























Mathilde Raynal, École Polytechnique Fédérale de Lausanne
Theresa Stadler, Swiss Data Science Center
Sylvain Chatel, Helmholtz Center for Information Security
Wouter Lueks, Helmholtz Center for Information Security
Carmela Troncoso, École Polytechnique Fédérale de Lausanne, Max Planck Institute for Security and Privacy
As digital identity systems gain traction around the world, many see privacy-enhancing technologies (PETs) as the key to ensuring safe deployment. We critically examine whether this is the case using the European Digital Identity Framework (EUDIF) as an example. We leverage techniques from cryptographic modeling to formally capture the necessary leakage of the functionality of the EUDIF and its proposed applications. Then, we develop a harm analysis methodology that illustrates, using harm trees, how this leakage — and other constraints stemming from design decisions or the context of deployment — lead to harms. Moreover, our harm modeling enables us to distinguish between which pathways to harm are inherent to the core functionality, and which pathways can be prevented with PETs. Our analysis shows that, while PETs can reduce information flows, they fall short in mitigating the harms that deploying digital identity can bring to individuals and society.
BibTeX
@misc{cryptoeprint:2026/867,
author = {Christian Knabenhans and Shannon Veitch and Mathilde Raynal and Theresa Stadler and Sylvain Chatel and Wouter Lueks and Carmela Troncoso},
title = {On the (Privacy) Harms of the European Digital Identity Framework},
howpublished = {Cryptology {ePrint} Archive, Paper 2026/867},
year = {2026},
url = {https://eprint.iacr.org/2026/867}
}
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。