What does unlinkability mean?
In the context of the e-ID, unlinkability is mentioned again and again. What is meant by this? Unlinkability refers to the impossibility of linking different transactions that are carried out with an e-ID. In other words, it is about the question of whether it is possible to trace what a person does with their e-ID.
In the context of unlinkability, it must be clarified which data a person actually presents to the other party (verifier) in a transaction. In this context, a distinction must be made between
• plain text, i.e. the information such as name and date of birth that is transmitted when the e-ID is presented,
• cryptographic data, such as signatures or hashes, which are transmitted at the same time so that the authenticity and validity of the information can be verified, and the
• other peripheral data that arises when establishing communication.
As long as information such as name and date of birth is transmitted in plain text, it is possible to link the content. It is conceivable that for names that occur frequently – for example, John Smith – no clear link can be made. Consequently, unlinkability cannot be guaranteed in cases where personal data is disclosed in plain text.
The situation is different if, for example, plain text is used exclusively to provide proof of age – ‹person is older than 18 years›. In this case, no link can be made between the individual transactions on the basis of the plain text. This is because, regardless of who provides such proof of age, the plain text always says the same thing: ‹person is older than 18 years›.
This raises the question of whether the cryptographic data and other marginal data can be used to link individual transactions with each other. This depends on the cryptographic methods used. In principle, different solutions are possible; one variant (batch-issuance, ephemeral credentials) would be to issue a larger batch of e-IDs to a person instead of a single e-ID. Each individual e-ID would expire after a single use. However, since each e-ID is only presented once, the individual transactions remain unlinkable.
The e-ID programme is investing dedicated resources in the issue of unlinkability so that this justified requirement can be met as soon as possible.