Abstract
The advent of Decentralized Identity (DID) technology is fundamentally changing the way digital identity is managed, allowing user-controlled, privacy-preserving authentication across trust domains a fundamental requirement if zero trust architectures are to be realized, in which continuous verification and least-privilege access are inherent properties. Under traditional ABS (attribute-based signature) schemes, these are difficult to achieve as fine-grained access control is not always possible in practice and anonymity may not be straightforward when policy is evolving dynamically and different authorities may be involved. In this paper, we present a new multi-authority attribute ring signature scheme, which leverages DID philosophy and anonymous credential techniques, enabling users to mix attributes dynamically according to the policies of veriers without disclosing their pseudonyms or partial attributes. The proposed scheme enables distributed key generation by multiple authorities and is shown to be secure in the random oracle model, achieving existential unforgeability against adaptive chosen-message, identity, and attribute attacks (EUF-CMIAA) as well as full signer and attribute anonymity. Based on the SM9 cryptographic standard, our approach reduces the number of [Formula: see text] exponentiations and scalar multiplications during signing by approximately 30% compared to existing ring signatures, offering a practical and efficient authentication solution for emerging DID-driven zero-trust networks.