Beyond Selective Disclosure: Extending Distributed p-ABC Implementations by Commit-and-Prove Techniques

The increasing user awareness and regulatory framework (e.g., GDPR, eIDAS2) have contributed to considering data minimization and privacy-by-design as central guiding principles for new systems. Among others, this has led to a paradigm shift towards Self-Sovereign Identity solutions to put the user in full control over their data. Despite the promising landscape, privacy-preserving Attribute-Based Credentials (p-ABC) have not been widely adopted, mainly due to the lack of secure, flexible and efficient implementations that cover the basic and advanced needs in p-ABC systems. In this work, we tackle this gap by developing an improved zero-knowledge showing protocol of a distributed p-ABC scheme based on Pointcheval-Sanders Multi-Signatures to allow for modular extensions through commit-and-prove techniques. We use it to implement a flexible p-ABC system with decentralized issuance that, apart from the basic notions of p-ABCs, covers range proofs, pseudonyms, inspection and revocation. Lastly, we thoroughly evaluate the performance of the system under different testbed conditions, showing a significant efficiency improvement over previous implementations.