Privacy-Preserving Outsourced Certificate Validation

Digital Covid certificates are the first widely deployed end-user cryptographic certificates. For service providers, such as airlines or event ticket vendors, that needed to check their (global) customers satisfy certain health policies, verification of was challenging though - not because cryptography involved, but due multitude issuers, different certificate types and evolving nature country-specific policies had be supported. As contain sensitive information, (online) presentation non-health related entities also poses clear privacy risk. To address both challenges, EU proposed a specification for outsourcing process validator service, executes informs providers result. The WHO announced adapt this approach general vaccination credentials beyond Covid-19. While being beneficial improve security solution requires strong trust assumption (central) validation learns all health-related details users. In our work, we propose formally model privacy-preserving variant an outsourced service. Therein attributes it is supposed verify, users identity. Still, validator’s assertion blindly bound user’s identity ensure desired user-binding. We analyze in show only meets subset those goals. Our analysis further shows protocol unnecessarily complex can significantly simplified while maintaining same (weak) level security. Finally, new construction provably satisfies