Claims

Our main claims are the following:

• Without accessing the attestation that was placed by the issuer in the passport, and under standard cryptographic assumptions, it’s not possible to impersonate someone.

• Without accessing the passport’s attestation, it’s not possible to know if someone registered in the identity registry. This is because attestation nullifiers provide enough entropy so they can’t be glossary-attacked.

• Accessing a passport’s attestation leaks if the user is registered in the identity registry, but provided sufficient delay is elapsed between registration and disclosure, it does not reveal the user’s disclosure proofs.

• When a user registers, they do not leak private information. Because we use zero-knowledge proofs to whitelist DSC certificates, the user does not even leak the DSC certificate used to sign their passport, thus their country of origin. This is unlike for instance Rarimo’s architecture, in which the DSC is verified publicly on chain. Registration does leak which signature algorithm was used to sign their passport, and possibly their DSC if it has not been whitelisted before. For most signature algorithms the anonymity set is large, but for some it’s small (e.g. Lithuania is the only country using SHA-224 with brainpoolP224r1)

• The Self protocol provides some level of Sybil resistance: because it relies on issued attestation, is not as trivial to attack as current solutions like checking IP addresses, blockchain addresses or phone numbers. In particular, it is costly to attack at scale.