Sybil-Resistant Self-Sovereign Identity Utilizing Attested Execution Secure Processors and Zero-Knowledge Membership Proofs

Increasing attention to digital identity and self-sovereign identity (SSI) is gaining momentum. SSI brings various benefits to natural persons, such as owning controls; conversely, digital identity systems in the real world require Sybil-resistance to comply with anti-money laundering (AML) and other needs. CanDID by Maram et al. proposed that decentralized digital identity systems may achieve Sybil-resistance and preserve privacy by utilizing multi-party computation (MPC), assuming a distributed committee of trusted nodes. Pass et al. proposed the formal abstraction of attested execution secure processors (AESPs) while equipping hardware-assisted security in mobile devices has become the norm. We first describe our proposal to utilize AESPs for building secure Sybil-resistant SSI systems, the architecture with a set of system protocols Pi(Gatt), which brings drastic flexibility and efficiency compared to existing systems. In addition, we propose a novel scheme that enables users (holders) to request verifiers to verify their credentials without AESPs, and it further achieves unlinkability among credentials created for public verification. Our scheme introduces a simplified format for computed claims and commitment-based anonymous identifiers. We also describe a technique to utilize zero-knowledge membership proofs, in particular, "One-Out-of-Many Proofs" Sigma -protocol by Groth and Kohlweiss, which can prove the existence of an expected credential without identifying it. Along with other techniques, such as utilizing the BBS+ signature scheme, we demonstrate how our scheme can achieve its goals with the extended anonymous and Sybil-resistant SSI system protocols Pi(Gatt) . Entitling unlinkability among derived credentials in the anonymous Sybil-resistant SSI results in proper privacy preservation.