Selective Content Disclosure using Zero-Knowledge Proofs

Information-Centric Networking (ICN) is a Next Generation Internet architecture that facilitates content sharing. ICN natively supports content multi-sourcing, allowing content items to be stored in multiple storage nodes. In order to ensure data integrity, data owners can sign their content items. This, however, prevents storage nodes from sharing partial content items. We present a data sharing scheme where data owners store structured data items (e.g., IoT measurements) in semi-trusted storage nodes. We allow data consumers to express interest for a portion of a data item and we enable storage nodes to “hide” the remaining item without invalidating its integrity. We achieve our goal by leveraging BBS+ digital signatures that support selective data disclosure through Zero-Knowledge Proofs. We define a protocol for data owners to issue authorizations in the form of Verifiable Credentials, which indicate which parts of the data a consumer is allowed to access, and a protocol for consumers to send these authorizations inside ICN Interests. This allows storage nodes to implement fine grain access control, without having access to the secrets of the data owners, while data consumers can still verify the authenticity and integrity of the partially revealed data. In addition to its security advantages, our solution requires significantly less storage and communication overhead compared to an approach that relies on commonly used digital signature algorithms.