Related papers: ExPrESSO: Zero-Knowledge backed Extensive Privacy Preserving Single Sign-on

ExPrESSO: Zero-Knowledge backed Extensive Privacy Preserving Single Sign-on

URL: http://arxiv.org/abs/2510.08355v1
Date: Thu, 09 Oct 2025 15:42:01 GMT
Title: ExPrESSO: Zero-Knowledge backed Extensive Privacy Preserving Single Sign-on
Authors: Kaustabh Barman, Fabian Piper, Sanjeet Raj Pandey, Axel Kuepper,
Abstract summary: Service providers leverage Single-Sign On (SSO) to make it easier for their users to authenticate themselves.<n> standardized systems for SSO, such as OIDC, do not guarantee user privacy as identity providers can track user activities.<n>We propose a zero-knowledge-based mechanism that integrates with OIDC to let users authenticate through SSO without revealing information about the service provider.
Score: 0.0
License: http://creativecommons.org/licenses/by-sa/4.0/
Abstract: User authentication is one of the most important aspects for secure communication between services and end-users over the Internet. Service providers leverage Single-Sign On (SSO) to make it easier for their users to authenticate themselves. However, standardized systems for SSO, such as OIDC, do not guarantee user privacy as identity providers can track user activities. We propose a zero-knowledge-based mechanism that integrates with OIDC to let users authenticate through SSO without revealing information about the service provider. Our system leverages Groth's zk-SNARK to prove membership of subscribed service providers without revealing their identity. We adopt a decentralized and verifiable approach to set up the prerequisites of our construction that further secures and establishes trust in the system. We set up high security targets and achieve them with minimal storage and latency cost, proving that our research can be adopted for production.

Related papers

Binding Agent ID: Unleashing the Power of AI Agents with accountability and credibility [46.323590135279126]
BAID (Binding Agent ID) is a comprehensive identity infrastructure establishing verifiable user-code binding.<n>We implement and evaluate a complete prototype system, demonstrating the practical feasibility of blockchain-based identity management and zkVM-based authentication protocol.
arXiv Detail & Related papers (2025-12-19T13:01:54Z)
Zero Trust Security Model Implementation in Microservices Architectures Using Identity Federation [0.0]
The article itself is a case on the need of the Zero Trust Security Model of micro services ecosystem.<n>It is proposed that the solution framework will be based on industry-standard authentication and authorization and end-to-end trust identity technologies.<n>The research results overlay that the federated identity combined with the Zero Trust basics not only guarantee the rules relating to authentication and authorization but also fully complies with the latest DevSecOps standards of microservice deployment.
arXiv Detail & Related papers (2025-11-07T02:03:05Z)
Publicly Verifiable Private Information Retrieval Protocols Based on Function Secret Sharing [45.68069331331365]
Private Information Retrieval (PIR) is a cryptographic primitive that enables users to retrieve data from a database without revealing which item is being accessed.<n>We propose two effective constructions of publicly verifiable PIR (PVPIR) in the multi-server setting, which achieve query privacy, correctness, and verifiability simultaneously.
arXiv Detail & Related papers (2025-09-17T04:28:47Z)
Understanding the Identity-Transformation Approach in OIDC-Compatible Privacy-Preserving SSO Services [7.080530070342893]
OpenID Connect (OIDC) enables a user with commercial-off-the-shelf browsers to log into multiple websites, called relying parties (RPs) by her username and credential set up in another trusted web system, called the identity provider (IdP)
arXiv Detail & Related papers (2025-06-02T05:11:01Z)
Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [43.253676241213626]
We propose an architecture for blockchain-based PAISs to preserve confidentiality and transparency.<n>Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.<n>We assess the security of our solution through a systematic threat model analysis and evaluate its practical feasibility.
arXiv Detail & Related papers (2024-12-07T20:18:36Z)
On the Compliance of Self-Sovereign Identity with GDPR Principles: A Critical Review [0.0]
Self-sovereign identity (SSI) was introduced as an IdM model to reduce the possibility of data breaches. SSI is a decentralised IdM, where the data owner has sovereign control of personal data stored in their digital wallet. This paper provides an evolution to IdMs and reviews state-of-the-art SSI frameworks.
arXiv Detail & Related papers (2024-09-05T15:35:53Z)
Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain. We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
arXiv Detail & Related papers (2024-06-27T09:50:10Z)
A Novel Protocol Using Captive Portals for FIDO2 Network Authentication [45.84205238554709]
We introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. We develop a prototype of FIDO2CAP authentication in a mock scenario. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.
arXiv Detail & Related papers (2024-02-20T09:55:20Z)
A Universal System for OpenID Connect Sign-ins with Verifiable Credentials and Cross-Device Flow [4.006745047019997]
Self-Sovereign Identity (SSI) is a new and promising identity management paradigm. We propose a comparatively simple system that enables SSI-based sign-ins for services that support the widespread OpenID Connect or OAuth 2.0 protocols.
arXiv Detail & Related papers (2024-01-16T16:44:30Z)
Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
arXiv Detail & Related papers (2023-10-12T09:33:50Z)
ROSTAM: A Passwordless Web Single Sign-on Solution Mitigating Server Breaches and Integrating Credential Manager and Federated Identity Systems [0.0]
We envision a passwordless future which provides a frictionless and trustworthy online experience for users by integrating credential management and federated identity systems. In this regard, our implementation ROSTAM offers a dashboard that presents all applications the user can access with a single click after a passwordless SSO. The security of web passwords on the credential manager is ensured with a Master Key, rather than a Master Password, so that encrypted passwords can remain secure even if stolen from the server.
arXiv Detail & Related papers (2023-10-08T16:41:04Z)

This list is automatically generated from the titles and abstracts of the papers in this site.