About
eGovernment applications such as FinanzOnline or the "Digitales Amt" app are made possible by the availability of a digital identity management system (eID). The basis for such eID systems are cryptographic signatures, which on the one hand guarantee the authenticity of certificates and on the other hand offer citizens the opportunity to authenticate themselves or sign documents. However, signatures and eID systems are confronted with new challenges and requirements.
In the case of digital signatures, the schemes currently used in practice are threatened by attacks with powerful quantum computers. For this reason, the US National Institute of Standards and Technology (NIST) has started a standardization process for post-quantum-safe methods to replace currently deployed digital signature schemes. Results from this NIST process now make it possible to prepare systems for migration to post-quantum cryptography. However, there is still a lack of practical experience for such a migration process in many areas. In the PREPARED project, we therefore set ourselves the goal of analyzing post-quantum-secure signature procedures in the context of eID systems. In particular, a migration plan is developed, as systems with long-lived certificates and signatures need appropriate preparation in order to be able to carry out a migration on time and without any problems.
Further challenges arise from paradigm shifts that can be observed in eID systems, such as the introduction of identity wallets (ID wallets). With such ID wallets, users can digitally present a wide variety of official documents (ID cards, certificates, etc.). However, area-specific personal identifiers (bPK), which have so far been a central element for linking data, can no longer be used to the same extent in such ID wallets. From a cryptographic point of view, so-called zero-knowledge proofs and attribute-based credential systems can help to preserve the functionality under this new paradigm. PREPARED is therefore investigating these cryptographic techniques for linking the data in eID systems so that the functionality of bPKs in ID wallets remains.
Finally, a very common process for creating PDF signatures is of interest. It should be noted that it is currently necessary to transfer the documents to be signed to a trust service provider. Taking into account the increasing requirements regarding data protection and security (privacy-by-design, security-by-design), PREPARED sets itself the goal of extending this process to signatures with new functionalities – so-called blind signatures – so that this transfer is no longer necessary in favor of risk minimization. In a further step, the process is also to be changed in such a way that control over the signature process is completely in the hands of the users and trust service providers and users can only carry out the signature process cooperatively.
The developed solution approaches are accompanied by safety proofs of the procedures and analyses of the resulting architectures. The demonstration of the achievable functionality is also supported by software prototypes. Due to the importance of eID systems for eGovernment applications, the developed technical solutions are accompanied by a legal analysis. This is to ensure that the developed architectures and procedures meet the legal requirements.
Consortium
The PREPARED consortium consists of the following partners:
Publications
Authors | Title | Venue | Year | Link |
---|---|---|---|---|
Scott Griffy, Anna Lysyanskaya, Omid Mir, Octavio Pérez Kempner, and Daniel Slamanig | Delegatable Anonymous Credentials From Mercurial Signatures With Stronger Privacy | ASIACRYPT | 2024 | [link] |
Carsten Baum, Ward Beullens, Shibam Mukherjee, Emmanuela Orsini, Sebastian Ramacher, Christian Rechberger, Lawrence Roy, and Peter Scholl | One Tree to Rule Them All: Optimizing GGM Trees and OWFs for Post-Quantum Signatures | ASIACRYPT | 2024 | [link] |
Stephan Krenn, Omid Mir, and Daniel Slamanig | Structure-Preserving Compressing Primitives: Vector Commitments, Accumulators and Applications | preprint | 2024 | [link] |
Reyhaneh Rabaninejad, Behzad Abdolmaleki, Sebastian Ramacher, Daniel Slamanig, Antonis Michalas | Attribute-Based Threshold Issuance Anonymous Counting Tokens and Its Application to Sybil-Resistant Self-Sovereign Identity | preprint | 2024 | [link] |