The Center for Digital Trust hosted a successful workshop on Privacy-Preserving eID last week. We welcomed 14 participants from seven partner organizations including Be-Ys, ELCA, FOITT, Kudelski, SICPA, Swiss Post/SwissSign, and Swisscom. The day-long event combined theoretical foundations with hands-on technical demonstrations. Our focus centered on swiyu, Switzerland’s proposed eID project developed by FOITT, and its privacy implications.
Morning
Imad Aad from C4DT kicked off the morning session with fundamentals of eID and digital wallets. He explained how EUDI (eIDAS 2.0) and swiyu will function in practice. The session revealed stark privacy contrasts when comparing systems like Aadhaar and MOSIP with the European and Swiss approaches. Participants engaged in lively discussions about biometric data storage, decentralization concepts, and practical applications. Key takeaways included confirmation that wallets will not store biometric data and that swiyu IDs will enable account creation but not direct login procedures.
Afternoon
The afternoon turned technical with Ahmed Elghareeb demonstrating the swiyu test environment. Participants installed the swiyu app, obtained test IDs, and created verifiable workshop diplomas on their devices. They experienced selective disclosure firsthand, choosing which credential fields to reveal during verification. Linus Gasser then tackled the complex linkability problem inherent in credential presentations. He presented cutting-edge solutions using BBS signatures and zero-knowledge proofs, based on work from Ubique and Cloudflare’s ZKAttest, sparking intensive discussions about the challenges of maintaining privacy while ensuring holder binding.
You can find the presentations of the workshop, as well as the code, on our github repo: