๐ A decentralized academic credential sharing system with selective disclosure and revocation support, implemented using Merkle Trees, blockchain-based revocation lists, and secure key exchange protocols. Designed and developed as part of a university project for the Algorithms and Protocols for Security course.
Demonstrated ability to design and implement secure, privacy-preserving credential management systems using cryptographic protocols, blockchain-based revocation, and Merkle Treeโbased selective disclosure.
Uni-Trust is a secure academic credential management system enabling students, universities, and certification authorities to exchange credentials in a privacy-preserving, verifiable, and revocable manner.
This project was developed at the University of Salerno as a practical application of cryptographic techniques to improve student mobility programs such as Erasmus, reducing reliance on centralized authorities and improving trust and interoperability between institutions.
-
โ Selective disclosure of academic credentials using Merkle Trees
-
๐ Decentralized revocation management via blockchain-based Certificate Revocation Lists (CRLs)
-
๐ Mutual authentication and secure key distribution protocols to establish session keys
-
๐งพ Rich credential structure supporting personal data, courses, exams, degrees, and attendance records
-
๐ Performance analysis on credential size, cryptographic overhead, and latency
-
๐งช Threat modeling and security analysis covering common attack vectors
All code comments and internal documentation are written in Italian, as the project was developed during a group exam at the University of Salerno (Italy).
Despite this, the codebase follows international best practices, with clear method names and class structures that make it easily understandable for global developers and recruiters.
-
Issuance of academic credentials by universities
-
Selective disclosure of only necessary fields (e.g., specific course completions)
-
Verifiable Merkle proofs for disclosed credentials
-
RSA asymmetric encryption for identity validation and signing
-
AES symmetric encryption for session communication
-
Secure key distribution protocol using nonces and identity verification
-
Blockchain-based revocation of credentials to ensure real-time trust
-
Merkle Treeโbased credential structure enabling partial disclosure without exposing full datasets
-
Revocation List (CRL) management on a decentralized blockchain (the blockchain interaction is simulated as it was beyond the scope of the project)
-
Resilience to attacks like man-in-the-middle, identity theft, and credential tampering
Developed within a structured university project framework (Project Work), with clearly defined work packages for modeling, design, security analysis, and implementation.
-
Requirements Analysis & Threat Modeling (WP1)
-
System Design: Credential structure, secure exchange, revocation handling (WP2)
-
Security Analysis: Evaluation against defined adversary models (WP3)
-
Implementation: Modular Python code with cryptographic best practices (WP4)
The system has been tested with:
-
Unit tests for encryption/decryption, Merkle Tree verification, and proof generation
-
Simulated communication workflows between students and universities
-
Latency and overhead analysis for cryptographic operations
Inside the docs/ folder, youโll find:
-
Requirements & Threat Model Report: Identifies key actors, goals, and attack vectors
-
System Design Document: Describes credential structures, data flows, and protocols
-
Security Analysis Report: Evaluates resilience against identified threats
-
Performance Evaluation: Overhead and latency benchmarks
All these information are contained in the file Documentazione_APS_gruppo06_Cirillo_Fasolino.pdf
๐ฆ uni-trust-credential-management-system
โโโ ๐ docs
โ โโโ project_presentation_ITALIAN.pdf
โ โโโ project_report_ENGLISH.pdf
โ โโโ project_report_ITALIAN.pdf
โโโ ๐ src
โ โโโ ๐ actors
โ โ โโโ Blockchain.py
โ โ โโโ CertifiedCommunicatingParty.py
โ โ โโโ Student.py
โ โ โโโ StudentInfo.py
โ โ โโโ University.py
โ โ โโโ __init__.py
โ โโโ ๐ certificate_authority
โ โ โโโ CertificateAuthority.py
โ โ โโโ CertificateOfIdentity.py
โ โ โโโ __init__.py
โ โโโ ๐ utils
โ โ โโโ AsymmetricEncryptionInformation.py
โ โ โโโ CryptoUtils.py
โ โ โโโ MerkleTree.py
โ โ โโโ SymmetricEncryptionInformation.py
โ โ โโโ __init__.py
โ โ โโโ __init__.py
โ โโโ main_documentato.ipynb
โ โโโ main.py
โโโ LICENSE
โโโ README.md
โโโ requirements.txt
-
Clone the repository
git clone https://github.com/francescopiocirillo/uni-trust-credential-management-system.git
-
Install dependencies
pip install -r requirements.txt
-
Run the simulation notebook
jupyter notebook main_documentato.ipynb
-
๐ Python version: 3.12+
-
๐ Cryptography library: cryptography
-
๐ช Blockchain simulation through a simple class for revocation list
โ๏ธ Got feedback or want to contribute? Feel free to open an Issue or submit a Pull Request!
Decentralized Credential Management, Academic Credentials, Merkle Tree Credentials, Blockchain Revocation, Selective Disclosure, Privacy-Preserving Credentials, Secure Key Exchange Protocol, RSA & AES Encryption, Python Cryptography Project, Erasmus Credential Sharing, Certificate Revocation List Blockchain, Secure University Data Exchange, Project Work Algorithms and Protocols for Security, Cryptography-Based Credential System, Merkle Proof Verification, Student Credential Privacy, University of Salerno Project
This project is licensed under the MIT License, a permissive open-source license that allows anyone to use, modify, and distribute the software freely, as long as credit is given and the original license is included.
In plain terms: use it, build on it, just donโt blame us if something breaks.
โญ Like what you see? Consider giving the project a star!