Authenticated Selective Disclosure of Credentials in Hybrid-Storage Blockchain

The digital representation of credentials has become a necessary way in all aspects of human life, such as healthcare, education, etc. However, the current digital credentials sharing solutions tend to overlook the problem of over-disclosure. The data presentation of credentials is an all-or-nothing process, which results in the leakage of unnecessary data and threatens the privacy of the holder. In this paper, to achieve authenticated selective disclosure of credentials, we first design a hybrid storage model incorporating erasure coding (EC), where the raw data are outsourced to an off-chain distributed storage service provider while only small digest information are stored on-chain to maintain data integrity. Moreover, under the storage model, we propose an authenticated data structure (ADS) which integrates EC and the Merkle B-tree to minimize data sharing. Based on this ADS, a verifiable object (VO) can be generated, which is used to provide proof of the disclosed data without exposing the other data of the credentials. At last, we prove the security of the proposed ADS scheme and the experimental results show that, compared to a baseline solution, the proposed ADS reduces the average building and verification time, without sacrificing much of the transmission cost.