SSI-Trust: A Blockchain-Based Framework for Trusted Issuer Management in Self-Sovereign Identity
摘要
Self-Sovereign Identity (SSI) is an emerging paradigm that empowers individuals with control over their digital identities without relying on centralized authorities. While SSI systems promote user-centric data ownership, they face significant challenges in managing and verifying the trustworthiness of credential issuers. Existing solutions often lack formal trust propagation mechanisms, are vulnerable to collusion, and do not support flexible credential update policies, leading to concerns about issuer legitimacy and system integrity. To address these limitations, we propose SSI-Trust, a blockchain-based framework for trusted issuer management in SSI ecosystems. Our approach introduces a trust propagation protocol that enables issuers to be recognized as verifiable and trustworthy entities within the SSI platform. We design a new class of verifiable credentials embedded with an update policy section, specifying the permissible modifications, authorized entities, and intended purposes thereby enhancing issuer accountability and transparency. The framework leverages two key mechanisms: (i) sanitizable signature schemes to securely propagate trust from endorsers to issuers, and (ii) a voting-based trust evaluation mechanism to mitigate collusion risks and ensure decentralized trust validation. Furthermore, we define a reusable trust propagation credential template, anchored on the blockchain, to standardize and facilitate the credential issuance process. Both the qualitative analysis and the experimental findings show that SSI-Trust is resilient against numerous attack scenarios and performs robustly under varying system loads. It is also practical, when it comes to the age-old challenge of managing issuer trust in Self-Sovereign Identity systems, SSI-Trust provides a decentralised, secure, and scalable solution.