WPEC 2024 Talk 3b5: Making BBS Anonymous Credentials eIDAS 2.0 Compliant

Abstract. eIDAS 2.0 (electronic IDentification, Authentication and trust Services) is a very ambitious regulation aimed at equipping European citizens with a digital identity wallet that not only needs to achieve a high level of security but also needs to be available as soon as possible for a large number of citizens and respect their privacy (as per GDPR - General Data Protection Regulation).  As of today (July 2024), it does not seem that this goal has been achieved in the European Digital Identity Architecture and Reference Framework (ARF).  The goal of this presentation is to introduce the foundations of a digital identity wallet solution that could help move closer to this objective by leveraging the proven anonymous credentials protocol BBS (also known as BBS+) but modifying it to avoid the limitations that have hindered its widespread adoption, especially in certified infrastructures requiring hardware implementation.  In particular, the solution we propose, which we call BBS\#, does not use bilinear pairings or pairing-friendly curves and only depends on the hardware implementation of well-known (i.e., listed in the SOG-IS Crypto Working Group document on agreed cryptographic mechanisms) digital signature schemes such as ECDSA or ECSDSA (also known as ECSchnorr) using classical elliptic curves.  In this presentation, after reminding the main aspects of the eIDAS 2.0 context, we will recall the stringent stated requirements from the European Commission for eIDAS 2.0 to achieve a Level of Assurance High and explain why current anonymous credentials protocols such as BBS/BBS+ fail to satisfy them.  We will then present our proposed protocol BBS\# and show that it is possible to achieve eIDAS 2.0 transactions which are not only efficient (around 50 ms on SIM Cards or Android StrongBox), secure and certifiable at the highest level but also provide strong (optimal) privacy protection for all European ID Wallet users.