Verifiable Credentials with Privacy-Preserving Tamper-Evident Revocation Mechanism

Abstract

Verifiable Credential (VC) is a new standard proposed by the W3C association to facilitate the expression and verification of third-party-verified credentials on the Internet, such as passports or diplomas. However, the current VC data model lacks an explicit revocation design that guarantees the secure operations of the system, which limits its application. In this paper, we specify the requirements for a tamper-evident and privacy-preserving revocation mechanism, based on which we compare existing solutions and propose our revocation mechanism that satisfies all the requirements. Our design combines a cryptographic accumulator and a role-based blockchain. With zero-knowledge proof, the verifier can operate off-chain computation of the revocation status while ensuring the correctness of revocation information published on the blockchain. Our analysis shows that the proposed revocation mechanism can prevent fraud using forged and revoked credentials and relieve privacy concerns caused by the correlation of digital data. Our proof-of-concept implementation demonstrates that our revocation mechanism adds only 42.86 ms overhead in the presentation and 31.36 ms overhead in the verification of verifiable credentials. We also provide scalability analysis, which illustrates that the throughput of our blockchain can meet real-world needs.