PRETTINESS -- Privacy pResErving aTTrIbute maNagEment SyStem
This addresses the need for a practical revocation mechanism in digital identity systems, which is incremental as it builds on existing regulatory frameworks and technical components.
The paper tackles the problem of credential revocation in European Digital Identity (EUDI) Wallets by proposing a full end-to-end system that allows revocation at any time, proving its security in the universal composability model and estimating efficiency through a proof-of-concept implementation.
European Digital Identity (EUDI) Wallet aims to provide end users with a way to get attested credentials from issuers, and present them to different relying parties. An important property mentioned in the regulatory frameworks is the possibility to revoke a previously issued credential. While it is possible to issue a short-lived credential, in some cases it may be inconvenient, and a separate revocation service which allows to revoke a credential at any time may be necessary. In this work, we propose a full end-to-end description of a generic credential revocation system, which technically relies on a single server and secure transmission channels between parties. We prove security of the proposed revocation functionality in the universal composability model, and estimate its efficiency based on a proof-of-concept implementation.