Digital credential

Digital credentials are the digital equivalent of paper-based credentials. Just as a paper-based credential could be a passport, a driver's license, a membership certificate or some kind of ticket to obtain some service, such as a cinema ticket or a public transport ticket, a digital credential is a proof of qualification, competence, or clearance that is attached to a person. Also, digital credentials prove something about their owner. Both types of credentials may contain personal information such as the person's name, birthplace, birthdate, and/or biometric information such as a picture or a finger print.

Because of the still evolving, and sometimes conflicting, terminologies used in the fields of computer science, computer security, and cryptography, the term "digital credential" is used quite confusingly in these fields. Sometimes passwords or other means of authentication are referred to as credentials. In operating system design, credentials are the properties of a process (such as its effective UID) that is used for determining its access rights. On other occasions, certificates and associated key material such as those stored in PKCS#12 and PKCS#15 are referred to as credentials.

Digital badges are a form of digital credential that indicate an accomplishment, skill, quality or interest. Digital badges can be earned in a variety of learning environments.

Digital cash
Money, in general, is not regarded as a form of qualification that is inherently linked to a specific individual, as the value of token money is perceived to reside independently. However, the emergence of digital assets, such as digital cash, has introduced a new set of challenges due to their susceptibility to replication. Consequently, digital cash protocols have been developed with additional measures to mitigate the issue of double spending, wherein a coin is used for multiple transactions.

Credentials, on the other hand, serve as tangible evidence of an individual's qualifications or attributes, acting as a validation of their capabilities. One notable example is the concept of E-Coins, which are exclusively assigned to individuals and are not transferable to others. These E-Coins can only be utilised in transactions with authorised merchants. Anonymity is maintained for individuals as long as they ensure that a coin is spent only once. However, if an individual attempts to spend the same coin multiple times, their identity can be established, enabling the bank or relevant authority to take appropriate actions.

The shared characteristic of being tied to an individual forms the basis for the numerous similarities between digital cash and digital credentials. This commonality explains why these two concepts often exhibit overlapping features. In fact, it is worth noting that a significant majority of implementations of anonymous digital credentials also incorporate elements of digital cash systems.

Anonymous
The concept of anonymous digital credentials centres around the provision of cryptographic tokens to users, enabling them to demonstrate specific statements about themselves and their associations with public and private organizations while maintaining anonymity. This approach is viewed as a privacy-conscious alternative to the storage and utilization of extensive centralized user records, which can be linked together. Anonymous digital credentials are thus related to privacy and anonymity.

Analogous to the physical world, personalised or non-anonymous credentials include documents like passports, driving licenses, credit cards, health insurance cards, and club membership cards. These credentials bear the owner's name and possess certain validating features, such as signatures, PINs, or photographs, to prevent unauthorised usage. In contrast, anonymous credentials in the physical realm can be exemplified by forms of currency, bus and train tickets, and game-arcade tokens. These items lack personally identifiable information, allowing for their transfer between users without the issuers or relying parties being aware of such transactions. Organizations responsible for issuing credentials verify the authenticity of the information contained within them, which can be provided to verifying entities upon request.

To explore the specific privacy-related characteristics of credentials, it is instructive to examine two types of credentials: physical money and credit cards. Both facilitate payment transactions effectively, although the extent and quality of information disclosed differ significantly. Money is safeguarded against counterfeiting through its physical properties. Furthermore, it reveals minimal information, with coins featuring an inherent value and year of minting, while banknotes incorporate a unique serial number to comply with traceability requirements for law enforcement purposes.

In contrast, the usage of credit cards, despite sharing a fundamental purpose with money, allows for the generation of detailed records pertaining to the cardholder. Consequently, credit cards are not considered protective of privacy. The primary advantage of money, in terms of privacy, is that its users can preserve their anonymity. However, real-world cash also possesses additional security and usability features that contribute to its widespread acceptance.

Credentials utilised within a national identification system are particularly relevant to privacy considerations. Such identification documents, including passports, driver's licenses, or other types of cards, typically contain essential personal information. In certain scenarios, it may be advantageous to selectively disclose only specific portions of the information contained within the identification document. For example, it might be desirable to reveal only the minimum age of an individual or the fact that they are qualified to drive a car.

Pseudonyms
The original system of anonymous credentials, initially proposed by David Chaum is sometimes referred to as a pseudonym system. This nomenclature arises from the nature of the credentials within this system, which are acquired and presented to organizations under distinct pseudonyms that cannot be linked together.

The introduction of pseudonyms is a useful extension to anonymity. Pseudonyms represent a valuable expansion of anonymity. They afford users the ability to adopt different names when interacting with each organization. While pseudonyms enable organizations to establish associations with user accounts, they are unable to ascertain the true identities of their customers. Nonetheless, through the utilisation of an anonymous credential, specific assertions concerning a user's relationship with one organization, under a pseudonym, can be verified by another organization that only recognizes the user under a different pseudonym.

History
Anonymous credential systems have a close connection to the concept of untraceable or anonymous payments. David Chaum made significant contributions to this field by introducing blind signature protocols as a novel cryptographic primitive. In such protocols, the signer remains oblivious to the message being signed, while the recipient obtains a signature without any knowledge of the signed message. Blind signatures serve as a crucial building block for various privacy-sensitive applications, including anonymous payments, voting systems, and credentials. The original notion of an anonymous credential system was derived from the concept of blind signatures but relied on a trusted party for the transfer of credentials, involving the translation from one pseudonym to another. Chaum's blind signature scheme, based on RSA signatures and the discrete logarithm problem, enabled the construction of anonymous credential systems.

Stefan Brands further advanced digital credentials by introducing secret-key certificate-based credentials, enhancing Chaum's basic blind-signature system in both the discrete logarithm and strong RSA assumption settings. Brands credentials offer efficient algorithms and unconditional commercial security in terms of privacy, along with additional features like a proof of non-membership blacklist.

Another form of credentials that adds a new feature to anonymous credentials is multi-show unlinkability, which is realized through group signature related credentials of Camenisch et al. The introduction of Group signatures possibilities for multi-show unlinkable showing protocols. WWhile blind signatures are highly relevant for electronic cash and single-show credentials, the cryptographic primitive known as group signature introduced new avenues for constructing privacy-enhancing protocols. Group signatures share similarities with Chaum's concept of credential systems.

In a group signature scheme, members of a group can sign a message using their respective secret keys. The resulting signature can be verified by anyone possessing the common public key, without revealing any information about the signer other than their group membership. Typically, a group manager entity exists, capable of disclosing the actual identity of the signer and managing the addition or removal of users from the group, often through the issuance or revocation of group membership certificates. The anonymity, unlinkability, and anonymity revocation features provided by group signatures make them suitable for various privacy-sensitive applications, such as voting, bidding, anonymous payments, and anonymous credentials.

Efficient constructions for group signatures were presented by Ateniese, Camenisch, Joye, and Tsudik while the most efficient multi-show unlinkable anonymous credential systems ]—with the latter being a streamlined version of idemix[ ]—are based on similar principles. This is particularly true for credential systems that provide efficient means for implementing anonymous multi-show credentials with credential revocation.

Both schemes are based on techniques for doing proofs of knowledge. Proofs of knowledge based on the discrete logarithm problem for groups of known order and the special RSA problem for groups of hidden order form the foundation for most modern group signature and anonymous credential systems. Moreover, the direct anonymous attestation, a protocol for authenticating trusted platform modules, is also based on the same techniques.

Direct anonymous attestation can be considered the first commercial application of multi-show anonymous digital credentials, although in this case, the credentials are associated with chips and computer platforms rather than individuals.

From an application perspective, the main advantage of Camenisch et al.'s multi-show unlinkable credentials over the more efficient Brands credentials is the property of multi-show unlinkability. However, this property is primarily relevant in offline settings. Brands credentials offer a mechanism that provides analogous functionality without sacrificing performance: an efficient batch issuing protocol capable of simultaneously issuing multiple unlinkable credentials. This mechanism can be combined with a privacy-preserving certificate refresh process, which generates a fresh unlinkable credential with the same attributes as a previously spent credential.

Online credentials for learning
Online credentials for learning are digital credentials that are offered in place of traditional paper credentials for a skill or educational achievement. Directly linked to the accelerated development of internet communication technologies, the development of digital badges, electronic passports and massive open online courses (MOOCs) have a very direct bearing on our understanding of learning, recognition and levels as they pose a direct challenge to the status quo. It is useful to distinguish between three forms of online credentials: Test-based credentials, online badges, and online certificates.