Microsoft introduces ZKPs with unlinkability to preserve digital ID privacy

Microsoft has introduced Crescent, its cryptographic privacy library to address the growing privacy challenge posed by digital identities.

Electronic credentials stored in phone wallets, workplace logins and apps create privacy risks due to the linkage of separate credential uses back to an individual. This is known as linkability and can lead to potential tracking and surveillance.

Hidden identifiers in mobile driver’s licenses or JSON Web Tokens (a widely used app login authentication standard) can be exploited to compile detailed user profiles, even when only minimal data is shared, by linking separate activities together.

Although selective disclosure allows users to reveal only chosen attributes, it doesn’t break the underlying connections as elements like serial numbers or cryptographic signatures persist across every presentation of a credential, the Microsoft blog post explains.

Crescent is an open-source cryptographic library that integrates with existing identity formats without requiring issuers to change their infrastructure. It ensures that every presentation is randomized cryptographically so that no hidden data beyond what the user explicitly reveals can link one interaction to another, the company claims.

Crescent builds on zero-knowledge proofs (ZKP) to demonstrate facts about a credential without exposing any identifying details. Users can prove, for example, that they are over 18 or currently employed without sharing birthdates, identities, or any information that could tie one proof to the next.

“Zero-knowledge proofs have become more practical since they were first developed 40 years ago but they are not as efficient as the cryptographic algorithms used in today’s credentials,” says the post, which is co-authored by Christian Paquin and Greg Zaverucha, respectively the Principal Research Software Engineer and Principal Software Development Engineer.

“Crescent addresses this computational challenge through preprocessing, performing the most complex calculations once in advance so that later proof generation is quick and efficient for mobile devices.”

A sample application illustrates two real-world scenarios: employment verification and age verification. In the first, a user proves employment at Contoso via a JWT to an online health clinic without revealing identity or notifying the employer; in the second, the user demonstrates being over 18 to a social network without disclosing exact birth information. In both cases, every proof remains unlinkable.

Although Microsoft’s demonstration uses a custom protocol, Crescent can integrate into existing frameworks like OpenID Connect, OAuth, W3C Verifiable Credentials, or the broader mDL ecosystem, according to the Redmond, Washington company.

To make zero-knowledge proofs practical for mobile devices, Crescent splits proof generation into a one-time preparation stage and a fast per-presentation stage. The preparation stage computes reusable cryptographic values and stores them on the device; the presentation stage randomizes those values and produces a compact proof revealing only the necessary attributes.

Researchers have pointed to flaws with ZKPs as practical implementation is complex and lacks standardization. A paper by a team of European researchers argued that to achieve widespread use, the technology requires “overcoming technical and regulatory hurdles.”

However, a research report from Aztec argues for the potential for ZKPs for privacy preserving online age assurance as it reveals a statement to be true (such as “this person is over 18”) without revealing additional information.

In the real world, Switzerland is preparing a national digital identity, and issues of privacy have been prominent, especially as the Digital Identity and Data Sovereignty Association (DIDAS) has been working with the Swiss government to ensure users cannot be tracked through the e-ID. “Switzerland actually works very hard in ensuring unlinkability of you moving across the web,” Daniel Säuberli, president of DIDAS, said in May.

As for Microsoft’s Crescent, it uses the Groth16 zero-knowledge SNARK system, which produces small proofs that can be verified quickly in a single step. Shared cryptographic parameters based on credential templates allow multiple issuers — for instance, different state motor vehicle departments — to interoperate as long as they adhere to compatible data formats and security standards.

For more technicals and diagrams, as well as how Crescent’s approach aligns with current data protection regulations such as GDPR and CCPA, the Microsoft blog has the details here.

Article Topics

Crescent  |  data privacy  |  digital ID  |  mDL (mobile driver's license)  |  Microsoft  |  zero knowledge  |  ZKP cryptography