Non-structural unlinkability #100
Description
This issue refers to the security review requested in this issue w3c/security-request#55 and discussed during a SING group meeting SING_2025-04-01.
There are two interesting recent papers (eprint.iacr.org/2024/2010 by Google and eprint.iacr.org/2024/2013 by Microsoft) proposing the construction of anonymous credentials with ECDSA, providing a mechanism to achieve unlinkability even with ECDSA without changing the issuer's processes and without requiring changes to mobile devices. More in detail, the proposed schemes exploit zk-SNARK to transform existing credentials into anonymous credentials. They are interesting since up to now with ECDSA, it was not possible to achieve unlinkability.
The proposed solutions in the papers open up more possibilities for achieving together selective disclosure and unlinkability and facilitate the adoption of anonymous credentials starting from yet deployed and standardized cryptographic schemes.
Thus, since it says in Privacy Considerations that ECDSA does not support unlinkabililty, suggest to consider mentioning that this is not a structural problem with the algorithm and that in the future it may instead be possible to obtain this property.