Re: [w3ctag/design-reviews] BBS Cryptosuite v2023 Securing Verifiable Credentials with Selective Disclosure using BBS Signatures (Issue #922) from Greg Bernstein on 2024-01-16 (public-webapps-github@w3.org from January 2024)

From: Greg Bernstein <notifications@github.com>
Date: Tue, 16 Jan 2024 11:49:59 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/922/1894408455@github.com>

Hi all, (@hadleybeeman, @msporny, @jyasskin), in the privacy considerations section on [unlinkability](https://w3c.github.io/vc-di-bbs/#selective-disclosure-and-unlinkability) I took a somewhat layered approach to analyzing the "unlinkability" that is fairly generic:

1. Artifacts from cryptographic primitives. (BBS particulars here)
2. Artifacts from mapping a VC into a set of statements suitable for selective disclosure. (For our case using RDF canonicalization to produce "messages" suitable for use in BBS).
3. Artifacts from Proof Options and Mandatory reveal Information in the VC. (things like "created" dateTime, and other items that the issuer puts in the proof options or requires the holder to reveal).
4. Selectively revealed information in the VC. (The higher level info disclosed, very much outside our control, but must be taken into account in "linkage attack" analysis)
5. External VC System Based Linkage -- Stuff outside our control, IP addresses, other networking artifacts, etc...

The basic analysis uses the concept of an **anonymity set** and reduction in the size of this set via "linkage attacks". The W3C has some specific guidance with respect to [Mitigating Browser Fingerprinting in Web Specifications](https://www.w3.org/TR/fingerprinting-guidance/#fingerprinting-mitigation-levels-of-success) which uses the **anonymity set** concept. We can offer some fairly specific (somewhat quantifiable) advice on items 1-3.

For item 4, I cited the very recent work that deals with higher level information, e.g., such as the contents of the VC: [SoK: Managing risks of linkage attacks on data privacy](https://petsymposium.org/popets/2023/popets-2023-0043.php). J. Powar; A. R. Beresford. Proceedings on Privacy Enhancing Technologies. 2023. URL: https://petsymposium.org/popets/2023/popets-2023-0043.php.

I didn't say much about item 5. Its important but the section was getting long enough. I've got a networking background and when teaching cybersecurity would always make my students visit a website/service that provides IP address geo-location services to show them how easy it is to localize them by IP.

I'd be happy to help/contribute more text to a TAG or PING document that wants to address this topic more generally. I'm currently an "invited expert" to the VCWG. I'm also working with BBS at the IETF/DIF.

Cheers Greg

--
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/922#issuecomment-1894408455
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/922/1894408455@github.com>

Received on Tuesday, 16 January 2024 19:50:08 UTC