Re: [w3ctag/design-reviews] BBS Cryptosuite v2023 Securing Verifiable Credentials with Selective Disclosure using BBS Signatures (Issue #922) from Greg Bernstein on 2024-03-26 (public-webapps-github@w3.org from March 2024)

From: Greg Bernstein <notifications@github.com>
Date: Tue, 26 Mar 2024 08:31:59 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/922/2020754951@github.com>

Looking forward to the more thorough and independent analysis. 

There were two main issues that I tried to address in the writeup (a) data leakage via blank node identifiers. That was the long example with windsurfing that showed a information leakage of sail sizes and the mitigation of using a random shuffle via a PRF. (b) linkage (unlinkability) attacks, i.e., reduction in the anonymity set. This is a younger area so I quoted a recent SoK on this and tried to give a methodical approach to understanding and potentially computing this in a particular application. At the IETF we added some of this information into the BBS draft.

Cheers Greg

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/922#issuecomment-2020754951
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/922/2020754951@github.com>

Received on Tuesday, 26 March 2024 15:32:03 UTC