- From: Nikos Fotiou <fotiou@aueb.gr>
- Date: Wed, 13 May 2020 14:49:31 +0300
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-Id: <E06870A5-8255-4E8C-9B9C-00F5EB2877DB@aueb.gr>
Hi all, In NDSS 2020 there was a paper that used the same technique to perform certificate revocation. The biggest advantage of this technique is that it is very scalable and fast. A privacy feature that the authors mention is privacy of the verifier: the verifier can receive the revocation list from a 3rd party without revealing for which certificate is really interested. The paper was: "Let’s Revoke: Scalable Global Certificate Revocation by Trevor Smith, Luke Dickinson, and Kent Seamons from Brigham Young University" and it can be found here: https://www.ndss-symposium.org/wp-content/uploads/2020/02/24084-paper.pdf Moreover, in the following link you can find the slides and the video of the paper presentation https://www.ndss-symposium.org/ndss-program/2020-program/ Best, Nikos > On 2 May 2020, at 12:42 AM, Manu Sporny <msporny@digitalbazaar.com> wrote: > > Hi all, > > One of Digital Bazaar's deliverables for the DHS SVIP program was a > privacy-preserving Verifiable Credential revocation mechanism that would > be implementable and deployable by a large section of the Verifiable > Credential implementer ecosystem. We have finished the first end-to-end > implementation and testing of the system and feel that it's good enough > to release to get feedback from the broader community at this time. > > At the most basic level, this technology expresses revocation > information for all Verifiable Credentials issued by an issuer as > simple binary values. The issuer keeps a bitstring list of all > Verifiable Credentials it has issued. Each Cerifiable Credential is > associated with a position in the list. If the binary value of the > position in the list is 1 (one), the verifiable credential is revoked, > if it is 0 (zero) it is not revoked. > > One of the benefits of using a bitstring is that it is a highly > compressible data format since, in the average case, large numbers of > credentials will remain unrevoked. This will ensure long sections of > bits that are the same value and thus highly compressible using > run-length compression techniques such as ZLIB [RFC1950]. The default > bitstring size is 16KB (131,072 entries), and when only a handful of > verifiable credentials are revoked, the compressed bitstring size is > reduced down to a few hundred bytes. > > Another benefit of using a bitstring is that it enables large numbers of > verifiable credential revocation statuses to be placed in the same list. > This specification utilizes a minimum bitstring length of 131,072 > (16KB). This population size ensures an adequate amount of herd privacy > in the average case. If better herd privacy is required, the bitstring > can be made to be larger. > > The system is implementable with one developer working for about a week > and does not need a DLT or any other advanced distributed system to > operate. It can be placed as a single file on a standard web server. > > The specification is here: > > https://digitalbazaar.github.io/vc-status-rl-2020/ > > Open source implementation is here: > > https://github.com/digitalbazaar/vc-revocation-list > > Checking credential status has already been integrated into vc-js here: > > https://github.com/digitalbazaar/vc-js/commit/88e7971d39c1889c74f227d71a9812852f6485a8 > > This email is: > > * A request for a second organization that would like to be > listed as a co-editor on this specification. > > * An announcement that we will be opening a new issue to > request adopting this as a work item once we get a second > editor, and > > * A request for telecon time during our next meeting to > socialize the specification in the CCG. > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > blog: Veres One Decentralized Identifier Blockchain Launches > https://tinyurl.com/veres-one-launches >
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Wednesday, 13 May 2020 11:49:48 UTC