Flexible and Privacy-Preserving Access Control Framework for Decentralized Identity Systems

Download PDF
Open Webpage

Bin Xie, Rui Song, Zecheng Li, Xiaotie Deng, Bin Xiao

Published: 01 Jan 2026, Last Modified: 24 Mar 2026IEEE Transactions on Information Forensics and SecurityEveryoneRevisionsCC BY-SA 4.0
Abstract: Decentralized identity systems have emerged as a transformative paradigm, granting users unprecedented data sovereignty and privacy-preserving capabilities, fueling critical innovations in Web3 ecosystems. However, these systems primarily serve as identity-layer solutions, forcing verifiers to design special cryptographic protocols for access control deployment, which is an error-prone and expert-dependent process. Moreover, existing approaches fail to effectively combat credential fraud (e.g., credential theft and revoked credential reuse) without compromising privacy guarantees. This paper presents FRAC (Flexible Fraud-Resistant Access Control), an efficient decentralized access control framework that achieves two paradigm shifts: 1) Streamlined access control deployment: a logic-centric paradigm encodes access criteria through declarative verification rules, eliminating manual cryptographic protocol design while enabling instant verifier onboarding and efficient presentation generation; 2) Provable fraud resistance: a format-agnostic defensive mechanism based on Merkle trees prevents malicious credential use, requiring only lightweight hash operations and signature verification instead of computation-intensive operations. We conduct rigorous security analysis based on universally composable security and evaluate the performance, demonstrating FRAC’s security and efficiency.