Wallet Instance can create proofs of association across trees

[sander]

As of e4ccc30, the Wallet Instance can seed any new HDK tree at will and convince its Wallet Provider to issue Issuer Trust Evidence about it. This enables a corrupt Wallet Instance to associate across HDK trees, dropping the potential to have each tree represent a single subject.

Instead, in HDK, each tree should be associated with a unique device key from the perspective of the Wallet Instance. Potentially, these device keys are diversified from a single key by the Wallet Provider. Potentially, the Wallet Provider delegates this diversification to the Wallet Instance using ARKG.

This may shift the application of Trust Evidence:

• PID Providers register a fresh WTE public key, which is a fresh public key attested by the Wallet Provider
• PID Providers asynchronously issue PID
• PID or Attestation Providers may request ITE, the Wallet Instance may refuse

[sander-cb]

To consider: apply KEM for seed instead. Ensures confidentiality during initial transport. Possibly also hedges against weak random number generation at either side?

[sander]

Discussed 2024-07-01: the current approach where each root device key pair must be fresh (as proven using a key attestation to the solution provider) seems feasible, with subsequent WTE issuance. Need to check if this is well reflected in the spec.