Skip to content
/ pq-zk-identity Public
forked from iotaledger/identity.rs

Integration of ZK VC, and of PQ and PQ/T VC into IOTA Identity Framework

www.iota.org

License

Apache-2.0 license
0 stars 87 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Cybersecurity-LINKS/pq-zk-identity

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,559 Commits
.cargo
.cargo
 
 
.github
.github
 
 
bindings
bindings
 
 
examples
examples
 
 
identity_core
identity_core
 
 
identity_credential
identity_credential
 
 
identity_did
identity_did
 
 
identity_document
identity_document
 
 
identity_ecdsa_verifier
identity_ecdsa_verifier
 
 
identity_eddsa_verifier
identity_eddsa_verifier
 
 
identity_iota
identity_iota
 
 
identity_iota_core
identity_iota_core
 
 
identity_jose
identity_jose
 
 
identity_pqc_verifier
identity_pqc_verifier
 
 
identity_resolver
identity_resolver
 
 
identity_storage
identity_storage
 
 
identity_stronghold
identity_stronghold
 
 
identity_verification
identity_verification
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.license_template
.license_template
 
 
.license_template_ignore
.license_template_ignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dprint.json
dprint.json
 
 
rust-toolchain.toml
rust-toolchain.toml
 
 
rustfmt.toml
rustfmt.toml
 
 

Repository files navigation

Zero-Knowledge (ZK)

The IOTA Identity Framework now supports Zero-Knowledge functionalities, thanks to the integration of two key components:

  • BBS+ Signature Scheme: This scheme has been integrated through the ZKryptium library, allowing for secure and privacy-preserving credential management.
  • JSON Web Proof Representation: The json-proof-token library implements the JSON Web Proof specification, enabling verifiable claims with selective disclosure.

For more details on the implementation and how to use these features, you can find the full documentation here.

PQ/T Hybrid

This repository extends the IOTA Identity framework by implementing both Post-Quantum (PQ) and Post-Quantum/Traditional (PQ/T) Hybrid cryptographic approaches. These approaches address emerging threats to traditional cryptography posed by quantum computing.

Overview

  1. PQ Approach: To transition to quantum-resistant cryptography, the framework has been updated to support selected PQ signature algorithms, such as ML-DSA, SLH-DSA and FALCON. The implementation of these algorithms is provided by liboqs.

  2. PQ/T Hybrid Approach: To mitigate risks associated with the relative immaturity of certain PQ algorithms, the PQ/T Hybrid combines a PQ algorithm with a traditional one in a composite signature. This ensures secure authentication, even if one of the two algorithms becomes compromised.

    • Hybrid Signatures and Composite Key: In the PQ/T Hybrid approach, both PQ and traditional keys are managed and verified using the newly introduced verification material property type called compositeJwk, which stores both types of keys within the DID document. This setup enforces the non-separability of signatures, protecting against stripping attacks.
    • Supported Algorithms: Currently, there are two supported algorithms: id-MLDSA44-Ed25519-SHA512 and id-MLDSA65-Ed25519-SHA512. The first combines ML-DSA-44 with Ed25519, while the second combines ML-DSA-65 with Ed25519.

Examples

To test the above functionalities, you can refer to practical code snippets available in the example directory.

Note: The examples in the example/demo directory are configured to use the DID Web Method. To run these examples, you must have a server instance that hosts the Issuer's DID Document. You can use the default server provided in the example/demo/server folder, or configure one yourself. However, ensure that the following variables in utils.rs are correctly set to point to your server instance:

pub static DID_URL: &str = "https://localhost:4443/.well-known/";
pub static PATH_DID_FILE: &str = "C:/Projects/did-web-server/.well-known/";

Make sure your server is set up before running the examples to avoid any configuration issues.

About

Integration of ZK VC, and of PQ and PQ/T VC into IOTA Identity Framework

www.iota.org

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Rust 88.5%
  • TypeScript 10.8%
  • Other 0.7%