SmartDID: A Novel Privacy-Preserving Identity Based on Blockchain for IoT

Internet of Things (IoT) applications have penetrated into all aspects of human life. Millions of IoT users and devices, online services, and applications combine to create a complex and heterogeneous network, which complicates the digital identity management. Distributed identity is a promising paradigm to solve IoT identity problems and allows users to have soverignty over their private data. However, the existing state-of-the-art methods are unsuitable for IoT due to continuing issues regarding resource limitations for IoT devices, security and privacy issues, and lack of a systematic proof system. Accordingly, in this article, we propose SmartDID, a novel blockchain-based distributed identity aimed at establishing a self-sovereign identity and providing strong privacy preservation. First, we configure IoT devices as light nodes and design a Sybil-resistant, unlinkable, and supervisable distributed identity that does not rely on central identity providers. We further develop a dual-credential model based on commitment and zero-knowledge proofs to protect the privacy of sensitive attributes, on-chain identity data, and linkage of credentials. Moreover, we combine the basic credential proofs to prove the knowledge of solutions to more complex problems and create a systematic proof system. We go on to provide the security analysis of SmartDID. Experimental analysis shows that our scheme achieves better performance in terms of both credential generation and proof generation when compared with CanDID.

Automated summary

In this article, we propose SmartDID, a novel blockchain-based distributed identity that aims to establish a self-sovereign identity and provide strong privacy preservation. Our method configures IoT devices as light nodes and designs a Sybil-resistant, unlinkable, and supervisable distributed identity. We further develop a dual-credential model based on commitment and zero-knowledge proofs to protect privacy. Our scheme achieves better performance compared to CanDID in terms of both credential generation and proof generation.