is revoked,
> if it is 0 (zero) it is not revoked.
> 
> One of the benefits of using a bitstring is that it is a highly
> compressible data format since, in the average case, large numbers of
> credentials will remain unrevoked. This will ensure long sections of
> bits that are the same value and thus highly compressible using
> run-length compression techniques such as ZLIB [RFC1950]. The default
> bitstring size is 16KB (131,072 entries), and when only a handful of
> verifiable credentials are revoked, the compressed bitstring size is
> reduced down to a few hundred bytes.
> 
> Another benefit of using a bitstring is that it enables large numbers of
> verifiable credential revocation statuses to be placed in the same list.
> This specification utilizes a minimum bitstring length of 131,072
> (16KB). This population size ensures an adequate amount of herd privacy
> in the average case. If better herd privacy is required, the bitstring
> can be made to be larger.
> 
> The system is implementable with one developer working for about a week
> and does not need a DLT or any other advanced distributed system to
> operate. It can be placed as a single file on a standard web server.
> 
> The specification is here:
> 
> https://digitalbazaar.github.io/vc-status-rl-2020/
> 
> Open source implementation is here:
> 
> https://github.com/digitalbazaar/vc-revocation-list
> 
> Checking credential status has already been integrated into vc-js here:
> 
> https://github.com/digitalbazaar/vc-js/commit/88e7971d39c1889c74f227d71a9812852f6485a8
> 
> This email is:
> 
> * A request for a second organization that would like to be
>  listed as a co-editor on this specification.
> 
> * An announcement that we will be opening a new issue to
>  request adopting this as a work item once we get a second
>  editor, and
> 
> * A request for telecon time during our next meeting to
>  socialize the specification in the CCG.
> 
> -- manu
> 
> -- 
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches
>