Credential revocation in decentralized systems is computationally expensive for both the credential holder and verifier, and current research focuses more on improving the cryptographic structures of accumulators rather than on making them more efficient through software architectures and other techniques.
This thesis builds on previous research [1], which looked at how revocation can be approached from a software engineering perspective in decentralized applications while still utilizing space-efficient cryptographic accumulators. Despite removing the computation burden from a credential holder, the solution still faces a limitation in the credential verification process, with a verifier required to perform many verification loops to reach a conclusion about the credential. Essentially, this problem is rooted in the problem of blockchain-based search.
The main functionality of the proposed revocation approach in [1] is to enable credential verifiers to perform a search in the blockchain history for a matching credential. This enables us to utilize blockchain as time-ordered data records. The verification process looks at whether a credential was revoked in a specific time frame (e.g., from the moment of credential issuance until today). Since this time frame can vary in length significantly, there should be an efficient search mechanism that is not influenced by the time passed between credential issuance and verification. Utilizing cryptographic accumulators as a data structure already enables efficient data storage that does not depend on the number of revoked credentials. However, optimizing the search through accumulator data structures should be the next step to make the proposed revocation mechanism feasible in real-world scenarios, while minimizing verification time and not requiring heavy computation.
This thesis builds upon the following research questions and utilizes knowledge of both blockchains and database search:
Can we apply a blockchain-based search mechanism to make the revocation mechanism in the self-sovereign identity system more efficient?
How can we apply a blockchain-based search mechanism to remove the necessity to perform search loops throughout blockchain history for every passed epoch?
References:
[1] D. Schumm, R. Mukta and H. -y. Paik, "Efficient Credential Revocation Using Cryptographic Accumulators," 2023 IEEE International Conference on Decentralised Applications and Infrastructures (DAPPS), Athens, Greece, 2023, pp. 127-134, doi: 10.1109/DAPPS57946.2023.00025.
[2] Z. A. Lux, F. Beierle, S. Zickau and S. Göndör, "Full-text Search for Verifiable Credential Metadata on Distributed Ledgers," 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS), Granada, Spain, 2019, pp. 519-528, doi: 10.1109/IOTSMS48152.2019.8939249.
[3] F. Schardong, R. Custódio, L. Pioli and J. Meyer, “Matching Metadata on Blockchain for Self-Sovereign Identity”. In: Marrella, A., Weber, B. (eds) Business Process Management Workshops. BPM 2021. Lecture Notes in Business Information Processing, vol 436. 2022. Springer, Cham. https://doi.org/10.1007/978-3-030-94343-1_32.
[4] J. Tang, X. Lu, Y. Xiang, C. Shi and J. Gu, “Blockchain search engine: Its current research status and future prospect in Internet of Things network”, Future Generation Computer Systems, vol.138, pp.120-141, 2023. DOI: https://doi.org/10.1016/j.future.2022.08.008.
Supervisors: Daria Schumm
back to the main page