Credential Transparency System

A major component of the entire digital identity ecosystem are verifiable credentials. However, for users to have complete control and privacy of their digital credentials, they need to be able to store and manage these credentials and associated cryptographic key material on their devices. This approach has severe usability challenges including portability across devises. A more practical solution is for the users to trust a more reliable and available service to manage credentials on their behalf, such as in the case of Single Sign-On (SSO) systems and identity hubs. But the obvious downside of this design is the immense trust that the users need to place on these service providers. In this work, we introduce and formalize a credential transparency system (CTS) framework that adds strong transparency guarantees to a credential management system while preserving privacy and usability features of the system. CTS ensures that if a service provider presents any credential to an honest verifier on behalf of a user, and the user's device tries to audit all the shows presented on the user's behalf, the service provider will not be able to drop or modify any show information without getting caught. We define CTS to be a general framework that is compatible with a wide range of credential management systems including SSO and anonymous credential systems. We also provide a CTS instantiation and prove its security formally.