Enhancing the Privacy of Decentralized Identifiers with Ring Signatures

Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Security and Cloud Computing
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
71 + 5
Most identifiers used today, such as OpenID Connect, are controlled by third parties, which can track how the identifier is used. To overcome this, self-sovereign identifiers, such as Decentralized Identifiers (DIDs), which are entirely owned and managed by the user, have been developed. However, in some cases even DIDs alone do not sufficiently protect the user's privacy. For example, if a service can be accessed at multiple fixed locations, using the same identifier repeatedly for each location may over time also reveal the user's location. One of the techniques to hide the exact service identifiers are ring signatures, which enable the generation of anonymous signatures where the real signer's identity is hidden in a set of possible signers. This thesis takes the use case of electric vehicle charging, where the electric vehicle location may be revealed if static identifiers are used by the electric vehicles and charging stations. A previous solution uses a new ephemeral DID for every interaction, but this requires the creation of a large number of DIDs. This thesis examines an alternative approach of using ring signatures to achieve better privacy with a lower number of DIDs. The major outcomes of this thesis include how to implement ring signatures for anonymous authentication, comparison of resource consumption with respect to the previous solution, and the applicability of ring signature technology on a broader scale such as in constrained devices. The performance of the new solution was compared with the existing solution by implementing prototypes on Android phones, which communicate over Bluetooth. An assumption on the number of charging events was made based on real data for the country of Norway. The results show that ring signatures are easy to implement and provide slightly better privacy but they are significantly more resource-intensive in terms of storage (about 2 times more) and processing (about 9 times slower). Therefore, large scale implementation of ring signatures on the constrained devices is challenging.
Kantola, Raimo
Thesis advisor
Kortesniemi, Yki
Lagutin, Dmitrij
decentralized identifiers, ring signatures, privacy, electric vehicle charging, Internet of Things
Other note