RE: [EXT] ETSI TR 119 476 on selective disclosure from Brent Zundel on 2023-08-29 (public-vc-wg@w3.org from August 2023)

From: Brent Zundel <Brent.Zundel@gendigital.com>
Date: Tue, 29 Aug 2023 19:50:09 +0000
To: Sebastian Elfors <sebastian.elfors@idnow.de>, "public-vc-wg@w3.org" <public-vc-wg@w3.org>
Message-ID: <MN2PR13MB2608BACD5F527FA17E0E1FD9EEE7A@MN2PR13MB2608.namprd13.prod.outlook.com>

Thank you for the work that went into producing this report.
I am still making my way through it, but I came across something that made me pause.

I have concerns about the use of the term 'unlinkability' as I've seen it used in the document.
The use seems to be different than the common use in cryptographic literature. [1]

The following assertion is made in the conclusion section:
"The conclusion is thus that ISO mDL and SD-JWT meet the eIDAS2 regulatory and technical requirements on selective disclosure, unlinkability and cryptographic algorithms."

Unless the term 'unlinkability' has been redefined, selective disclosure schemes that make use of salted hashes along with regular digital signatures are not unlinkable. It does not matter how the hashes are salted. Any digital signature that requires unblinded sharing of the signature value is inherently linkable.

Therefore, claiming that ISO mDL and SD-JWT are in any way unlinkable is not accurate.

Does eIDAS2 have regulatory and technical requirements for unlinkability? I was unable to find the pertinent section of the proposed regulation.

[1] Unlinkability | SpringerLink<https://link.springer.com/referenceworkentry/10.1007/0-387-23483-7_448>

From: Sebastian Elfors <sebastian.elfors@idnow.de>
Sent: Monday, August 28, 2023 5:48 AM
To: public-vc-wg@w3.org
Subject: [EXT] ETSI TR 119 476 on selective disclosure

All,

ETSI has now published the technical report TR 119 476 on selective disclosure<https://www.etsi.org/deliver/etsi_tr/119400_119499/119476/01.01.01_60/tr_119476v010101p.pdf>, which has been authored by me together with Peter Altmann (Swedish Agency for Digital Government). It provides a comprehensive overview of methods for selective disclosure in general, and an analysis of how these methods can be applied for the EUDI Wallet in particular. This could potentially be of interest to W3C VC WG and the related work on standards for ZKP and selective disclosure. Please let us know if you have any feedback or want to discuss this report at a meeting.

Kind regards,
Sebastian Elfors
Senior Architect

T             +49 (0)174 17 22 150
E             sebastian.elfors@idnow.io<mailto:sebastian.elfors@idnow.de>

IDnow.io<https://www.idnow.io/?utm_source=signature&utm_medium=email&utm_campaign=signature>  |  LinkedIn<https://www.linkedin.com/company/idnow?utm_source=signature&utm_medium=email&utm_campaign=signature>   | Instagram<https://www.instagram.com/idnow_careers>

IDnow GmbH Auenstraße 100, 80469 Munich
Registration Court: Amtsgericht München HRB 210463  VAT Reg.No. DE294490635
Managing Directors: Andreas Bodczek, Joseph Lichtenberger, Armin Bauer, Guillaume Despagne

[A picture containing monitor, large  Description automatically generated]

Attachments

image/png attachment: image001.png

Received on Tuesday, 29 August 2023 19:50:44 UTC