Zuzalu Passport with Attribute Based Signature (ABS)
Zupass (PCDpass)
Introduction
Zupass serves as Zuzalu’s digital passport, akin to Apple’s Wallet. While Apple Wallet is designed to store bank cards and activity tickets, Zupass focuses on housing Zuzalu Passport Cards to verify the holder’s identity.
What is PCDpass (Zupass)?
PCDpass (Zupass) is a platform tailored for the storage and management of Proof-Carrying Data (PCD) — data whose authenticity and structure can be cryptographically verified. PCD can range from:
● Signatures: Ex. A JSON ticket for Zuzalu, signed by the Zuzalu ticketing authority’s public key.
● Merkle Proofs: Ex. Demonstrating a Semaphore identity belongs to a target within a digital community.
● ZK Proofs: Ex. A Groth16 proof demonstrating 4 degrees of separation from Vitalik or confirming a valid Zuzalu passport without revealing identity. Can also prove attendance of a Devconnect event.
● Hash Commitments: Ex. Secret passwords and their respective hashes.
● Keypairs: Ex. Ethereum keypairs, or Semaphore secret and identity commitments.
PCDpass doesn’t just store PCDs. It’s also equipped to respond to third-party application queries regarding these PCDs. For instance:
● A Discord server might verify if a user has an authorized “ticket” to join.
● A polling site like Zupoll could validate if a user belongs to an approved (whitelisted) set of voters, without the need to reveal the user’s identity.
● Game platforms can check player qualifications and in-game requirement completions for leaderboards.
● New social networks can prompt user data (posts, likes, follower count, usernames) import from other platforms.
● Financial services could validate financial health with public formulas based on recently-signed bank and credit card statements or tax returns to derive a creditworthiness score.
Understanding PCD
Inspired by the academic concept of Proof Carrying Data, Cards and Card Requests are termed as “PCDs”. Essentially, a PCD is a verifiable proof without the need for external context to verify. Each PCD comprises:
● A “claim”: An arbitrarily-structured set of cryptographic identifiers (public keys, hashes, Merkle roots, etc.) and their inherent relationships, dictated by the PCD type.
● A “proof”: Cryptographic evidence supporting the claim. All PCDs within this SDK expose a “prove” and “verify” function. These functions not only allow instantiation of the PCDs but also facilitate the verification of their correctness.
While many PCDs are zkSNARKs, not all of them are or even need to be zero-knowledge proofs. An RSA-signed data with its public key, for instance, can be verified independently and is considered a PCD.
{
"publicKey": "12345...",
"message": "Hello World!",
"signature": "asdfg..."
}
This is a PCD because anyone can verify the claim by running the RSA signature verification locally.
Problem and Solution
We aim to verify Zuzalu resident attributes publicly. Imagine a Zuzalu resident wanting to confirm three attributes: [“age>18”, “salary>3000”,”university: MIT”] for third-party services. Zero Knowledge Proof (ZKP) using ZK-SNARK could be an option but requires significant computational resources. Instead, we employ Attribute-Based Signature (ABS) for efficiency.
Understanding Attribute Based Signature
ABS typically involves:
Imagine a scenario where a company, “CompanyC”, wishes to verify certain attributes of an applicant. Specifically, they want to ensure:
- The applicant is over 18 years of age.
- The applicant works for either “Company A” or “Company B”.
- The applicant has a monthly salary exceeding $3,000.
To represent these requirements, we have a policy: (Company: A OR Company: B) AND (Age>18 AND Salary>3000). This policy can be visualized as a policy tree.
Only individuals who possess the attributes “Age>18”, “Salary>3000”, and are affiliated with either “Company A” or “Company B” can generate a valid signature aligning with this policy. Upon receiving this signature, Company C can then validate it to determine if the applicant indeed satisfies the set criteria.
Main Contributions
● Add new cryptographically-manipulable data, an attribute-based signature as PCD.
● Implement a basic version of the ABS scheme.
● Prove the attributes of Zuzalu passport holder to the public.
● Achieve fine-grained and anonymous identity authentication.
Our workflow encompasses three pivotal entities:
● Attributes Authority: This is the governing body responsible for generating and managing attribute keys.
● Attributes Owner (e.g., a Zuzalu resident): An individual or entity that holds specific attributes and wishes to authenticate them.
● Verifier (e.g., another resident or a third-party service): The party interested in verifying the attributes of the owner.
Here’s a step-by-step breakdown of the process:
- The Attributes Owner requests the attribute key that aligns with their personal attributes from the Attributes Authority.
- In response, the Attributes Authority executes the keygen algorithm, producing the appropriate attribute key which is then relayed back to the owner.
- With this attribute key in hand, the Attributes Owner signs a message based on a specified policy. A valid signature emerges only if the owner’s attributes align with the policy in question.
- The next step involves the Attributes Owner dispatching a Proof-Carrying Data (PCD) — comprised of both the policy and the signature — to other residents or third-party services.
- Upon receipt, the Verifier undertakes the task of authenticating the PCD. A valid signature is an affirmation that the user indeed possesses the attributes conforming to the relevant policy.
Why Choose ABS?
ABS offers four distinct advantages:
● Fine-grained: ABS dives deep into identity verification. Instead of offering just a surface-level confirmation, it delves into an individual’s specific attributes and conditions, ensuring precise and granular validation. Such a meticulous approach heightens security and is invaluable, particularly when advanced authentication levels are necessary.
● Anonymous: With ABS, individuals can ensure that their specific identity details remain concealed. While verifiers can ascertain whether an attribute policy’s criteria have been met, they can’t access any additional personal information. This feature ensures utmost privacy.
● Flexibility: ABS offers verifiers the autonomy to merge various attributes into a unique policy. This way, they can tailor-make their validation conditions, cherry-picking individuals or entities that fulfill their specific prerequisites.
● Lightweight: As a variant of the public key cryptography system, ABS is inherently more streamlined and efficient compared to Zero Knowledge Proof. Yet, it retains the same level of privacy protection.
Future Directions and Overview
Going forward, we aim to enhance our ABS framework, introducing features like multi-authority, revocability, and others. Our vision is to craft a refined version of the ABS system.
With ABS, we usher in a novel identity verification method for the Zuzalu passport infrastructure, marked by its precision, confidentiality, adaptability, and efficiency.
Reference
Zupass (PCDpass):https://github.com/proofcarryingdata/zupass
Morph
Morp is pioneering the vision for a decentralized society. Centered on robust rollups and targets Ethereum Stage 2 scalability. With its decentralized sequencer and optimistic zkEVM, Morph offers unmatched safety and efficiency in the blockchain realm. Empowering developers with autonomous agents and zkDID, Morph fosters the growth of the decentralized social (DeSoc) movement.