Recent advances in decentralized digital identity based on Verifiable Credentials utilize identity wallets to ensure that the identity data control remains with the user. However, they still lack higher Level of Assurance guarantees, restricting their full potential. In this paper, we design and showcase DOOR, a scheme that enables identity wallets to utilize a hardware root of trust and bring them in alignment with emerging regulations and standards that require higher level of assurances for services (e.g. eIDAS). At the same time, we make sure that privacy-enhancing properties like selective-disclosure are fully supported, in order to make the wallet compliant with privacy regulations (e.g. GDPR). To achieve all these we have designed an enhanced variant of DAA-A crypto protocol to offer anonymity, unlinkability, and unforgeability, while being the first to offer strong guarantees on the Wallet’s integrity when constructing attribute attestations. We formally prove the security properties of DOOR and evaluate the performance of its implementation for every phase of the credential management.

First submission version