Is it possible to prove attributes in a eID Card without revealing attributes or pk to trusted anchor?


#1

Hello.
Is it possible to prove attributes in a eID Card without revealing attributes or pk to trust anchor?
Thanks


#2

Can you be more specific, I don’t know what an eID card is or who issues it.

But, in general, if you have a Sovrin credential that has been issued to you, you can prove any part of the information of the credential by value or by predicate. So, if the credential contained your birthday, for example, you could prove the entire date, any part of the date, or simply that you’re over (or under) a certain age.

No one ever sees your private keys as part of an exchange.


#3

eID Cards smart cards implment PKCS#11 and are used by several countries in Europe.
I think Estonia was the pioneer and Portugal has it too (https://github.com/OpenSC/OpenSC/wiki/Portuguese-eID)

Basically is a x.509 certificate signed by a “trusted” party, the government in this case.
So rephrasing the question:

Is it possible to issue anonymous credentials for the attributes of an existing x.509 certificate without the issuer having access to it’s attributes, namely the public key?

Found reference to this “kind of” features in idemix called “Credentials on Hidden Attributes” and “Device Binding”.
Anja Lehmann talks about it here on minute 42

I’m a little confused if it is even possible to avoid then using the card itself for later providing proofs?
Would it be possible just to use the card for the certificate request but in some “pseudonym” way so the issuer wouldn’t even know the real card public key?

Thanks again


#4

Let me see if I can help your understanding here.

In anonymous credentials we have blinded and hidden attributes
Attributes that an issuer agrees to sign, but doesn’t know the value because the true value is blinded using pedersen commitments before it is sent to the issuer are blinded attributes and happen during credential issuance. These are known only to the holder.

Attributes that a holder does not disclose in a proof are hidden. Hidden attributes occur during the proving phase.

So to answer your question with this definition, Issuers will not usually blindly sign all attributes. This is technically possible, but I doubt an Issuer will do it. The government could blindly sign the public key but I’m not seeing the point here because those that need to know it will be able to link other proofs that reveal this attribute.


#5

Basically if I have a idCard (credential signed by the government about my attributes) I want to be able create an anonymous credential without disclosing my data to the issuer nor having the original credential authority having to implement this new cryptography.
Of course there’s no problem for a anoncred issuer to know my age but for IRS or medical records it’s a little different.
This would allow issuers that already have access to your data to simply use standard PKI and the issuers of these “binded anocreds” would just have to be trusted to correctly implement the the protocol because they would not have access to the data. This issuer could even just be fabric chaincode.
Basically I would just be proving that the attributes came from a certificate that was signed by a well knows public key.

I think this video refers to this feature.
Could someone please watch after minute 42 (specially 44) and verify it’s the same feature described there?

Sorry if I’m missing something…

Thanks