|09:30-10:00||Session 1: Welcome + Identification (chair: Bertram Poettering)|
|09:35-10:00||The regulatory framework of digital identification services across the European Union Slides|
|10:00-10:45||Keynote 1: Björn Tackmann (chair: Julia Hesse)|
User-friendly authentication on the decentralized web|
User authentication on traditional web sites is usually based on passwords or third-party authentication providers. Neither of the two solutions is directly applicable to the decentralized web: The common way of using passwords requires trust in the server – which cannot be assumed in the decentralized setting – and the reliance on centralized “Big Tech” service providers is antithetical to decentralization. While proper cryptographic authentication has previously been restricted to certain fringe applications due to the difficulty of securely managing cryptographic keys, the recent rise of Web Authentication – primarily in the context of two-factor authentication – has provided a broad user base with devices that enable secure key storage. This talk introduces Internet Identity, the user-friendly password-less authentication protocol on the Internet Computer (IC), which builds on Web Authentication and threshold cryptography. Internet Identity enables users to authenticate securely to any smart contract running on the IC, from any one of their devices, while keeping the management of cryptographic keys both easy and secure.
|11:00-12:00||Session 2: Deployed protocols (chair: Tore Frederiksen)|
|11:00-11:25||On Account Recovery and Delegation in WebAuthn|
|11:25-11:50||Breaking and Fixing Contact Identifier-based Mutual Authentication in Apple AirDrop|
|14:00-15:00||Keynote 2: Hugo Krawczyk (chair: Bertram Poettering)|
Entrusting Your Secrets to an Oblivious PRF Slides|
Identity management and privacy crucially depend on the use and control of secrets. It would have helped if humans were equipped with the ability to memorize at least one good high-entropy secret in their brains. Unfortunately (at least until computer chips are drilled into human brains), we are left with the need to amplify medium-entropy secrets in the form of passwords into strong secrets. One tool that has proven remarkably adept at such amplification are oblivious pseudorandom functions (OPRF). We will survey a few applications that show just how fitting OPRFs are for such tasks.
|15:00-15:50||Session 3: Building blocks (chair: Chelsea Komlo)|
|15:00-15:25||Delegatable Anonymous Credentials from Mercurial Signatures|
|15:25-15:50||Dynamic Universal Accumulator with Batch Update over Bilinear Groups|
|16:15-17:15||Keynote 3: Kim Hamilton Duffy (chair: Anja Lehmann)|
Decentralized Identity: is it ready and is it helping?|
Decentralized Identity standards (such as Verifiable Credentials and Decentralized Identifiers) and related interoperability efforts, sometimes referred to by the term "Self-Sovereign Identity", have seen increasing attention – including in high-stakes use cases such as COVID credentials. This brings up questions such as why, how they benefit individuals, and whether they are ready for prime time. This talk will provide a quick survey of decentralized identity use cases and adoption, including what's gone well and what needs improvement. We'll consider a variety of spectrums, including fragmentation/interoperability, complexity/usability, and theoretical vs practical benefits to individuals. We'll highlight areas needing special attention and which are especially relevant to the Future of PI program.