Decentralized Cross-Network Identity Management for Blockchain Interoperation

Interoperation for data sharing between permissioned blockchain networks relies on networks' abilities to independently authenticate requests and validate proofs accompanying the data; these typically contain digital signatures. This requires counterparty networks to know the identities and cer...

Full description

Saved in:
Bibliographic Details
Published inarXiv.org
Main Authors Ghosh, Bishakh Chandra, Venkatraman Ramakrishna, Govindarajan, Chander, Behl, Dushyant, Karunamoorthy, Dileban, Abebe, Ermyas, Chakraborty, Sandip
Format Paper Journal Article
LanguageEnglish
Published Ithaca Cornell University Library, arXiv.org 07.04.2021
Subjects
Ad hoc networks
Blockchain
Computer Science - Cryptography and Security
Computer Science - Distributed, Parallel, and Cluster Computing
Consortia
Cryptography
Data retrieval
Digital signatures
Group theory
Information sharing
Logistics
Trustworthiness
Online AccessGet full text

Cover

More Information
Summary:Interoperation for data sharing between permissioned blockchain networks relies on networks' abilities to independently authenticate requests and validate proofs accompanying the data; these typically contain digital signatures. This requires counterparty networks to know the identities and certification chains of each other's members, establishing a common trust basis rooted in identity. But permissioned networks are ad hoc consortia of existing organizations, whose network affiliations may not be well-known or well-established even though their individual identities are. In this paper, we describe an architecture and set of protocols for distributed identity management across permissioned blockchain networks to establish a trust basis for data sharing. Networks wishing to interoperate can associate with one or more distributed identity registries that maintain credentials on shared ledgers managed by groups of reputed identity providers. A network's participants possess self-sovereign decentralized identities (DIDs) on these registries and can obtain privacy-preserving verifiable membership credentials. During interoperation, networks can securely and dynamically discover each others' latest membership lists and members' credentials. We implement a solution based on Hyperledger Indy and Aries, and demonstrate its viability and usefulness by linking a trade finance network with a trade logistics network, both built on Hyperledger Fabric. We also analyze the extensibility, security, and trustworthiness of our system.
ISSN:2331-8422
DOI:10.48550/arxiv.2104.03277