Abstract The traditional centralized digital identity management system (DIMS) has been subject to threats such as fragmented identity, single point of failure, internal attacks and privacy leakage. Emerging blockchain technology allows DIMSs to be deployed in it, which largely alleviates the problems caused by the centralized third party, but its inherent transparency and lack of privacy pose a huge challenge to DIMSs. In this regard, we leverage the smart contracts and zero-knowledge proof (ZKP) algorithms to improve the existing claim identity model in blockchain to realize the identity unlinkability, effectively avoiding the exposure of the ownership of attributes. Furthermore, we implement a system prototype named BZDIMS that includes a challenge-response protocol, which allows users to selectively disclose their ownership of attributes to service providers to protect users’ behavior privacy. Performance evaluation and security analysis show that our scheme achieves effective attribute privacy protection and a wider application scope compared with the prior model.

中文翻译：

---

一种基于零知识证明的区块链数字身份管理方案

摘要 传统的集中式数字身份管理系统（DIMS）一直受到身份碎片化、单点故障、内部攻击和隐私泄露等威胁。新兴的区块链技术允许在其中部署 DIMS，这在很大程度上缓解了中心化第三方带来的问题，但其固有的透明度和隐私性的缺乏对 DIMS 构成了巨大挑战。对此，我们利用智能合约和零知识证明（ZKP）算法改进区块链中现有的声明身份模型，实现身份不可链接，有效避免属性所有权的暴露。此外，我们实现了一个名为 BZDIMS 的系统原型，其中包括一个挑战-响应协议，允许用户选择性地向服务提供者公开其属性的所有权，以保护用户的行为隐私。性能评估和安全分析表明，与现有模型相比，我们的方案实现了有效的属性隐私保护和更广泛的应用范围。