Watch the stream
Digital identity credentials are coming of our mobile wallets. In North America, several states have begun deploying mobile Driver's Licenses (mDL), with others, including the Canadian provinces, are preparing to follow suit. In Europe, plans are underway for a unified digital identity wallet. Similarly, corporate identities, like those provided by Microsoft Entra, are enabling various online authentication scenarios, such as employment verification. Together, these innovations are building the long-missing identity layer of the internet.
However, the internet’s foundational business model, rooted in tracking user activities to serve targeted ads, has created persistent privacy challenges. Modern identity frameworks like Selective-Disclosure JSON Web Tokens (SD-JWT) and mDLs address some concerns by enabling selective disclosure, thereby minimizing data oversharing. While this is an important step forward, one critical gap remains: breaking the cryptographic link between the issuance and presentation of credentials. Without this, issuers and verifiers can still track users’ activities, eroding user privacy.
Several cryptographic schemes, such as blind or group signatures, have been proposed to address this issue. However, these solutions require significant overhauls to existing identity systems, making widespread adoption difficult. An interesting alternative is to leverage zero-knowledge proof mechanisms to present unmodified existing identity credentials while achieving any desired levels of privacy. This approach allows users to prove specific claims — such as "I reside in QC" (without revealing the full address) or "I am an adult" (without disclosing the date of birth) — without unnecessary data disclosure.
In this talk, I'll present our recently released Crescent open-source framework implementing such a zero-knowledge scheme, and demonstrate how it can be used to 1. prove you are currently employed by a specific company to access employer-provided sensitive resources (e.g., a mental health clinic or an anonymous survey system), and 2. prove you are over-18 to a social network using your mDL
This is achieved without the employer and government being able to track the usage of the credentials.
For further details, visit: https://christianpaquin.github.io/2024-12-19-crescent-creds.html
Christian Paquin Principal Research Software Engineer, Microsoft Research
Christian is a security specialist in the Microsoft Research Cryptography team with a mission to bridge the gap between academic research and real-world systems. With 25 years of experience, Christian has been involved in many industry-wide initiatives such as the development of privacy enhancing identity technologies (such as anonymous credentials), the ongoing post-quantum cryptographic migration, and the Coalition for Content Provenance and Authenticity (C2PA) to fight online disinformation. Christian shares some of his work results on his blog: https://christianpaquin.github.io