Blockchain-Based Self-Sovereign Identity Management Mechanism in AIoT Environments

Abstract

With the rapid growth of Artificial Intelligence of Things (AIoT), identity management and trusted communication have become critical for system security and reliability. Continuous AI learning and large-scale device connectivity introduce challenges such as permission drift, cross-domain access, and fine-grained API calls. Traditional identity management often fails to balance privacy protection with efficiency, leading to risks of data leakage and misuse. To address these issues, this paper proposes a blockchain-based self-sovereign identity (SSI) management mechanism for AIoT. By integrating SSI with a zero-trust framework, it achieves decentralized identity storage and continuous verification, effectively preventing unauthorized access and misuse of identity data. The mechanism employs selective disclosure (SD) technology, allowing users to submit only necessary attributes, thereby ensuring user control over self-sovereign identity information and guaranteeing the privacy and integrity of undisclosed attributes. This significantly reduces verification overhead. Additionally, this paper designs a context-aware dynamic permission management that generates minimal permission sets in real time based on device requirements and environmental changes. Combined with the zero-trust principles of continuous verification and least privilege, it enhances secure interactions while maintaining flexibility. Performance experiments demonstrate that, compared with conventional approaches, the proposed zero-trust architecture-based SSI management mechanism better mitigates the risk of sensitive attribute leakage, improves identity verification efficiency under SD, and enhances the responsiveness of dynamic permission management, providing robust support for secure and efficient AIoT operations.

1. Introduction

With the deep integration of artificial intelligence (AI) and the Internet of Things (IoT), intelligent Internet of Things (AIoT) is rapidly transforming how we live and work from smart homes and intelligent transportation to industrial automation. However, the rapid development of AIoT has also led to the continuous expansion of device connectivity and increased complexity in cross-domain collaboration. Consequently, identity management and interaction trust have become core challenges for reliable system deployment [1]. Against the backdrop of continuously learning AI models and massively interconnected IoT devices, identity management demands in AIoT scenarios, such as fine-grained verification, dynamic authorization, and cross-domain data access are intensifying the risk of privacy data breaches [2]. These challenges are further compounded by the sheer volume of devices and the dynamic nature of AIoT environments, making traditional identity management mechanisms increasingly inadequate, while existing identity management mechanisms remain inadequate when confronting complex security threats. In AIoT environments, novel threats frequently emerge, including adversarial sample attacks [3] and model inversion attacks [4]. These challenges expose the limitations of existing identity management solutions.

As an emerging identity management paradigm, Self-Sovereign Identity (SSI) breaks the data monopoly of traditional identity management mechanisms [5]. The core concept of SSI is to grant entities full control over their identity data, enabling decentralized identity verification, storage, and management through blockchain technology [6]. This effectively avoids issues such as single points of failure and data breaches faced by traditional centralized identity mechanisms in IoT environments [7]. SSI achieves a dynamic equilibrium between data sovereignty and flexible authorization through distributed identity frameworks [8]. Meanwhile, the zero-trust security framework significantly mitigates potential security threats during interactions by implementing stringent identity authentication, access authorization, and real-time risk assessment [9], offering an innovative solution for identity management within AIoT environments [10,11]. By combining the zero-trust model with SSI, this framework strengthens the security and reliability of identity verification, making it suitable for complex, distributed AIoT ecosystems. In the SSI management mechanism, integrating the zero-trust continuous verification mechanism [12] into identity management enables rigorous validation of each access request and dynamic permission control [13]. This ensures a high-security match between device identities and AIoT resources, preventing unauthorized access and data leakage [14]. Simultaneously, dynamic identity attribute verification allows the system to flexibly adjust access policies based on device behavior.

However, current SSI implementations within zero-trust frameworks require the submission of complete identity information for management, lacking the capability to selectively provide partial identity attributes based on actual needs [15,16]. This creates a privacy gap, as users are required to reveal more information than necessary for identity verification. Additionally, the continuous verification mechanism advocated by the zero-trust architecture necessitates frequent identity checks, which significantly increases computational and communication overhead in AIoT scenarios involving massive device connectivity, high-frequency sensor data interactions, and real-time decision-making, thereby impacting the overall verification efficiency of the system [17]. These challenges are further amplified in AIoT environments, where the continuous learning of AI models and the dynamic data requirements of IoT devices introduce multidimensional complexities. As models iterate and data changes, permission management faces issues like permission drift, and adversarial attacks from generative AI threaten the reliability of identity verification. Meanwhile, the high cost and inefficiency of traditional PKI on edge devices require balancing trust mechanisms and resource consumption when applying zero-trust architectures in AIoT [18]. Meanwhile, as the scale of AIoT edge devices grows exponentially, the demand for real-time and lightweight identity verification mechanisms continues to rise. How to leverage blockchain to construct an identity management framework that supports massive device access, low-latency identity negotiation, and distributed reputation evaluation, while ensuring identity privacy and security, has become a core issue in the field of AIoT security [19].

To address this issue, this paper proposes a blockchain-based SSI management mechanism for AIoT. By integrating SSI with a zero-trust framework, it enables decentralized identity storage and continuous verification, effectively preventing unauthorized access and identity data misuse [20,21]. This mechanism leverages Selective Disclosure (SD) technology, allowing users to submit only necessary attributes. This ensures users retain control over their identity information while safeguarding the privacy and integrity of undisclosed attributes, significantly reducing verification overhead [22]. Additionally, this paper designs a context-aware dynamic permission management scheme that generates minimal permission sets in real-time based on device requirements and environmental changes. By integrating zero-trust continuous verification with the principle of least privilege, it enhances secure interactions while maintaining flexibility. Experimental results demonstrate that, compared to traditional identity management systems, the proposed mechanism significantly reduces the risk of sensitive data exposure while improving authentication efficiency. Performance experiments demonstrate that compared to traditional methods, the proposed zero-trust-based self-sovereign identity management mechanism more effectively mitigates the risk of sensitive attribute leakage. It enhances authentication efficiency under SD and improves the responsiveness of dynamic permission management, providing robust support for the secure and efficient operation of AIoT. The key innovations are as follows:

(1)

Design of a zero-trust and blockchain-based SSI integration framework. By combining the SSI with zero-trust SSI, this framework establishes trusted device identity management and real-time permission verification mechanisms within the continuous verification process, laying the foundational trust for AIoT environments.

(2)

The proposal of a selective disclosure SSI management mechanism. It allows users or devices to disclose only the minimum necessary identity information. Leveraging blockchain technology together with cryptographic commitments, aggregated signatures, and Zero-Knowledge Proofs (ZKP), the mechanism enables efficient attribute-based authentication while avoiding the exposure of sensitive information, thus improving both privacy protection and verification efficiency in high-concurrency AIoT scenarios.

(3)

The proposal of a dynamic permission management mechanism combining context awareness and SD technology. This mechanism dynamically adjusts access permissions based on device behavior, network conditions, and AI task requirements. It enforces fine-grained least-privilege control, thereby effectively preventing identity misuse and privilege escalation.

The paper is structured as follows: Section 2 reviews related work; Section 3 details the proposed mechanism; Section 4 analyzes security; Section 5 presents experimental evaluations; Section 6 concludes and outlines future work.

2. Related Work

2.1. Self-Sovereign Identity Management in the IoT

Blockchain, as one of the key technologies supporting SSI, provides a decentralized and tamper-proof ledger. In the IoT environment, blockchain can offer each device a unique identity and ensure the authenticity and immutability of these identities. In recent years, many studies have explored the application of blockchain and SSI in IoT, particularly in identity management, privacy protection, and security enhancement. Fedrecheski et al. [23] proposed an authentication scheme that combines decentralized identifiers (DID) and verifiable credentials (VC), allowing IoT devices to confirm their identities and exchange data without relying on centralized services. This effectively enhances privacy protection and security in the system, making it especially suitable for IoT environments that require high privacy protection. Popa et al. [24] proposed a SSI management framework combined with blockchain technology, aimed at strengthening the protection of digital identities of online users. This framework prevents unauthorized data collection and sharing through a decentralized approach, effectively preventing identity theft and fraud, making it particularly suitable for internet platforms that require high data privacy protection. Bartolomeu et al. [25] proposed an identity management solution based on the SSI paradigm. This solution allows devices to fully own and manage their digital identities through decentralization, avoiding the single point of failure and scalability issues inherent in traditional centralized identity management systems, thereby improving system security and scalability. Weingaertner et al. [26] proposed an IoT device ownership management solution based on SSI, combining blockchain, DID, and VC to achieve secure and user-centric device identity management. The solution ensures the security and effectiveness of device ownership transfer through system architecture design and protocol verification tools like ProVerif. Sakib et al. [27] proposed an identity management solution based on blockchain and DID, which stores device identities in a trusted execution environment and protects them through blockchain. This allows devices to trace their origin and prevents unauthorized ownership transfer, thereby solving the problem of reliable identification of IoT devices. These studies highlight the strong potential of SSI and blockchain for securing IoT environments, especially by decentralizing control and enabling enhanced privacy. However, most of these approaches focus on static identity verification and lack real-time, dynamic permission management, which is increasingly critical in AIoT environments.

2.2. Decentralized Identity Management in AI Environments

In the context of the rapid development of AI technologies, decentralized identity management (DIM) is becoming a key solution for ensuring data privacy and security. In this environment, AI applications not only enhance the efficiency and security of identity verification but also contribute to the creation of a more transparent and equitable identity management system. Kaul et al. [28] proposed an AI-driven decentralized authentication system that combines AI with homomorphic encryption, allowing encrypted data to be processed without decryption, thus reducing the risk of data leakage. Even in attacked environments, the system ensures secure and robust identity verification while protecting data confidentiality. Chamola et al. [29] designed a decentralized medical record management framework based on AI and blockchain, utilizing AI technologies such as optical character recognition (OCR) to process and store medical records. All data are securely stored on the blockchain network, ensuring the protection of patient personal information while enabling healthcare professionals to quickly access critical information in emergency situations. While existing AI-powered decentralized identity systems have enhanced data security, they still face issues such as efficiency bottlenecks and lack of user control. In contrast, SSI management in AI environments achieves true user control over identity data while ensuring authentication efficiency through credential protocols and verification mechanisms. Le et al. [30] introduced a blockchain-based SSI management system, which integrates AI algorithms to effectively identify and extract ID card fields, facilitating OCR and identity verification, and uses ZKP to ensure secure identity verification. Mamoshina et al. [31] proposed a decentralized personal health data ecosystem based on blockchain and deep learning, aimed at accelerating biomedical research and empowering patients with control over their personal data. This system promotes drug discovery and preventive healthcare through a secure and transparent data marketplace while addressing regulatory challenges to ensure the privacy and security of personal data. Nash [32] proposed a Decentralized Intelligence Network framework, which ensures data sovereignty through personal data storage, utilizes blockchain and federated learning protocols to achieve decentralized AI training, and ensures system fairness and security through encrypted reward mechanisms and decentralized auditing, giving participants control over their data and financial benefits. These works demonstrate the emerging role of decentralized identity management in AI environments, but they often face challenges related to scalability and the lack of a unified framework for real-time identity validation in dynamic, high-concurrency contexts like AIoT.

2.3. Zero-Trust-Based Self-Sovereign Identity Management

Although SSI management systems provide greater data control and privacy protection, combining them with the zero-trust model can further enhance the security and reliability of identity verification. The zero-trust model emphasizes always verifying every request rather than relying on traditional trust mechanisms, making DIM systems more secure and reliable in terms of identity verification and access control. Therefore, Nasrin [33] proposed a secure data retention model based on the zero-trust framework, combining SSI management and the permissioned blockchain Hyperledger Fabric to achieve digital identity verification and data sharing in a distributed environment, significantly enhancing user privacy protection and system security. Murcia et al. [14] proposed a DIM solution based on the zero-trust framework, building an identity ecosystem through blockchain and privacy protection technologies, and combining the principles of SSI to enable seamless cross-domain identity verification and authorization, enhancing security and user privacy protection. The rise of SSI under the zero-trust model marks a paradigm shift in identity management from passive defense to active control. By combining decentralized technologies with privacy protection, SSI not only ensures the security of user data but also empowers users with control over their identities. However, most of the current zero-trust-based SSI models still require complete identity disclosure, limiting the effectiveness of privacy preservation. Additionally, many of these models do not fully address the real-time and dynamic nature of AIoT environments, where access needs to be continuously monitored and permissions adjusted rapidly in response to device behavior and environmental changes.

3. Blockchain-Based Self-Sovereign Identity Management Mechanism

3.1. Mechanism Overview

This mechanism introduces a blockchain-based SSI management for AIoT environments, addressing challenges like dynamic permission drift, high-concurrency inference, and supply chain trustworthiness during collaborative AI model training, distributed inference, and continuous learning processes at the edge devices in AIoT environments. It leverages SSI management, SD technology, and dynamic permission management to construct a secure, efficient, and privacy-preserving authentication mechanism for IoT devices. The specific mechanism model is shown in Figure 1, it mainly consists of the following four entities.

• Key Generation Center (KGC) [34]: An entity responsible for assisting in the generation and management of keys within a decentralized network.
• Users: The owner and user of identity information, serving as the core of the entire mechanism. It is responsible for generating local portions of private and public keys and submitting registration requests to the KGC to complete identity initialization.
• Blockchain: Serves as the underlying technology for decentralized storage and management of credentials.
• AIoT Devices/Resources: The objects users ultimately access and interact with.

Additionally, it is composed of two key processes:

• Self-Sovereign Identity Management Mechanism (SSIM): The core logic module for handling identity credentials, responsible for constructing, aggregating, and validating credentials.
• Dynamic Permission Generation Mechanism: This module is critical for implementing zero-trust “continuous verification” and the principle of least privilege. It handles real-time decision-making and permission management while enforcing access control.

The key pair generation and registration process begins with the user. The user first generates a partial key pair locally, ensuring the core private key remains under their control. The user then submits their identity identifier and partial public key to the KGC for registration. Upon receiving the request, the KGC generates the corresponding system partial key and securely returns it, but does not store the full key. Only the user can combine the received partial key with their own to form a complete key pair, thus completing identity initialization and gaining full self-sovereign control over their digital identity. The detailed process can be found in Section 3.2.

When the user needs to prove a specific identity attribute, the credential generation process begins. The user selects the necessary attributes, creates encrypted commitments using zero-knowledge proof, and submits the application to the SSIM. After validating the request, partial credentials for each attribute are generated and sent to the user. The user then aggregates these partial credentials into a complete credential. To ensure immutability and decentralized management, the final credential is securely stored on the blockchain. Steps 3 to 7 in Figure 1 illustrate this process, with details provided in Section 3.3.

In the resource access process, the user initiates a request to the target AIoT device. The device then asks the dynamic permission generation module for identity verification and an access permission set. Based on the scenario, the user generates a selective disclosure credential with only the minimum required attributes and submits it. The module verifies the credential to confirm the user’s identity, then evaluates the current context to dynamically calculate a minimized permission set. Finally, the module grants the user temporary, precise permissions to interact with the AIoT device under controlled conditions, completing the zero-trust loop. Steps 8 to 12 illustrate this process, with details in Section 3.4.

Overall, the mechanism integrates zero-trust security with blockchain-based self-sovereign identity, ensuring secure dynamic access control in AIoT environments while enhancing user privacy and data autonomy. With blockchain’s decentralized trust, efficient SD, and context-aware permissions, it provides strong identity assurance for the secure development of future AIoT ecosystems.

3.2. User Identity Registration and Key Generation

3.2.1. Parameter Generation

This mechanism is initialized by a decentralized network (such as a blockchain or distributed trust network) with parameters, setting a t-bit prime number $p\in {\mathbb{Z}}_p^{*}$ (a sufficiently large prime) and a generator P as security parameter inputs. It will return the public parameters $\alpha =\{F_p,P,P_{PUB},h_0,h_1,h_2,h_3\}$ and the confidential private key y, with the symbol list as shown in

Table 1. Symbol interpretation table.

Symbolic	Definition
p	a t-bit prime number
$P_{PUB}$	KGC’s system public key, $P_{PUB}=y·P$
y	KGC’s master private key
P	generator of an additive cyclic group
${\mathbb{Z}}_p^{*}$	multiplicative group of integers modulo p
$F/G_p$	elliptic curve equation, $b^2=a^3+x·a+ymodp$, where $a,b,x,y\in G_p$

.

• Set a t-bit prime number p and a generator P.
• Define the additive cyclic group $G_p$ and the elliptic curve $F/G_p$.
• Choose the master private key denoted as $y\in {\mathbb{Z}}_p^{*}$, which is jointly selected by the decentralized network or generated through distributed key generation. The system’s public key is computed as $P_{PUB}=y·P$.
• Choose four secure hash functions $h_0,h_1,h_2,h_3$ to support subsequent operations such as identity generation, encryption, and signing. Now, the system publishes the parameters $\alpha$ and keeps y confidential.

3.2.2. User Node Registration

Each user node $D_i$ generates its own key pair locally. It randomly selects a private key $x_i\in {\mathbb{Z}}_p^{*}$ and computes the corresponding partial public key $P_{D_i}=x_i·P$. The node also has an identifier $I{D}_{D_i}$ for registration. The user sends $I{D}_{D_i}$ and $P_{D_i}$ to the KGC to register. The KGC then generates a temporary private key $s_k\in {\mathbb{Z}}_p^{*}$ and computes the system’s partial public key, Equation (1):

$$S_{D_i}=s_k·P$$

(1)

Then, the KGC uses the user’s identity identifier $I{D}_{D_i}$, the system’s partial public key $S_{D_i}$, and the user’s submitted local partial public key $P_{D_i}$, along with the system’s master private key y, to generate the user’s partial private key, as Equation (2).

$$e_{D_i}=s_k+y·h0\left(I{D}_{D_i},S_{D_i},P_{D_i}\right)modp$$

(2)

Through this process, the KGC provides the user with the system’s partial public key and the user’s partial private key. The user can subsequently use this data to complete the generation and verification of the full key, enabling identity authentication and management in a zero-trust environment.

3.2.3. Complete Key Pair Generation

Upon receiving $S_{D_i}$ and $e_{D_i}$ from the KGC, the user first verifies their correctness using the Equation (3):

$$e_{D_i}·P=S_{D_i}+h0(I{D}_{D_i},S_{D_i},P_{D_i})·P_{PUB}$$

(3)

If the verification is successful, the user combines the user’s partial private key $e_{D_i}$ with the locally generated private key $x_i$ to generate the complete private key $S{K}_{D_i}=(e_{D_i},x_i)$. Meanwhile, the user’s complete public key is composed of the local partial public key $P_{D_i}$ and the received system partial public key $S_{D_i}$, forming $P{K}_{D_i}=(P_{D_i},S_{D_i})$. The specific key generation process is shown in Figure 2.

3.3. Construction and Aggregation of Selective Disclosure Credentials

The SD credential mechanism enables privacy preservation and efficient authentication in zero-trust settings. It allows users to choose which identity attributes to reveal in each scenario, while using cryptographic commitments and ZKP to ensure the integrity and validity of hidden data. This approach effectively meets the dynamic needs of devices. This section details the construction and aggregation of such credentials, as illustrated in Figure 3:

3.3.1. Credential Construction

Credential construction is the initial phase of SD, generating credentials that contain only selected attributes while protecting undisclosed ones. The process involves user–system interaction, including identity submission, attribute verification, and partial credential generation.

(1) User generates attribute list

First, the user determines the attribute list to be authenticated $at{t}_{list}=\left(at{t}_1,at{t}_2,\dots ,at{t}_m\right)$. These attributes may include geographic location, network permission levels, and other device-related important information. To protect the privacy of these attributes, the user generates a commitment value $C_{at{t}_j}$ for each attribute $at{t}_j$ through a cryptographic commitment mechanism. The computation of the commitment value is shown in Equation (4):

$$C_{at{t}_j}=g_j^{att}·h_j^r$$

(4)

where $(g,h)$ are system generators, usually base points in elliptic curve cryptosystems, $at{t}_j$ is the attribute value, and $r_j$ is a random number used to ensure that each computed commitment value $C_{at{t}_j}$ is non-repeatable and unpredictable.

(2) Submit credential application

After generating the identity identifier $I{D}_{D_i}$ and the attribute commitment set $C_{at{t}_j}$, user $D_i$ needs to submit a credential application to the system. The submitted content includes the following: the identity identifier $I{D}_{D_i}$, which indicates the unique identity of the user; the attribute commitment set $C_{at{t}_j}$, used to protect user attributes under privacy; and the ZKP $\pi$, used to prove the validity of the attribute values $at{t}_j$ without revealing the specific values. The ZKP is generated as in Equation (5):

$$\pi =ZKPProve\left({SK}_{D_i},at{t}_{list},pa\right)$$

(5)

where ${SK}_{D_i}$ is the user’s private key, generated during the key generation phase; $pa$ is the system’s public parameters, published by the blockchain system. The purpose of the ZKP is that the user can prove knowledge of the attributes to the system without directly disclosing the attribute values. Specifically, this proof can ensure that $at{t}_j$ belongs to the valid range of values defined by the system and is consistent with the submitted commitment value $C_{at{t}_j}$.

(3) System verifies attributes and generates partial credentials

After receiving the credential application from user $D_i$, the system needs to verify the correctness of the attribute commitments and generate a blind signature, finally producing partial credentials.

First, the system verifies whether the submitted commitment value $C_{at{t}_j}$ is consistent with the submitted ZKP $\pi$ and the system parameters. Verification is performed using Equation (6):

$$e\left(C_{at{t}_j},P_{PUB}\right)\stackrel{?}{=}e\left(g,P_{at{t}_j}\right)$$

(6)

where e is a bilinear mapping function, ensuring correctness of the verification process, $P_{PUB}$ is the system public key, derived from the system’s master private key y, and $P_{at{t}_j}$ is the public key part corresponding to the user attribute $at{t}_j$, which helps verify the integrity of the disclosed attribute, ensuring it has not been tampered with.

After successful verification, the system generates a blind signature. For the attributes $at{t}_{list}$ selected by the user for disclosure, the system uses its private key y to generate blind signatures. The blind signature is computed as in Equation (7):

$${\sigma }_{at{t}_j}={\left(h\left(at{t}_j\right)·r_j\right)}^y$$

(7)

where $h\left(at{t}_j\right)$ is the hash value of attribute $at{t}_j$, used to ensure uniqueness of the signature; $r_j$ is the random number from the cryptographic commitment; and y is the system’s private key. The blind signature ensures the privacy of the undisclosed attributes $at{t}_{all}\setminus at{t}_{list}$ while guaranteeing the integrity of the disclosed attributes.

Finally, the system generates partial credentials $cre{d}_j$ for the user, as shown in Equation (8):

$${cred}_j=\left\{{\sigma }_{{att}_j},C_{{att}_j}\right\}$$

(8)

(4) User receives partial credentials

User $D_i$ receives the partial credential set $cre{d}_n$ from the system. These partial credentials are generated only for the attributes chosen by the user to disclose, while the privacy of the undisclosed attributes $at{t}_{all}\setminus at{t}_{list}$ is preserved. The partial credential set is shown in Equation (9):

$$\left\{{cred}_n\right\}=\left\{{\left\{{\sigma }_{at{t}_j},C_{{att}_j}\right\}}_n:n=1,2,\dots ,N\right\}$$

(9)

where N is the number of partial credentials generated by the system. Each partial credential includes a blind signature (${\sigma }_{at{t}_j}$) and a cryptographic commitment ($C_{at{t}_j}$), ensuring that only the disclosed attributes are verified, and the privacy of undisclosed attributes is preserved. These partial credentials are used in the subsequent credential aggregation phase to generate a complete credential.

3.3.2. Credential Aggregation

Credential aggregation combines multiple partial credentials, generated for user-selected attributes, into a complete credential for identity verification and authorization. In a zero-trust environment, it must maintain mathematical validity, consistency, and integrity, while prioritizing user privacy.

(1) Aggregation Background and Objectives

In the credential aggregation scenario, user $D_i$ receives n partial credentials from the system. These partial credentials are generated for the user’s SD attribute list $at{t}_{list}=\left\{at{t}_1,at{t}_2,\dots ,at{t}_m\right\}$. The goal of aggregation is to combine these n partial credentials into a complete credential $cred$. The entire aggregation process must ensure mathematical correctness, improve verification efficiency, and reduce the risk of privacy leakage.

(2) Weight Calculation

In credential aggregation, the user needs to weight the n partial signatures generated by the system. This requires the use of Lagrangian interpolation  [35] to compute the weight ${\lambda }_j$ for each partial signature. The weight calculation is shown in Equation (10):

$${\lambda }_j=\prod _{k\ne j}{\displaystyle \frac{-k}{j-k}}modp$$

(10)

where $j,k\in \left\{1,2,\dots ,n\right\}$, and p is a large prime number set by the system. The role of the weight is to assign a mathematical proportion to each partial signature, ensuring consistent contribution during the aggregation process. According to the above formula, the weight ${\lambda }_j$ corresponding to each partial signature is uniquely determined, and these weights will be used for subsequent weighted signature computation.

(3) Aggregated Signature Generation

The user combines each partial signature ${\sigma }_{{att}_j}$ with its corresponding weight ${\lambda }_j$ to generate the final aggregated signature $\sigma$. The computation of the aggregated signature is shown in Equation (11):

$$\sigma =\prod _{j=1}^n{\sigma }_{at{t}_j}^{{\lambda }_j}modp$$

(11)

The aggregated signature simplifies handling multiple partial credentials while protecting user privacy. By performing weighted combinations of each blind signature, the aggregated signature $\sigma$ can prove the integrity and validity of the disclosed attributes without directly revealing the attribute values. At the same time, this method guarantees the unforgeability and security of the signature.

The aggregated signature allows the user to verify with a single signature instead of multiple partial ones, simplifying verification, reducing computational overhead, and improving efficiency.

(4) Generation of Complete Credential

After generating the aggregated signature $\sigma$, the user combines it with the attribute commitment set $\left\{C_{at{t}_j}\right\}$ and the ZKP $\pi$ to form the complete credential $cred$. The inclusion of the ZKP $\pi$ ensures that even if some attributes are undisclosed, the verifier can still validate the legitimacy of those undisclosed attributes. The structure of the complete SD credential is shown in Equation (12):

$$cred=\left(\sigma ,\left\{C_{att}^j\right\},\pi \right)$$

(12)

The complete credential, with the aggregated signature and ZKP, enables efficient identity authentication while ensuring the unforgeability and integrity of SD credentials. Credential aggregation combines partial signatures into one, allowing a single verification, reducing computational cost, and improving efficiency. It also enhances privacy by allowing authentication without disclosing specific attributes, with cryptographic commitments and the aggregated signature protecting undisclosed information, while the ZKP further strengthens privacy.

(5) Security and Efficiency Comparison of Aggregation Schemes

The advantages of using Lagrangian interpolation for credential aggregation are shown through a systematic comparison with mainstream schemes in

Table 2. Signature aggregation schemes comparison.

Scheme	Complexity	Security	Storage	Advantages/Limitations
RSA  [36]	$O\left(n\right)$	Weak	High	Simple to implement, but inefficient
ECDSA + Merkle Tree  [37]	$O\left(\log n\right)$	Medium	Medium	Supports incremental verification; complex tree maintenance
BLS  [38]	$O\left(1\right)$	Strong	Low	Efficient aggregation; vulnerable to k-forgery attacks
Lagrangian Interpolation  [35]	$O\left(1\right)$	Strongest	Lowest	Threshold property + mathematical verifiability

. Compared with RSA batch verification, which is susceptible to common-modulus attacks  [36], ECDSA + Merkle trees face second-preimage collision risks  [37], and the BLS aggregation scheme in  [38] suffers from a k-aggregation forgery vulnerability.

In AI environments with complex and evolving authentication scenarios, the proposed Lagrangian interpolation–based credential aggregation exhibits key advantages: on security, the threshold mechanism enforced by the mathematical constraint ${\lambda }_j={\prod }_{k\ne j}{\displaystyle \frac{-k}{j-k}}modp$ requires an adversary to compromise $t+1$ nodes to forge a valid signature, raising the break difficulty by a factor of $2^t$ over traditional BLS aggregation and making it, at present, the only aggregation method that satisfies the EU-CMA security model. On efficiency, dynamically computed Lagrange weights avoid the $O\left(n\right)$ storage overhead of Merkle trees; a fixed-size aggregated signature significantly reduces transmission load; and verification with a single bilinear pairing equation markedly improves processing throughput.

Meanwhile, the ability to add or remove signers in real time, together with online weight updates, enables rapid adjustment of authentication strategies in dynamic settings such as model training and federated learning. Its lightweight design fits the resource constraints of edge devices, and the minimized interaction complexity supports high-concurrency authentication. Finally, combining Lagrangian interpolation with blind signatures—under the mathematical guarantee that assigns a unique weight to each partial signature—not only prevents tampering and reuse but also achieves dual reinforcement of privacy protection and system security through credential aggregation, providing a scalable identity management infrastructure for AI environments.

3.3.3. Credential Verification and Tracking

In the verification and tracking phase, the user uses the aggregated complete credential to complete the identity verification. During the verification process, the user selectively discloses certain identity attribute information based on actual needs and, through ZKP, demonstrates the integrity and legality of undisclosed attributes. For example, the user can prove they possess a specific identity or attribute without disclosing all personal information. This not only enhances the protection of user privacy but also ensures that the verifier can confirm the user’s legitimacy and authenticity without knowing the full identity information.

The verifier uses the ZKP and signature in the credential to verify the user’s identity, ensuring that the credential has not been tampered with and that it meets the original issuance conditions. After successful verification, the verifier generates an interaction token for subsequent authorization operations. This token may include access rights and other information, ensuring that the user can only access the resources they are authorized to.

3.4. Dynamic Permission Management

Dynamic permission management is essential in zero-trust architectures for secure and adaptive control in the AIoT. It dynamically generates minimal permission sets based on selectively disclosed credentials and contextual data, balancing security and flexibility. By integrating credential verification, permission evaluation, policy configuration, and dynamic permission algorithms, the system enables fine-grained access control. The following sections detail these core processes and technical implementations.

3.4.1. Credential Verification

Credential verification confirms the legitimacy and integrity of the user’s disclosed attributes and device identity within a zero-trust framework. This is achieved through aggregated signature verification, attribute commitment checks, and ZKP.

The aggregated signature is the core part of the SD credential submitted by the user, representing the legality and completeness of the disclosed attributes. During the verification process, the system extracts the list of attributes $\left\{at{t}_j\right\}$ disclosed by the user and their corresponding weights ${\lambda }_j$ from the credential. Then, the system computes the hash value $h\left({att}_j\right)$ for each attribute and uses the system generator g and the public key $P_{PUB}$ to construct the verification Equation (13):

$$e(\sigma ,g)\stackrel{?}{=}\prod _{j=1}^{n}e{\left(h\left(at{t}_j\right),P_{PUB}\right)}^{{\lambda }_j}modp.$$

(13)

In this formula, the left side, $e(\sigma ,g)$, represents the information extracted by the system from the aggregated signature $\sigma$ submitted by the user, along with the result of the bilinear mapping between the system generator g and the public key $P_{PUB}$. The right side is the mathematical construction based on the hash value of the disclosed attribute ${att}_j$, the system’s public key $P_{PUB}$, and the Lagrange interpolation weights ${\lambda }_j$. If the verification passes, it indicates that $\sigma$ is a valid signature, proving that the attributes disclosed by the user are complete and have not been tampered with.

Next, the system verifies the attribute commitments $C_{at{t}_j}$ which protect the privacy of undisclosed attributes while ensuring the integrity of disclosed ones. The commitment is defined as Equation (14):

$$C_{at{t}_j}=g^{at{t}_j}·h^{r_j}$$

(14)

where g and h are system generators, $at{t}_j$ is the attribute, and $r_j$ is a random number. Verification of the commitment is performed using Equation (15):

$$e\left(C_{at{t}_j},g\right)\stackrel{?}{=}e\left(g,g^{at{t}_j}\right)·e\left(h,g^{r_j}\right)$$

(15)

The system first extracts $r_j$ from the commitment value $C_{{att}_j}$ submitted by the user and reconstructs the right-hand side of the verification expression using the disclosed attribute value ${att}_j$. The left side, $e(C_{{att}_j},g)$, is the result of the computation based on the user’s submitted commitment value and the system generator. If the equation holds, it indicates that the encryption commitment is consistent with the disclosed attribute and has not been tampered with, proving the legitimacy of the encryption commitment.

Finally, the system uses a ZKP verification algorithm, $ZK{P}_{Verify}$, to check the commitments and random numbers associated with undisclosed attributes, as in Equation (16):

$${\pi }_{ZKP}=ZK{P}_{Verify}\left(C_{at{t}_j},\left\{r_j\right\},h\left(at{t}_j\right)\right)$$

(16)

The key aspect of the verification process is that the user does not need to directly expose the specific values of the undisclosed attributes but instead uses ZKP_Verify to verify whether the user possesses the legitimate knowledge of these attributes. The system ensures that the undisclosed attributes meet the rules defined by the system while protecting the user’s privacy by extracting the encryption commitment $C_{{att}_j}$ and the random number $r_j$, and combining them with the hash value $h\left({att}_j\right)$ to compute the result of the verification formula.

The integrity of credential verification guarantees the reliability of the SD credential, while the use of encryption commitments and ZKP maximizes the protection of user privacy.

3.4.2. Permission Evaluation Based on Selective Disclosure Credentials

After credential verification is completed, the system needs to evaluate the user’s permission request based on the SD credential submitted by the user. The core goal of permission evaluation is to dynamically generate the least privilege set based on the disclosed attribute set $at{t}_{list}=\{{att}_1,{att}_2,\dots ,{att}_m\}$ and the requested resources and operations, thereby adhering to the principle of least privilege. This process involves attribute disclosure extraction, resource matching, and operation evaluation, while dynamically adjusting user permissions using context-aware technology.

The system extracts the disclosed attribute set $att\_list$ from the user’s credential and compares it with the resource requirements in the system’s resource permission matching table $RR$. The formula for resource permission matching is as Equation (17):

$$\forall r_i\in R,R_{at{t}_i}\subseteq at{t}_{list}$$

(17)

where $R_{at{t}_i}$ is the set of attributes required for resource $r_i$. For the resource $r_i$ requested by the user, if the disclosed attribute set $att\_list$ contains $R_{at{t}_i}$, the user is granted access to that resource.

Next, the system evaluates the requested operation, $o{p}_k$, by checking if the user’s attributes meet the operation’s required permissions, $Perm\left(o{p}_k\right)$, as defined in the operation permission mapping table, $Ops$. The formula for operation permission evaluation is as Equation (18):

$$\forall o{p}_k\in Ops,Perm\left(o{p}_k\right)\subseteq at{t}_{list}.$$

(18)

If the disclosed attribute set by the user meets the required permission set for the operation, the user is granted permission to perform the operation. Additionally, during the permission evaluation process, the system dynamically adjusts permissions by incorporating context-aware technology. The system dynamically evaluates permissions by monitoring information such as the user’s device location, network environment, and time. The formula for context-aware permission adjustment is as Equation (19):

$$Per{m}_{valid}=Perm\cap Ct{x}_{valid}$$

(19)

where $Perm$ is the initial permission set matched for the user, and $Ct{x}_{valid}$ is the valid permission set under the current context. If the user’s contextual state changes, the system will automatically revoke the relevant permissions.

Finally, the system generates the user’s least privilege set $Per{m}_{min}$ based on the disclosed attributes and context-aware information. The formula for generating the least privilege set is as Equation (20):

$$Per{m}_{min}=\bigcap _{i=1}^n\left(R_{at{t}_i}\cap Perm\left(o{p}_k\right)\right)$$

(20)

This process ensures that the user can only access resources that match their disclosed attributes and perform legitimate operations, while avoiding over-allocation and abuse of permissions.

3.4.3. Dynamic Policy Configuration

Using selectively disclosed credentials and context-aware technologies, the system dynamically configures access policies under least privilege in zero-trust environments, ensuring resource security and operational legitimacy. Dynamic policy configuration uses real-time context monitoring to evaluate the user’s state. These parameters are compared with policy rules to adjust privileges as needed, expressed in Equation (21):

$$Ct{x}_{valid}=f(Location,Time,Network,DeviceState)$$

(21)

where $Ct{x}_{valid}$ represents the set of valid permissions under the current context, while $Location$, $Time$, $Network$, and $DeviceState$ denote the user’s geographic location, time, network environment, and device state, respectively. The function f is a predefined set of rules that maps contextual information to specific permission configurations.

When the context changes, the system dynamically adjusts the user’s permission set $Perm$ according to contextual rules. The specific adjustment is defined in Equation (22):

$$Per{m}_{adjusted}=Perm\cap Ct{x}_{valid}$$

(22)

where $Per{m}_{adjusted}$ is the context-adjusted permission set, $Perm$ is the initially matched permission set, and $Ct{x}_{valid}$ is the valid permission set derived from context-awareness rules. By continuously monitoring context, the system ensures that user permissions always comply with the current environment, preventing privilege misuse.

In dynamic policy configuration, permission lifecycle management is another critical mechanism. It is particularly important for temporary tasks, time-limited inference API trials, and access control during model update windows. Each permission granted to a user is associated with a lifecycle $TTL$, which restricts the validity period of the permission. For example, when a user requests access to a resource, the system assigns a validity interval $\left[t_{start},t_{end}\right]$, and automatically revokes the permission once $t_{end}$ is reached. Lifecycle management is formalized as in Equation (23):

$$Per{m}_{TTL}=\left\{per{m}_i\right|t_{current}\le t_{end}\left(per{m}_i\right)\}$$

(23)

where $Per{m}_{TTL}$ is the set of valid permissions within their lifecycle, $t_{current}$ is the current time, and $t_{end}\left(per{m}_i\right)$ is the expiration time of permission $per{m}_i$.

Dynamic policy configuration aims to ensure flexible and secure access control using real-time context-awareness and lifecycle management. This approach enhances system adaptability and responsiveness, providing strong protection in complex AIoT environments.

3.4.4. Dynamic Permission Generation Algorithm

The dynamic permission generation algorithm generates the least privilege set in real time based on the user’s submitted SD credential and current contextual information, ensuring that the user only has the necessary permissions to fulfill the operational requirements without exceeding the required scope. The dynamic permission generation algorithm integrates credential verification, permission evaluation, and context-aware technology to dynamically compute the user’s permission set, ensuring the security and efficiency of the environment.

The core idea of dynamic permission generation is to generate the least privilege set $Per{m}_{min}$ based on the user’s disclosed attributes, requested resources, and operation types. The algorithm’s input includes the user’s disclosed attribute set $at{t}_{list}$, the resource permission requirement table R, the operation permission requirement table Ops, and contextual information $Ctx$. The output is the user’s least privilege set $Per{m}_{min}$, which represents the operations the user can perform and the resources they can access in their current environment.

The first step of the algorithm is to initialize the user’s permission set. The system extracts all possible permission items from the resource permission requirement table R and the operation permission requirement table $Ops$, and filters out the initial permission set Perm that meets the conditions based on the user’s disclosed attribute set $at{t}_{list}$. The specific filtering formula is as Equation (24):

$$\begin{array}{cc}\hfill Per{m}_{init}& =\{r_i\in R|R_{at{t}_i}\subseteq at{t}_{list}\}\hfill \\ \hfill & \cup \{o{p}_k\in Ops|Perm\left(o{p}_k\right)\subseteq at{t}_{list}\}\hfill \end{array}$$

(24)

where $R_{at{t}_i}$ is the set of attributes required for resource $r_i$, and $Perm\left(o{p}_k\right)$ is the set of permissions required for operation $o{p}_k$.

The system then dynamically adjusts $Per{m}_{init}$ using context-awareness, incorporating real-time environmental factors (e.g., location, time, network status). This adjustment is formalized in Equation (25), where $Ct{x}_{valid}$ represents the contextually valid permissions, adapting dynamically to environmental changes.

$$Per{m}_{adjusted}=Per{m}_{init}\cap Ct{x}_{valid}$$

(25)

where $Ct{x}_{valid}$ is the valid permission set under the context rules. The context rules dynamically change based on specific environmental requirements. For example, when the user enters or leaves a particular geographic area, the permission set $Ct{x}_{valid}$ is updated accordingly.

After the context adjustment is complete, the system optimizes the permission set based on the principle of least privilege, generating the user’s least privilege set $Per{m}_{min}$. The formula for optimizing the least privilege set is as Equation (26):

$$Per{m}_{min}=\bigcap _{i=1}^n\left(R_{at{t}_i}\cap Perm\left(o{p}_k\right)\right)\cap Ct{x}_{valid}$$

(26)

where n is the number of resources or operations requested by the user, and $R_{{att}_i}$ and $Perm\left(o{p}_k\right)$ are the permission requirements for the resources and operations, respectively. The overall process of the dynamic permission generation algorithm is as follows (Algorithm 1):

Algorithm 1 Dynamic permission generation algorithm

Input:  $at{t}_{list}$: disclosed attribute set, R: resource permission requirement table, $Ops$: operation permission requirement table, $Ctx$: contextual information Main iteration:  Compute the minimum permission set $Per{m}_{min}$ 1: Initialize permission set $Perm\leftarrow \varnothing$  2: for all $r_i\in R$ do 3:      if  $R_{at{t}_i}\subseteq at{t}_{list}$ then 4:       $Perm\leftarrow Perm\cup \left\{r_i\right\}$ 5:      end if 6: end for 7: for all  $o{p}_k\in Ops$ do 8:      if  $Perm\left(o{p}_k\right)\subseteq at{t}_{list}$then   9:       $Perm\leftarrow Perm\cup \left\{o{p}_k\right\}$ 10:     end if 11: end for 12: $Per{m}_{adjusted}\leftarrow Perm\cap Ct{x}_{valid}$ {Adjust permission set based on context information} 13: $Per{m}_{min}\leftarrow {\bigcap }_{i=1}^n(R_{at{t}_i}\cap Perm\left(o{p}_k\right))\cap Ct{x}_{valid}$ {Optimize permissions according to the least-privilege principle} Output:  $Per{m}_{min}$

The Algorithm 1 ensures secure and timely privilege assignment through adaptive context-aware adjustment, enabling efficient permission management in data interactions and enhancing the security and privacy protection of IoT devices.

4. Security Analysis

Ensuring secure identity authentication and permission control in AIoT environments requires robust mechanisms for key generation, credential management, SD, and access control. Given the scale of user data, model parameters, and real-time inference requests, a highly secure framework is essential to protect privacy, enforce precise access policies, and resist attacks. This work analyzes key security properties—including the strength of key generation, the privacy of SD credentials, the validity of aggregated signatures, and the correctness of dynamic permission algorithms—to demonstrate strong resilience against threats in AIoT environments.

4.1. Security of Key Generation

Theorem 1.

Under the hardness assumption of the Elliptic Curve Discrete Logarithm Problem (ECDLP), an adversary cannot derive the master private key y or the user private key $x_i$ from the public system parameters $\alpha =\{F_p,P,P_{PUB},h_0,h_1,h_2,h_3\}$.

Proof. 

The security of key generation relies on the hardness of ECDLP. First, the system master private key y is generated through a distributed key generation protocol in a decentralized network, with the corresponding public key $P_{PUB}=y·P$. If an adversary attempts to reverse-engineer y from $P_{PUB}$ and P, they must solve the ECDLP. Since elliptic curve parameters (e.g., NIST P-256 curve) are designed to meet computational security assumptions, no polynomial-time algorithm exists to efficiently solve the ECDLP. Therefore, the master private key y is computationally infeasible to break. □

For the user private key $x_i$, its generation also depends on the hardness of ECDLP. The user locally generates $x_i$ and computes the public key $P_{D_i}=x_i·P$. Even if an adversary obtains $P_{D_i}$, they cannot derive $x_i$ in polynomial time. In addition, the partial private key $e_{D_i}$ generated for the user by the KGC is constructed using the temporary private key $s_k$, the master private key y, and a hash function, as shown in Equation (27):

$$e_{D_i}=s_k+y·h_0\left(I{D}_{D_i},S_{D_i},P_{D_i}\right)modp$$

(27)

where $s_k$ is randomly generated and kept secret by the KGC, with the corresponding public key $S_{D_i}=s_k·P$. Since the security of $s_k$ also relies on the ECDLP, an adversary cannot obtain $s_k$ from $S_{D_i}$, and therefore cannot separate y or $x_i$ from $e_{D_i}$. Finally, the user verifies the partial private key through the equation $e_{D_i}·P\stackrel{?}{=}{S}_{D_i}+h_0(·)·P_{PUB}$, which does not leak any private key information. In conclusion, the key generation mechanism possesses unforgeability under the ECDLP assumption.

Simulation of Adversarial Attack Proof: Suppose an adversary $\mathcal{A}$ attempts to derive the master private key y or user private key $x_i$ from the public parameters $\alpha$ and partial public key $S_{D_i}$. $\mathcal{A}$ obtains $P_{PUB}=y·P$ and $S_{D_i}=s_k·P$, but due to the hardness of the ECDLP, $\mathcal{A}$ cannot compute y or $s_k$. Even if $\mathcal{A}$ intercepts the partial private key $e_{D_i}$, since it is a linear combination of $s_k$ and y, with $s_k$ being unknown, $\mathcal{A}$ cannot separate y or $x_i$. Therefore, the key generation mechanism effectively resists such attacks.

4.2. Privacy of Selectively Disclosed Credentials

Theorem 2.

For undisclosed attributes $at{t}_j\notin at{t}_{list}$, the commitment $C_{at{t}_j}=g^{at{t}_j}·h^{r_j}$ computationally hides $at{t}_j$, and the ZKP π satisfies the zero-knowledge property, i.e., an adversary cannot distinguish between a real proof and a simulated proof.

Proof. 

The privacy of selectively disclosed credentials rests on the Pedersen commitment scheme and ZKP. For an undisclosed attribute $at{t}_j$, its commitment is $C_{at{t}_j}=g^{at{t}_j}·h^{r_j}$. The Pedersen commitment’s perfect hiding property, stemming from the random value $r_j$, prevents an adversary from extracting $at{t}_j$ from $C_{at{t}_j}$. This is because solving for $at{t}_j$ would require breaking the discrete logarithm assumption. □

Furthermore, the non-interactive ZKP $\pi$ ensures that no information about $at{t}_j$ is leaked. A simulator can produce a simulated proof ${\pi }^{\prime }$ that is computationally indistinguishable from a real proof without any knowledge of the actual attribute $at{t}_j$. An adversary $\mathcal{A}$ attempting to analyze the commitment and the proof cannot differentiate between a real proof and a simulated one, and thus cannot learn the value of the undisclosed attribute. This guarantees the privacy of the selectively disclosed credentials.

4.3. Validity of Aggregate Signatures

Theorem 3.

Let $\sigma ={\prod }_{j=1}^n{\sigma }_{at{t}_j}^{{\lambda }_j}modp$ be the aggregate signature, where ${\lambda }_j$ are Lagrange coefficients. Then σ satisfies the verification Equation (28):

$$e(\sigma ,g)\stackrel{?}{=}\prod _{j=1}^{n}e{\left(h\left(at{t}_j\right),P_{PUB}\right)}^{{\lambda }_j}$$

(28)

Proof. 

The validity of aggregate signatures relies on the mathematical properties of bilinear maps and the correctness of Lagrange interpolation. Each partial signature ${\sigma }_{at{t}_j}$ is generated using the master private key y and the attribute hash $h\left(at{t}_j\right)$ in the form ${\sigma }_{at{t}_j}=h{\left(at{t}_j\right)}^{y·{\lambda }_j}$. The aggregate signature $\sigma$ is the weighted product of these partial signatures, as shown in Equation (29):

$$\sigma =\prod _{j=1}^n{\sigma }_{at{t}_j}^{{\lambda }_j}=\prod _{j=1}^{n}h{\left(at{t}_j\right)}^{y·{\lambda }_j^2}modp$$

(29)

The verification process uses the bilinear property $e(a·P,b·Q)=e{(P,Q)}^{ab}$. The left-hand side of the verification equation is computed as in Equation (30):

$$e(\sigma ,g)=e\left(\prod _{j=1}^{n}h{\left(at{t}_j\right)}^{y·{\lambda }_j^2},g\right)=\prod _{j=1}^{n}e{\left(h\left(at{t}_j\right),g\right)}^{y·{\lambda }_j^2}$$

(30)

The right-hand side expands based on the master public key $P_{PUB}=y·P$, as shown in Equation (31):

$$\begin{array}{cc}\hfill \prod _{j=1}^{n}e{\left(h\left(at{t}_j\right),P_{PUB}\right)}^{{\lambda }_j}& =\prod _{j=1}^{n}e{\left(h\left(at{t}_j\right),y·P\right)}^{{\lambda }_j}\hfill \\ \hfill & =\prod _{j=1}^{n}e{\left(h\left(at{t}_j\right),P\right)}^{y·{\lambda }_j}\hfill \end{array}$$

(31)

Since Lagrange interpolation requires ${\sum }_{j=1}^n{\lambda }_j=1$, when ${\lambda }_j$ satisfy the interpolation conditions, the exponent terms ${\lambda }_j^2$ and ${\lambda }_j$ remain consistent under bilinear mapping, thus ensuring the equality holds. Therefore, the aggregate signature is mathematically valid and unforgeable. □

4.4. Correctness of the Least Privilege Principle

Theorem 4.

The output $Per{m}_{min}$ of the dynamic permission generation algorithm satisfies the following:

(1)

Completeness: All necessary permissions are included;

(2)

Minimality: No redundant permissions exist.

Proof. 

Dynamic permission generation achieves the least-privilege principle by combining selectively disclosed credentials and context-awareness. First, the algorithm traverses the resource permission requirement table R and the operation permission requirement table $Ops$, selecting all permission items that satisfy $R_{at{t}_i}\subseteq at{t}_{list}$ and $Perm\left(o{p}_k\right)\subseteq at{t}_{list}$, forming the initial permission set $Per{m}_{init}$. This step ensures all necessary permissions are included.

The system then dynamically adjusts permissions using contextual information (e.g., device location, time, network state). By applying the function $Ct{x}_{valid}=f\left(Location,Time,Network,DeviceState\right)$, the algorithm retains only the permissions valid under the current environment, generating the adjusted set $Per{m}_{adjusted}=Per{m}_{init}\cap Ct{x}_{valid}$. This step excludes invalid permissions caused by environmental changes.

Finally, the algorithm generates the minimum permission set $Per{m}_{min}$ through the intersection ${\bigcap }_{i=1}^n\left(R_{at{t}_i}\cap Perm\left(o{p}_k\right)\right)\cap Ct{x}_{valid}$. This ensures that each permission is the common intersection of multiple resource or operation requirements, eliminating redundancy. Suppose a redundant permission $per{m}^{\prime }\in Per{m}_{min}$ exists. Removing $per{m}^{\prime }$ would necessarily prevent access to certain resources or operations, contradicting the definition of intersection. Therefore, the output permission set is both complete and minimal. □

5. Performance Analysis

This section evaluates the proposed mechanism for AIoT environments across four key aspects: computational efficiency of credential generation and verification; privacy protection strength measured via information entropy and simulated attacks against identity and data leakage; responsiveness and adaptability of dynamic permission management in real-time scenarios; and system overhead and scalability through stress testing. These experiments collectively demonstrate the mechanism’s practicality and robustness under realistic AIoT conditions.

5.1. Environmental Configuration

The experimental environment includes an Intel Core i7-12700 processor (Intel, Santa Clara, CA, USA) (2.10 GHz), 16 GB RAM, NVIDIA GTX 1650 (NVIDIA, Santa Clara, CA, USA), and 512 GB SSD, running Ubuntu 20.04 with the PyCryptodome cryptographic library and ZKPlib ZKP framework. The dataset simulates 10,000 users, each with 20 sensitive attributes (e.g., occupation, income, location), and dynamically manages permissions using a zero-trust system. The test dataset was synthesized manually following this workflow: first, based on public statistics for age, gender, region, occupation, and income, we constructed a five-dimensional stratified sampling framework; next, we fitted a Gaussian Copula to model the joint distribution of 20 sensitive attributes, preserving realistic relationships among variables such as occupation and income; then, with a fixed random seed, we used the Synthpop tool to draw 10,000 virtual users from this distribution, yielding a 10,000 × 20 attribute matrix; finally, we wrote the synthetic data to a database and automatically triggered the selective-disclosure and access-control processes within the zero-trust architecture.

Comparison schemes include the full disclosure method (all 20 attributes), SD (with 1, 5, or 10 attributes), and differential privacy (DP, with Laplace noise and privacy budget $ϵ$ = 1.0). Test scenarios focus on data access in the AIoT with user scales from 1000 to 10,000, measuring credential generation and verification time, entropy of undisclosed attributes, attack success rate, and permission generation response time.

5.2. Computational Efficiency

To evaluate computational efficiency, the experiment tests varying user loads (1000 to 10,000 users) and measures credential generation and verification times. The traditional method verifies all 20 attributes, while the SD scheme uses ZKP for disclosed attributes only, and the DP method incorporates additional noise parameters. A multi-threaded stress tool simulates high-load scenarios, with results averaged over 10 runs for stability. Performance is shown in Figure 4.

Experimental results show that the SD scheme is highly efficient. At 10,000 users, SD credential generation (12.3 ms) and verification (8.5 ms) are over 70% faster than the traditional method (45.2 ms and 38.7 ms). Even with 10 attributes disclosed, SD remains more than twice as fast. In contrast, the DP scheme is the slowest, taking about 1.4 times longer than the traditional method due to noise-generation overhead. Crucially, the SD scheme demonstrates sub-linear computational growth with more users, unlike the nearly linear scaling of the traditional and DP methods. This efficiency stems from SD’s use of ZKPs and credential aggregation, which reduce redundant computations and combine multiple verifications into a single step.

5.3. Information Entropy and Attack Success Rate

To evaluate privacy protection, the experiment measures the uncertainty of hidden attributes using information entropy (scale 0–5, higher is better) and simulates adversary attack success rates via correlation analysis. The adversary tries to infer hidden data from disclosed attributes using association rules trained on 10,000 users. The SD scheme uses encryption commitments and ZKP to protect hidden attributes, while the DP scheme obscures values with noise. Results are shown in

Table 3. Privacy comparison (fixed user size 10 K).

Scheme	Disclosed	Info	Attack
	Attrs	Entropy	Rate (%)
Traditional (Full)	20	0.0	98.6
Our Mechanism	1	4.2	12.4
Our Mechanism	5	3.8	15.7
Our Mechanism	10	2.9	28.3
Our Mechanism	15	1.5	45.6
Our Mechanism	20	0.0	98.5
DP, $\epsilon =0.5$	20	3.6	18.9
DP, $\epsilon =1.0$	20	3.1	24.7
DP, $\epsilon =2.0$	20	2.4	30.1

.

With just one attribute disclosed, the SD scheme achieves a high information entropy of 4.2 and a low attack success rate of 12.4%. This significantly outperforms the DP scheme (entropy 3.1, attack rate 24.7%) and the traditional full-disclosure method (entropy 0.0, attack rate 98.6%). While DP’s noise injection is vulnerable to multi-attribute correlation attacks, SD uses mathematical proofs to guarantee the integrity of hidden attributes. This prevents adversaries from extracting information from commitments, thereby preserving both data utility and privacy.

5.4. Dynamic Permission Generation Time

To evaluate the real-time performance of the dynamic permission module, the experiment simulated low- to high-load scenarios by gradually increasing policy counts from 100 to 1000. Each request generated a least-privilege permission set, and average generation time was recorded. The traditional method iterates through all policies and verifies every user attribute, the DP method adds noise to traditional verification, while the SD method pre-filters policies based on disclosed attributes, verifying only those relevant to the request. The results are shown in Figure 5.

The experimental results demonstrate that the SD method significantly outperforms both (traditional and DP) approaches in dynamic permission generation efficiency. Under a low load of 100 policies, SD completes in 2.1 ms—59.6% faster than the traditional method (5.2 ms) and 74.1% faster than DP (8.1 ms). As policy count increases to 1000, SD requires only 16.7 ms, while traditional and DP methods rise to 71.9 ms and 98.4 ms, respectively. SD maintains millisecond-level performance even under high load, highlighting its strong advantage in dynamic permission management.

5.5. System Overhead

To comprehensively evaluate the resource efficiency of the zero-trust self-sovereign identity (SSI) management mechanism in real deployments, we designed a scalability test for system overhead. This experiment examines how key resource indicators change with different user scales, including key storage size, peak memory usage, CPU utilization, and network transmission overhead. We set 10 user-scale levels (from 1000 to 10,000 users), and for each level we performed 1000 consecutive authentication operations. Resource data were collected in real time, focusing on the memory peak during verification, the average CPU load, the key storage footprint, and the per-verification network payload. Each data point is reported as the mean ± standard deviation over 10 runs. The results are shown in

Table 4. System overhead under different user scales.

Users	Storage (KB/User)	Memory (MB)	CPU Usage (%)	Network (KB/Tx)
1000	$1.62\pm 0.02$	$15.3\pm 0.4$	$18.5\pm 0.8$	$4.21\pm 0.07$
2000	$1.61\pm 0.02$	$16.1\pm 0.4$	$19.2\pm 0.8$	$4.22\pm 0.07$
3000	$1.60\pm 0.02$	$17.2\pm 0.4$	$19.8\pm 0.8$	$4.23\pm 0.07$
4000	$1.60\pm 0.02$	$18.3\pm 0.4$	$20.7\pm 0.9$	$4.24\pm 0.07$
5000	$1.59\pm 0.02$	$19.1\pm 0.5$	$21.5\pm 0.9$	$4.25\pm 0.07$
6000	$1.59\pm 0.02$	$20.4\pm 0.5$	$22.3\pm 0.9$	$4.26\pm 0.07$
7000	$1.59\pm 0.02$	$21.2\pm 0.5$	$23.1\pm 0.9$	$4.27\pm 0.07$
8000	$1.58\pm 0.02$	$22.7\pm 0.6$	$24.2\pm 1.0$	$4.28\pm 0.07$
9000	$1.58\pm 0.02$	$23.6\pm 0.6$	$24.9\pm 1.0$	$4.29\pm 0.07$
10,000	$1.58\pm 0.02$	$24.3\pm 0.6$	$25.4\pm 1.0$	$4.30\pm 0.07$

.

The results show that the proposed mechanism maintains stable overhead across user scales, with consistently low standard deviations, demonstrating the scheme’s reliability. Key storage remains within $1.58\pm 0.02$ KB per user, with fluctuations of only $\pm 1.3\%$, indicating that the distributed key generation mechanism preserves storage efficiency under varying loads. Memory usage increases from $15.3\pm 0.4$ MB at 1000 users to $24.3\pm 0.6$ MB at 10,000 users, with the standard deviation always below 3% of the measured value, evidencing the zero-knowledge proof framework’s highly predictable memory management.

CPU utilization exhibits a near-linear growth trend, rising from $(18.5\pm 0.8)\%$ to $(25.4\pm 1.0)\%$, with the standard deviation stable at around 4%. Notably, even at the highest load (10,000 users), the utilization band (24.4–26.4%) is well below the device’s processing threshold (90%), leaving ample safety headroom. Network transmission overhead is the most stable: the per-verification payload remains within $4.21\pm 0.07$ KB to $4.30\pm 0.07$ KB, with a standard deviation of only 1.6%. This stability is attributed to the fixed-size output of credential aggregation. Overall, these figures are significantly better than those of traditional identity management systems, confirming the robustness of our mechanism in resource-constrained environments.

6. Conclusions

This paper presents a blockchain-based SSI management mechanism for AIoT environments, aiming to address challenges in identity management and data security during model training, inference, and continuous learning. To meet privacy requirements, the mechanism adopts SD credentials, enabling users to reveal only the necessary identity attributes. This not only reduces the risk of sensitive information exposure but also improves the efficiency and reliability of identity verification. In addition, a context-aware dynamic permission management mechanism is designed to adjust access rights in real time according to user attributes, security conditions, and task requirements. This ensures secure and adaptive data access in dynamic AIoT environments. Overall, the mechanism strengthens privacy protection, enhances authentication efficiency, and improves environment security, providing a scalable solution for AIoT applications. However, the current solution may face scalability challenges in more complex AIoT environments with high device and data variability. Future work could focus on optimizing the selective disclosure algorithm to improve its performance in large-scale scenarios. Future research should further explore more intelligent, flexible, and scalable identity management frameworks to address the evolving security requirements and promote the secure application of AIoT technologies in a broader range of fields.