Privacy-Preserving Identity Management System on Blockchain Using Zk-SNARK

Abstract

Privacy plays a crucial role in the internet era, where many applications allow people to communicate and use their services through the internet. Privacy-preserving Identity Management (PPIdM) system is a scheme that helps manage users’ identities and protects users’ privacy by enabling users to authenticate themselves without disclosing their real identities. The PPIdM system also allows users to reveal some minor identity attributes while others remain secret selectively. However, anonymity also encourages malicious users to break the system’s policy and commit crimes since their real identities are anonymous. Existing PPIdM systems use the identity provider (IP) as a medium to verify users’ identity attributes, record all users’ real identities, and ensure that malicious users’ identities are traceable. Therefore, users’ identities are hidden from all entities but the IP. However, the user’s privacy is vulnerable because there is nothing to guarantee that the IP is always honest and not curious about their users’ activities and private information. This paper proposes a PPIdM system on the blockchain that helps users manage their identity attributes and keeps their real identities secret from all entities, including the IP. Still, the system’s consensus can trace malicious users’ real identities if they violate the system’s policy. The PPIdM’s security requirements are analyzed and proved informally using the game-based proof scheme. The main idea of this study is to combine zk-SNARK, a type of zero-knowledge proof (ZKP), Shamir’s secret sharing (SSS), and several other cryptographic techniques.