GIT-CERCS-06-14
David Bauer, Doug Blough,
Copy-Resistant Credentials with Minimum Information Disclosure
Public-key based certificates provide a standard way to prove one's identity,
as certified by some certificate authority (CA). But standard certificates
provide a binary identification: either the whole identity of the subject is
known, or nothing is known. By using a Merkle hash tree structure, it is
possible for a single certificate to certify many separate claims or
attributes, each of which may be proved independently, without revealing the
others. Additionally, trees from multiple sources can be combined together by
modifying the tree structure slightly. This allows claims by different
authorities, such as an employer or professional organization, to be combined
under a single tree, without the CA needing to know (let alone verify) all of
the claims.