Revocation in Sovrin


#1

Recently on Twitter, someone said: “I’d like to believe that we can do revocation and recovery without biometrics and without single points of failure”.

Sovrin provides a decentralized means of revocation using cryptographic accumulators. This PDF document describes how revocation works in Sovrin.


#2

Thanks for the link! It’s an interesting read. Does sovrin have any notion of “recovery” yet? I’m new to Sovrin so forgive my terminology… If I lose my root/main secret am I completely out of luck?


#3

Yes, key recovery is a big issue.

We are working on distributed key management systems (DKMS) as part of the overall Sovrin ecosystem.


#4

Thanks for the response! Anywhere I can look at the current thinking?


#5

hey @tobowers Tobowers - the DKMS work is in progress at Evernym and there will be a research report and functional demo release by the end of March 2018. All of the work will be open sourced and contributed to Hyperledger Indy (and by extension, built into Sovrin.

I will check and see if there is anything released yet.


#6

I see that you guys were (extremely nicely) asking for me over in the sovrin slack channel. Here was the link posted there: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2017/blob/master/topics-and-advance-readings/dkms-decentralized-key-mgmt-system.md

http://iiw.idcommons.net/DKMS_–_Key_Recovery_Summit:_Biometric_Recovery,_Cold_Storage,_Social_Recovery


#7

Hi @phil
I’ve a question to the revocation on Sovrin. I’ve read the paper “What goes on the Ledger” and “digital identites in the blockchain era” you have kindly provided. As far as i understand it claim issuers publish an encrypted revocation list (called validity tails in the second paper).
But isn’t it a privacy threat to publish claim revocations lists on a public accessible ledger?


#8

No, it’s done with a cryptographic accumulator on the ledger. When the identity owner creates a proof from a claim, the ZKP process uses the accumulator to also prove that the claim hasn’t been revoked. So, it’s not something the claim inspector (relying party) has to check separately (and therefore they don’t need to be able to read it). Rather it comes along as part of the proof and is cryptographically sound.


#9

Okey it seems I need to study this cryptographic accumulator a little bit more.
Thank you for your quick response!


#10

Hi @phil

After i studied the cryptographic accumumlator I came across another question.
Since Sovrin is also on a Web of Trust model where Users can Issue and sign Claims for each other, a User would possibly want to revoke a claim which was signed by him.
Is there a possibility for Users to revoce Claims they issued to another User? Does he need to maintain his own revocationlist and needs to update it each time he revokes a claim which was issued by him?


#11

The system doesn’t distinguish between organizations and individuals with respect to issuing credentials (claims).

Credential issuers have to write a public DID (i.e. well known) and a claim definition to the ledger. If they want to revoke, they need a revocation accumulator.