Privacy-preserving Identifiers
In federated authentication protocols (e.g., OpenID Connect), users are often assigned unique identifiers to be identified by service providers (SPs). This is, for example, used to re-authenticate a returning user at an online service. A resulting disadvantage is that the user’s behavior can be linked across multiple SPs, which impacts the user’s privacy (linkability). Alternatively, the identity provider (IDP) can derive a separate identifier for each SP (SP-scoped identifier). However, in current methods, this is always done directly by the IDP, which allows the IDP to observe at which SPs a user authenticates (observability).
The goal of a privacy-preserving identifier is thus to enable both unlinkability and unobservability. In a system using such identifiers, users are not traceable between different services, and identity providers cannot observe the user’s behavior.
This project aims to analyze and discuss various methods for privacy-preserving SP-scoped user identifiers. Systems/methods based on cryptographic techniques such as OPRF, MPC, and ZKP will serve as examples.
Downloads
| File | Description | File size |
|---|---|---|
ppids.v3
|
|
727 KB |