PrivIdEx: Privacy Preserving and Secure Exchange of Digital Identity Assets


Download PDF Document


H. Gunasinghe, A. Kundu, E. Bertino, H. Krawczyk, K. Singh, S. Chari, D. Su

Tech report number

CERIAS TR 2019-01

Entry type



User’s digital identity information has privacy and security requirements. Privacy requirements include confidentiality of the identity information itself, anonymity of those who verify and consume a user’s identity information and unlinkability of online transactions which involve a user’s identity. Security requirements include correctness, ownership assurance and prevention of counterfeits of a user’s identity information. Such privacy and security requirements, although conflict in nature, are critical for identity management systems enabling the exchange of users’ identity information between different parties during the execution of online transactions. Addressing all such requirements, without a centralized party managing the identity exchange transactions, raises several challenges. This paper presents a decentralized protocol for privacy preserving exchange of users’ identity information addressing such challenges. The proposed protocol leverages advances in blockchain and zero knowledge proof technologies, as the main building blocks. We provide prototype implementations of the main building blocks of the protocol and assess its performance and security.




2019 – 5 – 13

Key alpha

privacy, security, identity management, ZKSNARK, blockchain

Publication Date


BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.