Abstract
Paper documents are still very common for all types of records of personal achievements, ID cards and many other types documents issued to an individual or a company. These paper documents, however, often come at the cost of expensive printing and issuing, loss of data or malicious counterfeits. The origin and integrity is often hard or even impossible to be verified. Digital signatures solve some of these issues, however, this still requires centralized trusted infrastructures and still does not allow for easy verification or recovery of lost documents. Furthermore, attribute-based authentication is not possible with traditional signature schemes. In this paper, we present a decentralized platform for signing and verifying digital documents that is based on the previously presented SPROOF platform and additionally supports attribute-based authentication. This platform allows for issuing, managing and verifying digital documents in a public blockchain. In the proposed approach, all data needed for verification of documents and issuers is stored decentralized, transparent, and integrity protected. The platform is permissionless and thus no access restrictions apply. Rather, following principles of the Web of Trust, issuers can confirm each other in a decentralized way. Additionally, scalability and privacy issues are taken into consideration.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
https://www.blockcerts.org/ [retrieved: August 16, 2018].
- 3.
- 4.
The problem that two conflicting transactions spend the same funds twice.
- 5.
http://swarm-gateways.net/bzz:/theswarm.eth/ [retrieved: August 23, 2018].
- 6.
Deriving a key from a password is not recommended [22].
- 7.
The cost for a transaction without additional data on Ethereum is 21000 Gas.
References
Bartoletti, M., Pompianu, L.: An analysis of bitcoin OP\_RETURN metadata. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 218–230. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_14
Benet, J.: IPFS - content addressed, versioned, P2P file system (DRAFT 3). Technical report, IPFS (2014). https://doi.org/10.1109/ICPADS.2007.4447808, https://ipfs.io/ipfs/QmR7GSQM93Cx5eAg6a6yRzNde1FQv7uL6X1o4k7zrJa3LX/ipfs.draft3.pdf
Brunner, C.: Eduthereum: A System for Storing Educational Certificates in a Public Blockchain. Master’s thesis, Universität Innsbruck (2017)
Brunner, C., Knirsch, F., Engel, D.: SPROOF: a platform for issuing and verifying documents in a public blockchain. In: Proceedings of the 5th International Conference on Information Systems Security and Privacy, pp. 15–25. SciTePress, Prague, Czech Republic (2019)
Caronni, G.: Walking the web of trust. In: 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000), pp. 153–158. IEEE, Gaithersburg (2000). https://doi.org/10.1109/ENABL.2000.883720
Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016). https://doi.org/10.1109/ACCESS.2016.2566339
Croman, K., et al.: On scaling decentralized blockchains. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 106–125. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_8
Damgård, I.B.: Collision free hash functions and public key signature schemes. Advances in Cryptology – EUROCRYPT 1987, pp. 203–216 (1988). https://doi.org/10.1007/3-540-39118-5_19
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976). https://doi.org/10.1109/TIT.1976.1055638
Durumeric, Z., Kasten, J., Bailey, M., Halderman, J.A.: Analysis of the HTTPS certificate ecosystem. In: Proceedings of the 2013 Conference on Internet Measurement Conference (IMC 2013), pp. 291–304. ACM, Barcelona, Spain (2013). https://doi.org/10.1145/2504730.2504755, https://arxiv.org/abs/1408.1023
Eyal, I., Gencer, A.E., Sirer, E.G., van Renesse, R.: Bitcoin-NG: a scalable blockchain protocol. In: Proceedings of the 13th Usenix Conference on Networked Systems Design and Implementation, pp. 45–59. NSDI 2016, USENIX Association, Santa Clara, CA (2016)
Gauravaram, P.: Security analysis of salt\$||\$password hashes. In: International Conference on Advanced Computer Science Applications and Technologies (ACSAT), pp. 25–30. IEEE, Kuala Lumpur, Malaysia (2012). https://doi.org/10.1109/ACSAT.2012.49
Gräther, W., et al.: Blockchain for education: lifelong learning passport. In: Proceedings of 1st ERCIM Blockchain Workshop 2018. European Society for Socially Embedded Technologies (EUSSET), Amsterdam (2018). https://doi.org/10.18420/blockchain2018
Gutoski, G., Stebila, D.: Hierarchical deterministic bitcoin wallets that tolerate key leakage. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 497–504. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_31
Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001). https://doi.org/10.1007/s102070100002. http://www.cacr.math.uwaterloo.ca
Knirsch, F., Unterweger, A., Engel, D.: Privacy-preserving blockchain-based electric vehicle charging with dynamic tariff decisions. J. Comput. Sci. - Res. Dev. (CSRD) 33(1), 71–79 (2018)
Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 839–858. IEEE, San Jose (2016)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Technical report (2008). https://bitcoin.org/bitcoin.pdf
Reid, F., Harrigan, M.: An analysis of anonymity in the bitcoin system. In: Altshuler, Y., Elovici, Y., Cremers, A.B., Aharony, N., Pentland, A. (eds.) Security and Privacy in Social Networks, pp. 197–223. Springer, New York (2013). https://doi.org/10.1007/978-1-4614-4139-7_10
Sovrin Foundation: Sovrin : a protocol and token for self- sovereign identity and decentralized trust. Technical Report, January (2018). https://sovrin.org/wp-content/uploads/2018/03/Sovrin-Protocol-and-Token-White-Paper.pdf
Unterweger, A., Knirsch, F., Leixnering, C., Engel, D.: Lessons learned from implementing a privacy-preserving smart contract in ethereum. In: 9th IFIP International Conference on New Technologies. Mobility and Security (NTMS), pp. 1–5. IEEE, Paris, France (2018)
Vasek, M., Bonneau, J., Castellucci, R., Keith, C., Moore, T.: The bitcoin brain drain: a short paper on the use and abuse of bitcoin brain wallets. In: 20th International Conference on Financial Cryptography and Data Security (FC 2016). Springer, Christ Church (2016)
Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Technical report, Ethereum (2017). https://ethereum.github.io/yellowpaper/paper.pdf
Wood, G.: Polkadot: vision for a heterogeneous multi-chain framework. Technical report, Parity.io (2017). https://github.com/w3f/polkadot-white-paper/raw/master/PolkaDotPaper.pdf
Wüst, K., Gervais, A.: Do you need a Blockchain. Technical report, International Association for Cryptologic Research (2017). https://eprint.iacr.org/2017/375.pdf
Acknowledgments
The overall support of Rainer Böhme from the University of Innsbruck as the supervisor of [3] and especially the initial idea of using HD wallets to build pseudonym trees to enable the completeness feature is gratefully acknowledged. The authors also like to acknowledge Michael Fröwis and Pascal Schöttle for discussions about this topic. The financial support by the Federal State of Salzburg is gratefully acknowledged. Funding by the Austrian Research Promotion Agency (FFG) under project number 865082 (ProChain) is gratefully acknowledged.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Brunner, C., Knirsch, F., Engel, D. (2020). SPROOF: A Decentralized Platform for Attribute-Based Authentication. In: Mori, P., Furnell, S., Camp, O. (eds) Information Systems Security and Privacy. ICISSP 2019. Communications in Computer and Information Science, vol 1221. Springer, Cham. https://doi.org/10.1007/978-3-030-49443-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-49443-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-49442-1
Online ISBN: 978-3-030-49443-8
eBook Packages: Computer ScienceComputer Science (R0)