[OAUTH-WG] About Selective Disclosure for JWTs (SD-JWT) and the Unlinkability property

Tue, 19 Sep 2023 11:33:03 -0700 

This a cross-posting to both the OAuth WG mailing and the SPICE BoF mailing.
Issuing "single use of batches of credentials" is mentioned in section 10.4 from draft-ietf-oauth-selective-disclosure-jwt-05 as follows:
"To prevent these types of linkability, various methods, including but not limited to the following ones can be used:
- Use advanced cryptographic schemes, outside the scope of this specification.
- Issue a batch of SD-JWTs to the Holder to enable the Holder to use a unique SD-JWT per Verifier. 
                This only helps with Verifier/ Verifier unlinkability".
The second method is not described in details. However, Key Binding is defined in the same document as:
Ability of the Holder to prove legitimate possession of an SD-JWT by proving control over the same private key during the issuance and presentation. An SD-JWT with Key Binding contains a public key, or a reference to a public key, that matches to the private key controlled by the Holder.
If the same public key is used in a batch of SD-JWT, then the Unlinkability property cannot be supported. This can only work if the Holder pre-generates a set a key pair for each batch of credentials that will be requested to an Issuer.
This characteristic is not mentioned in the "Architecture and Reference Framework April 2023 Version 1.1.0".
In addition, for each SD-JWT from a batch of SD-JWTs, the same claim shall be computed by the Issuer using a different salt.
This is not mentioned either in the ARF since the word "unlinkability" does not exist in this document.
Does this mean that the "Architecture and Reference Framework" will be unable to support the Unlinkability property ? 

It looks like sweeping the dust under the rug.
Wouldn't "advanced cryptographic schemes" mentioned in the first method, like BBS+ be more appropriate ? When using BBS or BBS+, the same blinded link secret can be used since only a zero-knowledge proof of knowledge of the link secret is demonstrated. 

Denis

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to