What question did this study set out to answer?

The aim is to enhance interoperability in multi-party workflows while ensuring identity unlinkability and selective disclosure of sensitive data.

January 25, 2026Open Access

Process-Aware Selective Disclosure and Identity Unlinkability: A Tag-Based Interoperability-Enhancing Digital Identity Framework and Its Application to Logistics Transportation Workflows

Puntos clave

The aim is to enhance interoperability in multi-party workflows while ensuring identity unlinkability and selective disclosure of sensitive data.
Developed a tag-based digital identity framework within the self-sovereign identity paradigm.
Utilized zk-SNARK-based zero-knowledge proofs for verifiable identity authentication.
Implemented a protocol-tagging mechanism to support multiple proof systems.
Applied framework to logistics workflows for managing delivery addresses securely.
Conducted performance testing across various platforms, including resource-constrained environments.
The framework allows for layered encryption of sensitive delivery information, ensuring only necessary data is disclosed.
Performed verification processes without sharing real personal information, enhancing privacy.
Demonstrated high efficiency and strong practical potential in logistics applications.
Validation and performance were formally verified using Scyther.

Resumen

This paper proposes a process-aware, tag-based digital identity framework that enhances interoperability while enabling identity unlinkability and selective disclosure across multi-party workflows involving sensitive data. We realize this framework within the self-sovereign identity (SSI) paradigm, employing zk-SNARK–based zero-knowledge proofs to enable verifiable identity authentication without plaintext disclosure. The framework introduces a protocol-tagging mechanism to support multiple proof systems within a unified architecture, thereby enhancing SSI scalability and interoperability. Its core innovation lies in combining identity unlinkability and process-driven data disclosure: derived sub-identities mitigate identity-linkage attacks, while layered encryption enables selective, stepwise decryption of sensitive information (e.g., delivery addresses), ensuring participants access only the minimal information necessary for their tasks. In addition, zero-knowledge proof-based verification guarantees that the validation of derived sub-identities can be performed without sharing any plaintext attributes or identifying factors. We applied the framework to logistics, where sub-identities anonymize participants and layered encryption allows for delivery addresses to be decrypted progressively along the logistics chain, with only the final courier authorized to access complete information. During the parcel receipt process, users can complete verification using derived sub-identities and zero-knowledge proofs alone, without disclosing any real personal information or attributes that could be linked back to their identity. Trusted Execution Environments (TEEs) ensure the authenticity of decryption requests, while blockchain provides immutable audit trails. A demonstration system was implemented, formally verified using Scyther, and performance-tested across multiple platforms, including resource-constrained environments, showing high efficiency and strong practical potential. The core paradigms of identity unlinkability and process-driven data disclosure are generalizable and applicable to multi-party scenarios involving sensitive data flows.

Leer artículo completoexternamente

Me gusta

Guardar

Ver artículo completo