The EU Digital Identity Regulation requires secure and privacy-preserving cryptography in wallet solutions. The regulatory requirements bring several implementation challenges:
- How might a data provider protect document authenticity?
- How might a data provider prevent tracking based on document authenticity signatures?
- How might a wallet solution enable binding documents to a personalised device with a high level of assurance?
- How might a wallet solution enable relying parties to verify possession of the device?
- How might a wallet solution blind verification keys for each proof, preventing relying party tracking?
- How might a wallet solution prove possession of blinded keys?
- How might a wallet solution create qualified electronic signatures or seals?
The European Commission and Member States are developing a Wallet Toolbox to enable interoperable solutions to challenges such as these. This Toolbox includes the Architecture and Reference Framework. The Large Scale Pilots are implementing and testing the wallet to generate feedback on this Toolbox.
In this repository, Pilot participants contribute to concrete interoperable solutions based on the ideas of Hierarchical Deterministic Keys (HDKs) and blinded key proof of possession. This approach is introduced in the Analysis of selective disclosure and zero-knowledge proofs (ETSI TR 119476 version 1.2.1). The Pilot participants aim to evaluate various options, present an appropriate solution, and develop a common specification to enable testing interoperability.
Note
This information is shared by participants of the Digital Credentials for Europe (DC4EU) Consortium, the EU Digital Identity Wallet Consortium (EWC), and the Potential Consortium. Views and opinions expressed are those of the authors only and do not necessarily reflect those of all consortium members.
This repository contains an overview of Key management challenges.
To address challenges 5 and 6, this repository contains a freely accessible, unencumbered specification of Hierarchical Deterministic Keys. This enables an EU Digital Identity Wallet deployment that distributes key management efficiently:
To illustrate and validate the specifications, this repository contains a Prototype worksheet. This is easiest to run in Visual Studio Code with Scala (Metals).
To inform further standardisation and legislation, this repository contains Feedback to enable Hierarchical Deterministic Keys in the Wallet Toolbox.
Feedback and other input is easiest to discuss in GitHub issues.
The technical reports and specifications in this repository may eventually be used to contribute to open standards. For the current repository, we apply practices inspired by the Community Cryptography Specification Project.
To enable reuse, new contributions to the technical reports and specifications must be provided under either CC BY 4.0 or CC0 1.0.