With the increasing reliance on digital identity, Decentralized Identity has become a promising paradigm to enhance user autonomy and privacy. However, existing decentralized identities face challenges such as secure key management, device migration, and unlinkability across contexts. To address these issues, we propose PMDID, a privacy-preserving and migratable decentralized identity system. First, PMDID introduces a two-layer identity mechanism in which a master ID derived from the ePassport (eID) enables Sybil resistance, while context-specific identities are registered via zero-knowledge proofs of master ID possession to ensure unlinkability across scenarios. Second, PMDID provides secure key management by combining Physical Unclonable Functions (PUFs) and biometric features with error correction and key derivation, guaranteeing key uniqueness, non-clonability, and recoverability. Third, PMDID designs a user registration protocol that supports secure identity migration, where a Merkle-structured issuance list maintained on the blockchain allows users to restore identity control on new devices without exposing sensitive information. We further implement a prototype and evaluate its performance, demonstrating that PMDID achieves strong guarantees of security, privacy, and scalability.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

PMDID: A Privacy-Preserving and Migratable Decentralized Identity Using PUF and Blockchain

  • Yueyue He,
  • Wenxuan Fan,
  • Kaiming Chen,
  • Atsuko Miyaji,
  • Koji Inoue

摘要

With the increasing reliance on digital identity, Decentralized Identity has become a promising paradigm to enhance user autonomy and privacy. However, existing decentralized identities face challenges such as secure key management, device migration, and unlinkability across contexts. To address these issues, we propose PMDID, a privacy-preserving and migratable decentralized identity system. First, PMDID introduces a two-layer identity mechanism in which a master ID derived from the ePassport (eID) enables Sybil resistance, while context-specific identities are registered via zero-knowledge proofs of master ID possession to ensure unlinkability across scenarios. Second, PMDID provides secure key management by combining Physical Unclonable Functions (PUFs) and biometric features with error correction and key derivation, guaranteeing key uniqueness, non-clonability, and recoverability. Third, PMDID designs a user registration protocol that supports secure identity migration, where a Merkle-structured issuance list maintained on the blockchain allows users to restore identity control on new devices without exposing sensitive information. We further implement a prototype and evaluate its performance, demonstrating that PMDID achieves strong guarantees of security, privacy, and scalability.