This a cross-posting to both the OAuth WG mailing and the SPICE BoF mailing.
Issuing "single use of batches of credentials" is mentioned in section
10.4 from draft-ietf-oauth-selective-disclosure-jwt-05 as follows:
"To prevent these types of linkability, various methods, including but
not limited to the following ones can be used:
- Use advanced cryptographic schemes, outside the scope of this
specification.
- Issue a batch of SD-JWTs to the Holder to enable the Holder to use a
unique SD-JWT per Verifier.
This only helps with Verifier/ Verifier unlinkability".
The second method is not described in details. However, Key Binding is
defined in the same document as:
Ability of the Holder to prove legitimate possession of an SD-JWT by
proving control over the same private key during the issuance and
presentation.
An SD-JWT with Key Binding contains a public key, or a reference to a
public key, that matches to the private key controlled by the Holder.
If the same public key is used in a batch of SD-JWT, then the
Unlinkability property cannot be supported.
This can only work if the Holder pre-generates a set a key pair for each
batch of credentials that will be requested to an Issuer.
This characteristic is not mentioned in the "Architecture and Reference
Framework April 2023 Version 1.1.0".
In addition, for each SD-JWT from a batch of SD-JWTs, the same claim
shall be computed by the Issuer using a different salt.
This is not mentioned either in the ARF since the word "unlinkability"
does not exist in this document.
Does this mean that the "Architecture and Reference Framework" will be
unable to support the Unlinkability property ?
It looks like sweeping the dust under the rug.
Wouldn't "advanced cryptographic schemes" mentioned in the first method,
like BBS+ be more appropriate ?
When using BBS or BBS+, the same blinded link secret can be used since
only a zero-knowledge proof of knowledge of the link secret is demonstrated.
Denis
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth