Paper 2024/379

SyRA: Sybil-Resilient Anonymous Signatures with Applications to Decentralized Identity

Abstract

We introduce a new cryptographic primitive, called Sybil-Resilient Anonymous (SyRA) signature, which enables users to generate, on demand, unlinkable pseudonyms tied to any given context, and issue digital signatures on their behalf. Concretely, given a personhood relation, an issuer (who may be a distributed entity) enables users to prove their personhood and extract an associated long-term key, which can then be used to issue signatures for any given context and message. Sybil-resilient anonymous signatures achieve two key security properties: 1) Sybil resilience: ensures that every user is entitled to at most one pseudonym per context, and 2) anonymity: requires that no information about the user is leaked through their various pseudonyms or the signatures they issue on their pseudonyms’ behalf. We conceptualize SyRA signatures as an ideal functionality in the Universal Composition (UC) setting and realize the functionality via an efficient, pairing-based construction that utilizes two levels of verifiable random functions (VRFs) and which may be of independent interest. A key feature of this approach is the statelessness of the issuer: we achieve the core properties of Sybil resilience and anonymity without requiring the issuer to retain any information about past user interactions. SyRA signatures have various applications in multiparty systems, such as e-voting (e.g., for decentralized governance) and cryptocurrency airdrops, making them an attractive option for deployment in decentralized identity (DID) systems.