Signing transactions anonymously with Identity Mixer in Hyperledger Idemix team: Jan Camenisch, Manu Drijvers, Maria Dubovitskaya Blockchain team: Elli Androulaki, Angelo De Caro, Andreas Kind, Alessandro Sorniotti IBM Research - Zurich

(prove Over 17 from ID issued by eGov) Identity Mixer Attribute-based credentials Strong authentication (signatures) Privacy-preserving Access Control Selective disclosure of attributes, predicates over attributes, full unlinkability Auditability Revocation Preserving privacy and unlinkability - Verification is done with the public key of the issuer only Presentation Policy (prove Over 17 from ID issued by eGov)

Identity Mixer vs. multiple X.509 TCerts Certificate Authority (CA) X.509 Identity Mixer Attr 1 Attr 2 Attr 1 Attr 2 secret key public key Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 Presentation Policy 2 Presentation Policy 1 trust Attr 1 Attr 2 Attr 1 Attr 2 Presentation Policy 1 Transaction B Attr 1 Attr 2 Transaction A Attr 1 Attr 2 Attr 1 Attr 2 Transaction A Transaction C Transaction B Attr 1 Attr 2 Attr 1 Attr 2 Attr 1 Attr 2 CA’s public key Verifier

Membership management with Identity Mixer ECerts: (relatively) static enrollment certificates acquired via registration with an enrollment certificate authority (CA). TCerts: Identity Mixer presentation proofs derived from ECert, without interaction with CA Blockchain User B Certificate Authority (CA) Blockchain User A TkeyB shares public key U Application Membership uses uses Ecert U Requests certificates 1xEcert invokes SC txn (signed with TkeyA, encrypted with TkeyA, TkeyB…) Application (stored in wallet) TkeyA TkeyB Accesses ledger TkeyB … sc deployed on every validating peer Smart contract Consensus Network (signed with Ekey of origin, encrypted with validators’ key)

Contribution Overview: MVP for Java SDK User.java (extend with GetSigningIdentity() method) TransactionContext.java Sign Transactions Identity/SigningIdentity.java IdemixSampleStore.java Sign/Verify (Generate/Verify Presentation Tokens) User Certificates Idemixgen tool KeyGen Issuance Revocation Identity Mixer crypto package Generate CA keys Issue ECert Presentation Verification Audit