How can the holder trust the verifier? A CP-ABPRE-based solution to control the access to claims in a self-sovereign-identity scenario

Abstract

The interest in Self-Sovereign Identity (SSI) in research, industry, and governments is rapidly increasing. SSI is a paradigm where users hold their identity and credentials issued by authorized entities. SSI is revolutionizing the concept of digital identity enabling the definition of a trust framework wherein a service provider (verifier) validates the claims presented by a user (holder) for accessing services. However, current SSI solutions primarily focus on the presentation and verification of claims, overlooking a dual aspect: ensuring that the verifier is authorized to access the holder's claims. Addressing this gap, this paper introduces an innovative SSI-based solution that integrates decentralized wallets with Ciphertext-Policy Attribute-Based Proxy Re-Encryption (CP-ABPRE). This combination effectively addresses the challenge of verifier authorization. Our solution, implemented on the Ethereum platform, enhances accountability by notarizing key operations through a smart contract. The paper also offers a prototype demonstrating the practicality of the proposed approach. Furthermore, it provides an extensive evaluation of the solution's performance, emphasizing its feasibility and efficiency in real-world applications.