Early-bird Discount
expires in
Register Now


Advancing Secure Credentialing: The Impact of Non-Interactive Threshold Signature Schemes

Advancing Secure Credentialing: The Impact of Non-Interactive Threshold Signature Schemes

Combined Session
Thursday, June 06, 2024 12:20—12:40
Location: A 05-06

In the realm of identity management within zero trust security frameworks, the "never trust, always verify" paradigm is critical. This approach, a departure from traditional IT security models, assumes no inherent trust in users, devices, or networks, regardless of their location or origin. It emphasizes continuous verification and authentication, fundamentally changing the way access and credentials are managed.

In this context, the role of signature schemes in credential issuance is critical. Traditional methods that rely on a single issuing instance are incompatible with the Zero Trust philosophy. To align with this approach, threshold signature schemes become indispensable. These schemes distribute the responsibility of credential issuance across multiple parties (or isolated systems within a domain), thereby eliminating single points of failure in the process.

The prominent BBS+ signature scheme stands out in this distributed approach. On the one hand, it offers compatibility with various zero-knowledge proof schemes, and on the other hand, it allows credential holders to selectively disclose certain attributes, thereby strengthening both privacy and security in line with zero-trust principles. However, when adapting schemes like BBS+ to a threshold setting, a key challenge arises: the issuance process becomes highly interactive, requiring continuous communication between all issuers during signing. This interaction creates bottlenecks for systems that need to issue large numbers of credentials and introduces potential security risks by providing additional attack vectors.

To overcome these challenges, recent advances in the form of so-called "Pseudorandom Correlation Generators" offer an interesting approach. By facilitating a pre-processing phase, this new cryptographic primitive enables non-interactive credential issuance by schemes such as BBS+, eliminating the need for per-credential issuer communication. This development dramatically reduces communication overhead while ensuring complete isolation between issuing instances.

This talk will provide a high-level overview of these advances and their implications for credential issuance in zero-trust environments, highlighting how they can potentially improve the security and efficiency of digital identity management systems.

Leandro Rometsch
PhD Candidate
Technical University Darmstadt
Leandro studied Computer Science with a focus on IT Security and is currently pursuing a PhD with the Chair of Implementation Security at Darmstadt Technical University. His primary research...
Secure your ticket
Be quick before the Early-bird Discount expires in
00d 00h 00m 00 s
Get a ticket
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch