NOTE: This thesis is reserved.

Background

The Swiss federal council has decided to build the Swiss E-ID based on self-sovereign identity (SSI) principles. Similarly, the European Union and many companies around the world plan to introduce SSI-based solutions for identity and access management. With SSI, users own their digital identity and autonomously control what information is revealed to which service providers. This contrasts with current Internet single sign-on architectures, which threaten user privacy by deploying central identity providers.

SSI combines many foundational technologies, such as blockchain-based distributed ledgers (DLT), cryptographic proofs of identity attributes (zero-knowledge proofs), PKI with distributed key management, and various software components such as mobile wallets and agents connected in a P2P network. Accordingly, the technology stack of SSI is very complex. In order for SSI to develop into a secure technological basis for a national E-ID, various aspects need to be researched:

  • security of the protocols
  • scalability of solutions
  • preservation of privacy
  • possible restrictions, e.g., regarding decentralization
  • usability for consumers
  • trust management and governance

Goal of the project

KERI is a distributed key and identity management system. It is not a ledger, but claims to provide similar security guarantees while being more scalable. KERI could be useful when building the base or trust registry of an E-ID infrastructure. However, the conditions and security properties of a specific KERI network largely depend on its structure and parameters. The goal of this thesis is to analyze KERI architectures and their security properties in detail and provide guidelines for building secure KERI networks.

KERI contains a consensus protocol called KA2CE, which is run in local segments of the overall network. It is therefore somehwat similar to the Stellar consensus protocol, which builds up consensus in a federated way.

Interesting questions to study include, e.g.:

  • What is the purpose of KA2CE in the context of KERI?
    • Which entities act as verifiers in KA2CE?
    • How are the guarantees used in KERI?
  • Can the guarantees of KA2CE be represented in terms of safety and liveness properties?
    • If yes: What guarantees does KA2CE achieve?
    • If no: Why not? And how can these guarantees be represented instead?
  • How does KA2CE compare to other consistency mechanisms?
    • Symmetric vs. asymmetric trust?
    • Stellar?
    • Which timing assumptions are used?
    • What kinds of consistency guarantees does KA2CE provide? A total order over all events or only an order over the events of a single user?
    • How is dynamic membership/reconfiguration implemented?
    • What is the failure model? And how many failures can KA2CE tolerate?
  • Can a theoretical attack be successfully performed in a real KERI network?
  • Could a KERI network be attacked on a system level even though it satisfies formal security properties?

Requirements

  • Analytical skills
  • Background in system security
  • Interest in distributed systems and consensus protocols
  • Interest in identity management