Secure Revocation Features in eKYC - Privacy Protection in Central Bank Digital Currency

摘要

Central bank digital currencies require the implementationof eKYC to verify whether a trading customer is eligible online. When anorganization issues an ID proof of a customer for eKYC, that proof is usuallyachieved in practice by a hierarchy of issuers. However, the customer wantsto disclose only part of the issuer’s chain and documents to the tradingpartner due to privacy concerns. In this research, delegatable anonymouscredential (DAC) and zero-knowledge range proof (ZKRP) allow customersto arbitrarily change parts of the delegation chain and message body torange proofs expressed in inequalities. That way, customers can protectthe privacy they need with their own control. Zero-knowledge proof isapplied to prove the inequality between two time stamps by the time stampserver (signature presentation, public key revocation, or non-revocation)without disclosing the signature content and stamped time. It makes itpossible to prove that the registration information of the national ID card isvalid or invalid while keeping the user’s personal information anonymous.This research aims to contribute to the realization of a sustainable financialsystem based on self-sovereign identity management with privacy-enhancedPKI.