🔐 ELI5: What is End-to-End Privacy for Identity

Open Problems

<aside> 🌟

These problems have been synthesized from EUDI discussion threads, EUDI Annex 2 HLR, eIDAS 2.0, cryptographers feedback, government stakeholders, and PHD students seeking ESP grants.

</aside>

1. Deniable Presentations

Support plausible deniability for both issuance and presentation.

Expanded:

Plausible deniability allows a user to convincingly deny having received or presented a particular credential. In identity systems, this protects users in coercive scenarios (e.g., authoritarian regimes or domestic abuse cases). Technically, this requires that:

• Credential issuance does not leave a verifiable trace that proves the issuance happened.
• Presentations cannot be cryptographically tied back to a specific issuer or presentation event.

eIDAS 2.0 Alignment:

• Requires user deniability, meaning users and issuers should be able to deny having participated or presented credentials to third parties (ARF 1.4.0, Annex 2).
• Pseudonymity and selective disclosure are mandated to prevent identity correlation.

2. Everlasting Privacy

Generic ZKPs as an upgrade path for post-quantum resilience.

Expanded:

"Everlasting privacy" ensures that even if today's cryptographic schemes are broken in the future (e.g., by quantum computers), previously private interactions remain confidential. This requires: