Google researchers build zero-knowledge proof scheme with mDocs

Zero knowledge authentication with newly-standardized credentials like mobile driver’s licenses (mDLs) has become something of a cause célèbre in certain circles within the digital identity community.

A pair of Google researchers have published a pre-print paper in which they present a way to present mDocs, based on the ISO/IEC 18013-5 standard, as anonymous digital credentials. The mDoc digital identity format is widely used in mDLs, including those issued to certain mobile devices by Arizona, California, Colorado, Georgia, Maryland and New Mexico, as well as EU Digital Identity Wallets.

FaceTec VP of Global Standards Andrew Hughes highlighted the idea in a LinkedIn post following a meeting of the ISO SC 17/WG 10 in Sapporo, Japan earlier this month.

The widely-deployed Elliptic Curve Digital Signature Algorithm (ECDSA) signature scheme has acted as a bottleneck for ZK authentication systems, the researchers say, due to the limitations of the P256 elliptic curve used in key exchanges.

Existing anonymous digital credential schemes often get around this limitation by utilizing innovations in cryptography which must be adopted system-wide, and many also depend on device-bound digital identity credentials, the inventors write. This means for a scheme like BBS+ to work, updates would need to be made to every device’s secure element and operating system.

Google researchers Matteo Frigo and Abhi Shelat suggest in their paper on “Anonymous Credentials from ECDSA” that “a zero-knowledge argument (ZKARG) system by composing the Ligero proof system with a public-coin verifiable computation (VC) protocol that is based on the sumcheck protocol” can address some of the theoretical privacy risks associated with mDocs.

They note that there are ways in which hypothetical collusion between relying parties, or between relying parties and mDoc issuers could enable users to be identified or their interactions tracked.

“By adding efficient zk arguments for statements about SHA256 and document parsing for ISO-standardized identity formats, our anonymous credential scheme is that first one that can be deployed *without* changing any issuer processes, *without* requiring changes to mobile devices, and *without* requiring non-standard cryptographic assumptions.”

The researchers say that their method can generate a ZK proof in an mDoc presentation flow from a mobile device within 1.2 seconds, for certain sizes of credentials. They say the results suggest the scheme is a promising candidate for privacy-preserving digital identity applications.”

ECDSA proofs can be generated within 60ms, they say.

The potential applications for this innovation discussed in the paper include anonymity-preserving age verification.

Article Topics

digital identity  |  Google  |  ISO 18013-5  |  mDL (mobile driver's license)  |  mDoc  |  verifiable presentations  |  zero knowledge