KR-20260063046-A - Zero-Knowledge Proof-Based Attribute Certificate Structure on Blockchain

Abstract

This invention enables attribute-based authentication utilizing zero-knowledge proof (zk-SNARKs) techniques in existing Public Key Infrastructure (PKI) infrastructures, such as financial certificates, by including an attribute certificate structure in the extended fields of X.509 certificates. This invention ensures compatibility between existing centralized certificate systems and Self-Sovereign Identity (SSI) and Verifiable Credential (VC) systems, while simultaneously realizing user privacy protection and data integrity. The attribute certificate extension structure proposed in this invention consists of Proof, zk-circuit, and attribute information from multiple issuers. Users can prove the legitimacy of attributes through zero-knowledge proof without exposing specific attribute values, and verification history and issuance records are recorded on the blockchain to ensure transparency and reliability. Furthermore, the authentication process is carried out quickly and efficiently through the automation of authentication and rewards via smart contracts. This system supports multiple issuers in performing collaborative attribute authentication and provides non-redundant credential management and interoperability across various industries and organizations. Through this invention, the latest authentication technologies can be introduced even within existing PKI infrastructure, and extended functions can be implemented while maintaining existing systems, such as financial certificates. Consequently, this invention provides an innovative authentication framework equipped with privacy protection, data integrity, and transparency, thereby establishing a safe and reliable attribute-based authentication system in diverse environments.

Inventors

• 최종석

Assignees

• 주식회사 바이야드

Dates

Publication Date

20260507

Application Date

20241030

Claims (3)

1. To define an X.509 compatible attribute certificate, Attribute Certificate Extension Structure in X.509 format.
2. In Article 1, A structure that describes the proof, zero-knowledge circuit, and attributes in an attribute certificate extension structure.
3. In Paragraph 2, A structure for describing the validator for each attribute, A structure describing the type of attribute, the attribute issuer, and the signature algorithm.

Description

Zero-Knowledge Proof-Based Attribute Certificate Structure on Blockchain Zero-Knowledge Proof-Based Attribute Certificate Structure on Blockchain The present invention relates to an attribute certificate structure utilizing Zero-Knowledge Proof (ZK) on a blockchain. In particular, it defines an attribute certificate extension structure using the extension fields of an X.509 certificate and ensures data integrity and personal information protection by utilizing Zero-Knowledge Proof during the issuance and authentication process of attributes. X.509 is a representative certificate standard used in Public Key Infrastructure (PKI). This certificate is utilized to authenticate the identity and public keys of users, servers, and systems, and plays an important role in various internet services and security systems. X.509 certificates are issued by a Certificate Authority (CA) and contain a public key and identity information of the subject being authenticated. At the same time, the issuing authority's digital signature is included to ensure that the certificate has not been forged. The basic X.509 certificate structure consists of a serial number, signature algorithm, issuer information, subject information, public key, and validity period. Additional information can be included through extension fields. Blockchain is a technology in which multiple nodes participating in a network manage data in a distributed manner without a central server. Network participants share identical copies of data, and whenever new data is added, they record it in a block and link it to the previous block. These linked blocks are stored in chronological order, and the entirety forms a single continuous data ledger. Blockchain is effective in ensuring data integrity, transparency, and security. Since network participants verify the authenticity of data in a decentralized manner, trust can be secured without relying on a central server. Furthermore, data recorded once cannot be altered (immutability), and all data history is transparently managed on the network. zk-SNARKs are a form of Zero-Knowledge Proof that allows the validity of information to be verified without disclosing any of that information. This technique is primarily used in situations where privacy protection and integrity verification are required. The core of zk-SNARKs is non-interactiveness and succinctness. Non-interactiveness means that the prover and the verifier complete a single proof and verification process without any separate interaction. Succinctness refers to the ability to present complex calculations as very short and simple proofs, enabling verifiers to perform verification tasks quickly. Self-Sovereign Identity (SSI) is a decentralized identity management system in which users manage their own identity and credential information. In existing centralized identity systems, central entities such as governments, corporations, and certificate issuing authorities have issued and managed users' identities. In contrast, SSI is a structure designed to allow users to fully control their digital identities and attributes, and to voluntarily share identity information only when necessary. Figure 1 is a diagram showing the attribute certificate extension structure in the X.509 certificate structure. The attribute certificate issuance process includes an attribute certificate extension structure (200) in the extension fields (Extensions) of the X.509 certificate (100). The attribute certificate extension structure includes the user's attribute information and Proof, zk-circuit, and Attribute Issuers to prove it. When each issuer issues a specific attribute to a user, each attribute issuance structure (300) included in the Attribute Issuers specifies the attribute type, signature algorithm, and issuer information. For example, a bank may issue the user's income information, and a company may issue position and affiliation information. All of this attribute information is integrated into the attribute certificate extension structure (200). In the attribute authentication and verification process, the user proves their attributes to a verifier using an issued attribute certificate. ZK-circuiting is used to demonstrate that the attribute satisfies given conditions, while the Proof verifies the validity of the user's attribute using zero-knowledge proof. During this process, the user's specific attribute values are not exposed. For example, during a loan review, a user proves that their income exceeds a certain level, but the actual income amount is not disclosed.