ExPrESSO: Zero-Knowledge backed Extensive Privacy Preserving Single Sign-on
By: Kaustabh Barman , Fabian Piper , Sanjeet Raj Pandey and more
Potential Business Impact:
Lets you log in without revealing who you visit.
User authentication is one of the most important aspects for secure communication between services and end-users over the Internet. Service providers leverage Single-Sign On (SSO) to make it easier for their users to authenticate themselves. However, standardized systems for SSO, such as OIDC, do not guarantee user privacy as identity providers can track user activities. We propose a zero-knowledge-based mechanism that integrates with OIDC to let users authenticate through SSO without revealing information about the service provider. Our system leverages Groth's zk-SNARK to prove membership of subscribed service providers without revealing their identity. We adopt a decentralized and verifiable approach to set up the prerequisites of our construction that further secures and establishes trust in the system. We set up high security targets and achieve them with minimal storage and latency cost, proving that our research can be adopted for production.
Similar Papers
Privacy-Preserving Authentication: Theory vs. Practice
Cryptography and Security
Protects your online secrets without revealing them.
Understanding the Identity-Transformation Approach in OIDC-Compatible Privacy-Preserving SSO Services
Cryptography and Security
Keeps your online accounts private and safe.
Privacy-Preserving On-chain Permissioning for KYC-Compliant Decentralized Applications
Cryptography and Security
Lets online money apps be safe and private.