Abstract
Introduction:
Academic publishing, a cornerstone of knowledge dissemination and scientific advancement, increasingly faces ethical threats such as unconsented authorship, gift authorship, author ambiguity, and undisclosed conflicts of interest. Although infrastructures such as ORCID support researcher identity disambiguation, they do not adequately enforce explicit authorship consent, verify contributor roles, or enable privacy-preserving conflict-of-interest screening during peer review.
Methods:
This study proposes a standards-aligned decentralized conceptual framework for ethical authorship validation. The framework integrates Self-Sovereign Identity, Decentralized Identifiers, and Verifiable Credentials to capture explicit co-author consent as verifiable events, embed verified authorship metadata in publications, and support privacy-preserving conflict-of-interest checks through zero-knowledge techniques. A permissioned ledger functions as a trust registry for hashes and status indicators, without storing personally identifiable information on-chain, and supports revocation. To assess the relevance of the proposed design, a stakeholder survey was conducted with researchers, editors, and reviewers.
Results:
The proposed framework addresses key gaps in existing scholarly identity and publishing infrastructures by introducing mechanisms for verifiable authorship consent, contributor-role validation, and privacy-preserving conflict-of-interest screening. Survey findings indicate strong stakeholder support for both consent enforcement and privacy-preserving conflict-of-interest checks.
Discussion:
This work contributes a conceptual design for strengthening trust, accountability, and transparency in academic publishing through decentralized identity and verifiable credential technologies. The findings provide formative empirical support for future prototyping and evaluation.
1 Introduction
Academic publishing is a cornerstone of scientific progress, yet its integrity is increasingly strained by unethical authorship practices and opaque review processes. In 2023 alone, more than 10,000 papers were retracted—a historical peak—highlighting systemic weaknesses in how contributions and conflicts are governed (Van Noorden, 2023). Problematic behaviors such as unconsented authorship, exclusion of legitimate contributors, and “gift authorship” undermine credibility (Johann, 2022; Singhal and Kalra, 2021); unresolved conflicts of interest and occasional impersonation in peer review further erode trust (Bell et al., 2024).
Blockchain-based approaches have been explored to increase auditability in scholarly workflows (Stockburger et al., 2021; Belchior et al., 2020). However, most efforts either (i) address identity disambiguation without enforcing explicit co-author consent, or (ii) emphasize transparency while leaving open questions about privacy (e.g., COI checks that unnecessarily reveal affiliations). Widely adopted identity infrastructures like ORCID help disambiguate authors but do not natively verify contributor roles, record consent events, or support privacy-preserving conflict screening during peer review (Butincu and Alexandrescu, 2024; Preukschat and Reed, 2021). These gaps leave room for predatory practices and post hoc disputes (Stockburger et al., 2021).
In response to these challenges, this paper proposes a conceptual framework that specifies concrete, interoperable interfaces to (i) capture explicit co-author consent as verifiable events, (ii) embed verified authorship metadata in publications, and (iii) enable privacy-preserving conflict-of-interest (COI) checks. The design leverages Self-Sovereign Identity (SSI) with Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) to establish cryptographically verifiable identities and contribution records (Bistarelli et al., 2023). A permissioned blockchain serves as a shared registry for hashes and credential status, supporting revocation and audit. For COI, we outline a zero-knowledge (ZK) non-intersection check that allows a reviewer to prove the absence of conflicts without revealing affiliations (Naik and Jenkins, 2020; Samir et al., 2022).
The key contributions of this work can be summarized as follows:
Development of a decentralized framework: We propose a secure, decentralized system that uses SSI and VCs to validate authorship, ensure cryptographically verifiable identities, and maintain tamper-evident records.
Privacy-preserving conflict detection: The framework applies Zero-Knowledge Proofs (ZKPs) and selective disclosure to enable conflict-of-interest detection while preserving reviewer and author privacy.
Immutable authorship consent records: We establish a blockchain-backed process that provides immutable, auditable records of authorship consent and verified metadata, enhancing transparency and accountability in academic publishing.
Operational workflow and auditability: We provide a message-level workflow for submission, consent verification, COI checking, and metadata embedding, along with a lightweight registry interface sufficient for a prototype.
Formative stakeholder study: We report a survey of researchers, editors, and reviewers to gauge perceived utility and constraints. Methods and threats to validity are stated explicitly; results inform design choices rather than claim effectiveness.
This work is a design contribution with initial empirical grounding. We do not present a full implementation; instead, we specify interoperable interfaces and verification steps that can be instantiated on a permissioned ledger and integrated with existing publishing pipelines. We also discuss deployment constraints (interoperability, scalability, legal compliance) and limitations to inform a subsequent prototype and evaluation.
The remainder of the paper proceeds as follows. Section 2 reviews related efforts in identity, consent, and blockchain-enabled publishing. Section 3 introduces SSI, blockchain, and cryptographic preliminaries. Section 4 details the architecture, operational workflow, revocation, and the ZK COI check. Section 5 reports the stakeholder survey and how its signals shaped the design. Section 6 discusses limitations and future work.
2 Related work
The rapid evolution of academic publishing has motivated the use of emerging technologies to address ethical, procedural, and systemic challenges (Javaid et al., 2021). In particular, blockchain and Self-Sovereign Identity (SSI) are often cited for their potential to improve transparency, accountability, and efficiency across scholarly workflows. We review work on (i) blockchain in publishing, (ii) authorship validation and identity management, and (iii) peer-review transparency, and then position our contribution with respect to these strands.
2.1 Blockchain applications in academic publishing
Blockchain has been proposed to provide immutable, verifiable records for publication events. Novotny et al. (Novotny et al., 2018) explored Hyperledger Fabric for transparency in research processes (e.g., productivity tracking, reputation, peer review). Tarkhanov et al. (2019) used Ethereum to ensure data immutability for online journals, demonstrating integrity guarantees for published artifacts. Mohan (Mohan, 2019) argued that permissioned blockchains can mitigate misconduct pressures, while Mackey et al. (2019) proposed consortium governance (e.g., decentralized autonomous organizations, DAOs) spanning submission, review, and editorial decisions. Tenorio-Fornés et al. (2021) combined blockchain with IPFS and reviewer reputation to support decentralized peer review and open access.
In addition, Beştaş et al. (2023) proposes a blockchain-backed workflow for managing manuscript submission, review, and publication, emphasizing decentralization and tamper-evident tracking of editorial events. Similarly, Skala et al. (2024) outlines a conceptual model for “Digital Academic Publishing” (DAP) on blockchain, focusing on transparent provenance and long-term preservation of scholarly outputs. Both strands strengthen the case for blockchain as an infrastructure for scientific publishing, particularly for auditability and process transparency, but they do not explicitly address per-author consent as a verifiable, manuscript-bound event or privacy-preserving conflict-of-interest screening.
These systems advance auditability and provenance but typically emphasize process transparency rather than privacy by design. As a result, explicit co-author consent enforcement and privacy-preserving conflict-of-interest (COI) checks are either out of scope or only partially addressed. Practical concerns—such as scalable revocation and integration with existing identity infrastructure—are also unevenly covered.
2.2 Authorship validation and identity management
Authorship validation remains a significant concern in scholarly communication. Traditional identity management solutions, exemplified by platforms such as ORCID (Haak et al., 2012), primarily focus on disambiguating author identities through unique identifiers and integrating metadata with systems like CrossRef. However, they do not natively (i) enforce explicit, per-author consent tied to a manuscript, (ii) attest contributor roles as verifiable credentials, or (iii) support private COI screening during review. Prior blockchain-based proposals note the value of decentralized identifiers and attestations Tenorio-Fornés et al. (2021), yet often prioritize public transparency over selective disclosure and privacy. Our work leverages SSI principles with Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) (Preukschat and Reed, 2021; Bistarelli et al., 2023) to bind consent events and roles to cryptographically verifiable artifacts, while keeping personal data off-chain.
2.3 Peer Review transparency and associated challenges
Peer review is a cornerstone of academic publishing but is frequently criticized for lacking transparency, being vulnerable to biases, and suffering inefficiencies. Tennant et al. (Tennant, 2018) identified critical challenges including editorial responsibility, reviewer subjectivity, and inconsistency in review standards, calling for standardized procedures and shared data infrastructures. Similarly, Tennant and Ross-Hellauer (Tennant and Ross-Hellauer, 2020) advocated enhanced transparency and accountability to bolster peer review legitimacy.
Blockchain-enabled approaches offer promising remedies to these issues. Mackey et al. (2019) proposed leveraging DAOs to manage peer-review activities, generating immutable records of reviewer interactions. Additionally, Tenorio-Fornés et al. (2021) introduced reputation mechanisms combined with privacy-preserving techniques to incentivize transparent, high-quality peer reviews. Nevertheless, widespread adoption of blockchain-based peer-review systems remains hindered by technical complexity and resistance from stakeholders accustomed to traditional workflows (Yli-Huumo et al., 2016).
2.4 Broader blockchain applications and lessons learned
Experiences from adjacent domains (e.g., governance and healthcare) underscore recurring design tensions: transparency vs. privacy, interoperability vs. autonomy, and auditability vs. data minimization (Yin, 2023; Dagher et al., 2018). Yin (2023) discussed blockchain applications in corporate governance, emphasizing benefits like transparency, real-time accessibility, and cost-effective record management. In healthcare, blockchain frameworks such as those proposed by Dagher et al. (Dagher et al., 2018) aim to balance data privacy and accessibility in electronic health records management. Despite demonstrating promising capabilities, blockchain applications in these sectors also highlight consistent challenges related to scalability, interoperability, and user adoption—challenges equally pertinent to academic publishing workflows. Successful deployments typically minimize on-chain personal data, rely on off-chain storage for sensitive records, and provide revocation/status mechanisms, lessons directly applicable to scholarly publishing.
2.5 Gaps and research opportunities
Across the above strands, we identify four persistent gaps: (G1) lack of verifiable, per-author consent tied to a specific manuscript (Haak et al., 2012); (G2) absence of privacy-preserving COI checks that avoid disclosure of affiliations; (G3) limited attention to revocation and status for credentials/consent; and (G4) incomplete guidance for metadata embedding that survives post-publication. Table 1 summarizes how our design targets these gaps relative to ORCID and representative blockchain-based proposals.
TABLE 1
| Capability | ORCID | Prior blockchain | This work |
|---|---|---|---|
| Researcher ID disambiguation | |||
| Verifiable per-author consent (manuscript-bound) | ✗ | ||
| Privacy-preserving COI screening (no affiliation leakage) | ✗ | ✗ | ✓ |
| Credential/consent revocation/status checks | |||
| Metadata embedding for post-publication auditability |
Comparison with existing efforts ( = supported; = partial/indirect; ✗ = not addressed).
In contrast to prior work that largely treats identity as disambiguation, our contribution focuses on consent as a verifiable event, COI screening with privacy, and standards-aligned revocation and embedding. These choices directly inform the framework in Section 4, where we specify a minimal set of interfaces (ConsentToken VC, status checks, and an on-chain receipt model) that can be integrated with existing publishing pipelines while keeping personal data off-chain.
3 Preliminaries
This section summarizes the core building blocks used in our design: Self-Sovereign Identity (SSI), a permissioned blockchain as a trust registry, and privacy-preserving cryptography. We also state the standards and notation we rely on and outline a concise threat model and security goals. These elements collectively support authorship validation, consent enforcement, and privacy-preserving conflict screening.
3.1 Self-sovereign identity (SSI)
Digital identity broadly encompasses attributes and identifiers associated with an individual or entity within a specific digital context, facilitating authentication and authorization processes online (Lux et al., 2020). In contrast to conventional identity management systems, which typically rely on centralized service providers, Self-Sovereign Identity (SSI) enables individuals to maintain control and ownership over their digital identities (Pava Diaz et al., 2023). SSI empowers users with sovereign, persistent, and portable identities, providing secure access to digital services without reliance on intermediaries and enhancing user privacy and security (Preukschat and Reed, 2021; Schardong and Custódio, 2022).
Central to the SSI architecture are Decentralized Identifiers (DIDs), cryptographically secure, globally unique identifiers that enable autonomous identity management independent of centralized authorities (Bistarelli et al., 2023). Figure 1 illustrates a representative DID structure: the public key associated with the DID is stored in a decentralized registry (e.g., a blockchain), while the corresponding private key remains securely held by the user within a digital wallet, facilitating cryptographic verification during interactions.
FIGURE 1
Complementing DIDs are Verifiable Credentials (VCs), digitally signed attestations issued by trusted entities to validate specific user attributes such as institutional affiliation, credentials, and qualifications (Lux et al., 2020). VCs support selective disclosure of attributes, enabling users to provide only the minimal information required for verification and thereby preserving data privacy.
The core interactions within the SSI framework are depicted in Figure 2. The primary stakeholders are: (i) the Issuer, who generates and cryptographically signs credentials; (ii) the Holder, who stores credentials securely in a digital wallet; and (iii) the Verifier, who requests and validates credentials presented by the holder. The blockchain acts as a decentralized, tamper-proof trust registry, facilitating secure verification of DIDs and credential hashes.
FIGURE 2
In the context of academic publishing, SSI supports secure, verifiable author identities and affiliations, addresses ambiguity and consent challenges, and safeguards sensitive personal information during authorship and peer-review processes (Stockburger et al., 2021; Belchior et al., 2020).
3.2 Blockchain technology
Blockchain technology serves as a foundational infrastructure for SSI by providing a decentralized, transparent, and immutable ledger for securely recording cryptographic commitments such as hashes or pointers to identity-related information (Soltani et al., 2021). By anchoring cryptographic hashes rather than full records, blockchains can help protect privacy while still enabling robust, independently verifiable audit trails.
The key characteristics of blockchain relevant to authorship validation and SSI frameworks include:
Immutability & auditability: Anchored events (hashes) provide non-repudiation for time-stamped statements, such as credential issuance or status updates.
Transparency with minimization: Verifiers can independently check recorded events and status information without requiring access to the underlying data, as long as only hashes or commitments are stored rather than raw personal information.
Consortium governance: In permissioned settings, endorsement policies and membership control mitigate single points of failure and can align with existing publishing consortia (Bai et al., 2022).
In our framework, we instantiate these properties using a consortium-operated permissioned ledger that acts as a trust registry; Section 4 details this instantiation and its role in the overall architecture.
3.3 Cryptographic techniques
Advanced cryptographic techniques are integral to SSI systems, ensuring data security, privacy, and compliance with ethical standards. Two mechanisms are particularly relevant in our framework:
Selective disclosure: Selective disclosure enables individuals to reveal only those credential attributes necessary for a specific verification, withholding non-essential personal data. For instance, an author can verify institutional affiliation without disclosing additional sensitive personal details, thus preserving privacy (Stockburger et al., 2021; Naik and Jenkins, 2020).
Zero-knowledge proofs (ZKPs): ZKPs allow a prover to convince a verifier of a statement (e.g., “no conflict exists”) without revealing the underlying data. In our framework, reviewers use ZKPs to demonstrate that a conflict-of-interest condition does not hold, while keeping both their own affiliations and the authors’ affiliations hidden; Section 4.6 specifies the concrete non-intersection construction.
3.4 Standards and notation
We follow widely adopted specifications to maximize interoperability:
DID Core: DID syntax, resolution, and DID Documents (W3C DID Core).
VC Data Model: JSON-LD credentials, proofs, and presentations (W3C VC).
Credential status: Compressed bitstring revocation lists (StatusList-style).
DIDComm (v2): Secure application-layer messaging between wallets and verifiers (for consent requests and responses).
3.5 Persistent authorship challenges in academic publishing
As outlined in Section 1, we focus on four recurring failure modes in current scholarly workflows: unconsented authorship, gift/ghost authorship, conflicts of interest in peer review, and weak auditability of consent. Existing infrastructures (e.g., ORCID) excel at identity disambiguation but do not natively enforce per-author consent, provide private COI screening, or maintain immutable, manuscript-bound consent records (Bai et al., 2022; Samir et al., 2022). These shortcomings motivate the threat model and security goals formalized in Section 3.6.
3.6 Threat model and security goals
Building on the challenges summarized above, we model adversaries and channels as follows.
Adversaries. (A1) Malicious submitter adds non-consenting co-authors; (A2) reviewer with undisclosed COI seeks assignment; (A3) curious verifier attempts to learn hidden affiliations; (A4) external observer attempts cross-manuscript linkage; (A5) compromised issuer revokes or forges credentials.
Channels. DIDComm over TLS between wallets and journals; permissioned ledger for anchoring hashes and status bits; issuer status endpoints for revocation.
Goals. (G1) Explicit consent: each co-author issues a signed, manuscript-bound ConsentToken VC. (G2) Auditability: a hash of each verified ConsentToken (and COI proof receipt) is anchored on-chain. (G3) Private COI: reviewers prove non-intersection with author affiliations without revealing either side. (G4) Revocation: issuers and journals can invalidate VCs and consents via status lists. (G5) Data minimization: only hashes and status bits on-chain; VCs and PII off-chain. (G6) Interoperability: artifacts adhere to DID/VC and status-list conventions.
These preliminaries motivate the concrete architecture and workflow specified in Section 4, where we detail consent messaging, status checks, the non-intersection ZK proof, and metadata embedding.
3.7 Metadata leakage and linkability
Beyond the content of credentials and proofs, an adversary may attempt to exploit
metadatasuch as transaction timing, frequency, and identifiers to infer relationships between manuscripts, authors, and reviewers. We distinguish three vantage points:
Ledger-only observer. A consortium member that can read the registry but does not see editorial databases observes salted manuscript aliases , hashes of consent and COI receipts, and timestamps. Because we avoid storing DIDs, affiliations, or cleartext manuscript identifiers on-chain, such an observer cannot directly link receipts to specific individuals. Residual risks include: (i) correlating multiple receipts for the same over time (e.g., multiple reviewer reassignments); and (ii) inferring coarse-grained activity patterns for a journal. We mitigate these by using high-entropy salts when deriving and by supporting batching or delayed anchoring so that individual editorial events do not map one-to-one to ledger transactions (§4.3).
Journal insider. An attacker with access to both the editorial system and the ledger can associate with a concrete manuscript identifier and view local logs of who was invited to review. Our framework does not prevent such insider inference; rather, it ensures that consent and COI events, once verified, cannot be silently altered. Journals should treat editorial logs as personal data and protect them with standard access controls and retention policies, and may choose to proxy all public verification through a journal API instead of exposing the ledger directly.
Network-level observer. A passive network adversary might correlate DIDComm or RPC traffic patterns with editorial activity. This risk is orthogonal to our use of a permissioned registry and is better addressed by transport-layer protections (TLS), padding, and, where needed, mix networks. We assume such mitigations are provided by the underlying communication substrate and do not duplicate them at the application layer.
In all cases, we deliberately minimize on-chain linkage by (i) keeping registry entries to fixed-size cryptographic commitments and status words, (ii) avoiding on-chain DIDs, affiliations, or ORCID-like identifiers, and (iii) using salted aliases for manuscripts.
4 Proposed framework
This section presents a secure, decentralized, and privacy-preserving framework for authorship validation in academic publishing. Building upon Self-Sovereign Identity (SSI), blockchain, and cryptographic primitives such as Zero-Knowledge Proofs (ZKPs), the framework aims to strengthen ethical compliance while preserving data privacy. We elaborate on the system’s architecture, technical components, credential lifecycle, and conflict-of-interest verification mechanisms.
4.1 Actors, roles, and trust boundary
We consider five operational actors and one shared registry. Each actor controls its own keys and wallets; all personal data and full Verifiable Credentials (VCs) remain off-chain. The permissioned ledger functions only as a shared audit registry that anchors hashes and status bits (revocation) for auditability. Threats and goals are as stated in Section 3.6.
4.1.1 Actors
Authors/Co-authors (Holders): manage DIDs and store VCs in a wallet; issue a manuscript-bound ConsentToken VC for their own authorship; selectively disclose attributes during submission.
Reviewers (Holders/Provers): manage DIDs and Affiliation VCs; generate a zero-knowledge (ZK) non-intersection proof for conflict-of-interest (COI) screening without revealing affiliations.
Journals/Publishers (Verifiers/Controllers): request and verify ConsentToken VCs; verify COI proofs; embed verified receipt references into article metadata; write only hashes/status updates to the registry.
Issuers (Institutions/IdPs) (Issuers): issue Affiliation VCs and (optionally) role/contribution attestations; publish credential status endpoints (revocation/status-list bitstrings).
Consortium Registry (Permissioned ledger): append-only store for (i) hashes of verified ConsentToken receipts and COI-proof receipts, and (ii) credential status lists or pointers; governed by a publisher consortium endorsement policy.
4.1.2 Who sees what (privacy boundary)
On-chain (public to consortium members): fixed-size hashes of verified receipts (ConsentToken, COI proof), manuscript identifiers (or salted aliases), and credential status bits/indices. No PII, no plaintext VCs, no affiliations.
Journal (off-chain controller): VC presentations received over DIDComm; verification outcomes; local links from manuscriptID {VC refs, receipt hashes, proof receipts}.
Authors/Reviewers (holders): their own DIDs/VCs and copies of sent messages; they do not learn other parties’ private attributes.
Issuers: issuance logs and revocation/status data for credentials they issued; no visibility into ZK proof internals or other issuers’ data.
4.1.3 Trust boundary and assumptions
Key ownership: each holder controls their private keys (wallet); DIDs resolve to verification methods. Journals and issuers authenticate via their DIDs.
Minimization: only hashes/status bits are written on-chain; VCs and any PII remain with holders or journal controllers off-chain.
Consortium governance: the registry’s endorsement and access policies are operated by a publisher consortium (no single-party control).
Revocation authority: issuers (and, for ConsentToken, journals when appropriate) publish status-list updates; verifiers must check status during verification.
4.1.4 Link to threats and goals (section 3.6)
A1 (non-consenting additions) G1/G2: each co-author issues a signed, manuscript-bound ConsentToken VC; the journal anchors after verification, yielding a non-repudiable audit trail.
A2 (undisclosed COI) G3: reviewers prove (non-intersection) without revealing or ; only a proof receipt hash is anchored.
A3 (curious verifier) G5: selective disclosure and ZK prevent leakage of attributes; on-chain data are unlinkable hashes.
A4 (cross-manuscript linkage) G5: per-session salt and commitment scheme reduce linkability across manuscripts.
A5 (compromised issuer) G4/G6: verifiers check issuer trust and status; revocation via status-lists invalidates compromised credentials; standards alignment eases multi-issuer interoperability.
4.1.5 Out of scope
Endpoint security of user devices and human-process disputes (e.g., contribution negotiation) are not solved cryptographically; our scope is to record explicit consent and enforce privacy-preserving COI checks with auditable receipts that support subsequent adjudication.
4.1.6 Issuer trust, KYC/AML, and governance
Affiliation VCs introduce an explicit trust assumption: if issuers are not credible, then conflict-of-interest screening and authorship validation lose reliability. We therefore make issuer onboarding and governance explicit rather than implicit.
4.1.6.1 Issuer types
In the envisaged deployment, AffiliationVCs are issued primarily by:
Accredited universities and research institutions (e.g., holders of recognized degree-granting authority);
Research-performing organizations (e.g., institutes, hospitals) and, where appropriate, funders for grant-linked roles;
Publisher groups or learned societies for editorial and reviewer roles.
Each issuer is represented by a DID (e.g., did:web:university-domain or an equivalent method; see §3.4) and signs credentials under its own keys.
4.1.6.2 Onboarding and verification
Issuers are onboarded under a consortium
trust framework, which may include:
Domain verification: the DID method binds the issuer to control of a domain associated with the institution (e.g., university.edu); DNS- or HTTPS-based proofs can be used at onboarding time.
Legal agreements: memoranda of understanding or contracts that specify responsibilities for accurate issuance, timely revocation, and data protection.
KYC/AML checks: for private or commercial entities, the consortium can require basic KYC/AML screening before recognizing them as trusted issuers of AffiliationVCs.
The consortium’s governing body or a designated committee verifies each issuer’s credentials and compliance with these requirements during the onboarding process. The resulting list of trusted issuer DIDs is published as part of the consortium configuration and referenced in verification policies for journals and auditor backends.
4.1.6.3 Handling bad or compromised issuers
If an issuer is later found to be compromised, negligent, or malicious (e.g., issuing fictitious affiliations), the consortium can:
Mark the issuer DID as untrusted in verification policies, causing future verifications of its credentials to fail;
Require the issuer (or its legal successor) to publish revocation lists that invalidate previously issued AffiliationVCs;
Anchor a governance decision on the registry, documenting the issuer’s removal for auditability.
These mechanisms do not eliminate the need for institutional governance, but they make issuer assumptions explicit and auditable, rather than relying on opaque, ad hoc verification of affiliations. In this sense, AffiliationVCs are no more “centralized” than current affiliation letters or HR attestations, but they are better structured for automated and privacy-preserving verification.
4.1.7 Institution normalization and COI correctness
The correctness of the non-intersection COI proof in §4.6 depends critically on how affiliations are normalized before hashing. If two records that refer to the same institution are normalized differently (e.g., “Univ. of X” vs. “University of X″ vs. an internal acronym), the system may treat them as distinct and fail to detect a genuine conflict.
To mitigate this risk, we assume that both author and reviewer affiliations are mapped to canonical institutional identifiers via a shared authority file, such as ROR or GRID IDs, or a curated consortium registry. We write
where
is a stable identifier for the institution. In practice, normalization may proceed as follows:
At submission time, authors select their institution from a controlled vocabulary (e.g., search over ROR/GRID) rather than providing free text;
When issuing AffiliationVCs, institutions embed their own canonical identifier in the credentialSubject, so that reviewer wallets do not rely on local string heuristics;
Journals reject submissions or reviews where affiliations cannot be mapped unambiguously to a canonical identifier.
Even with such measures, residual risks remain. Inconsistent normalization can lead to false negatives (missed conflicts), whereas overly aggressive normalization could, in principle, merge distinct entities and yield false positives. In our deployment plan (§4.10), we therefore treat normalization quality as a first-class concern: pilot evaluations should track how often manual overrides are required, and governance documents should specify how the consortium curates and updates its institutional registry. The ZK construction itself remains agnostic to the particular identifier scheme, provided that a deterministic is applied consistently on both author and reviewer sides before hashing.
4.2 System architecture
The framework runs over a permissioned consortium registry and keeps all personal data and full VC payloads off-chain.
Figure 3illustrates the layers.
Blockchain (Registry) Layer: A permissioned ledger (e.g., Hyperledger Fabric) acts only as a trust registry for (i) fixed-size receipt hashes of verified events (consent, COI proof) and (ii) credential status artifacts (StatusList-style). Ordering uses Raft for predictable latency and high availability. No DIDs, plaintext VCs, names, affiliations, or other PII are written on-chain (see Section 4.3 for a justification of this choice).
Identity Layer: DIDs follow W3C DID Core; DID Documents are resolvable via their respective methods (e.g., did:web, did:peer) and are not stored on the registry. Journals, issuers, authors, and reviewers authenticate using their DIDs and associated keys.
Credential Layer: Verifiable Credentials (VCs) use the W3C VC Data Model. Two types are central: AffiliationVC (issuerholder) and ConsentToken VC (holderjournal, manuscript-bound). Both include credentialStatus pointers to a status list managed by the appropriate controller (institution or journal).
Consent Verification Layer: Journals request signed ConsentToken VCs from each co-author via DIDComm. After verifying signatures, schema, and status, the journal anchors only the hash of the verified object on the registry (no VC payloads).
Privacy Layer (COI): Prior to reviewer assignment, the journal runs a zero-knowledge (ZK) non-intersection check: reviewers prove that their (salted, hashed) affiliations do not intersect the (salted, hashed) author set. Proofs are verified off-chain; only a proof receipt hash is anchored for audit.
FIGURE 3
4.3 Why a permissioned ledger instead of a local audit log?
One concern is whether a permissioned blockchain is necessary, or whether simpler tamper-evident mechanisms such as append-only logs or transparency logs would suffice. In a purely local setting—for example, a single journal maintaining its own records—an append-only Merkle log or key-transparency-style log would indeed be adequate to detect ex post modification of consent or COI records.
Our design targets a broader deployment setting in which multiple
independentjournals, publishers, and issuers participate in a shared infrastructure. In such a setting, a consortium ledger (the registry layer in §4) provides several advantages over isolated local logs:
Multi-writer setting. Consent and COI receipts are produced by different editorial systems and issuers. A permissioned ledger with a consensus protocol (e.g., Raft in Hyperledger Fabric) provides a consistent, append-only log of events across all participants, without requiring any single journal to be the ultimate source of truth.
Shared auditability. External auditors (e.g., learned societies, funders, ethics committees) may need to verify that consent and COI checks were performed as claimed. A consortium-managed ledger allows them to validate receipt hashes and status bits without relying on one party’s internal database or log implementation.
Cross-organizational events. Existing SSI status mechanisms (e.g., StatusList-style revocation) cover the validity of credentials issued by a single issuer, but they do not record cross-organizational events such as “journal verified all ConsentToken VCs for manuscript at time ” or “reviewer produced a valid COI non-intersection proof for ”. The registry fills this gap by anchoring hashes of such verification receipts in a way that all consortium members can query.
Governance and continuity. A consortium ledger makes governance explicit: membership, endorsement policies, and read/write permissions are encoded in the network configuration. This reduces reliance on the longevity or benevolence of any single organization and supports long-term auditability, even if individual participants change systems or ownership.
At the same time, we deliberately restrict the ledger to the minimal registry role described in Section 4: only fixed-size hashes and status bits are recorded on-chain, while DIDs, Verifiable Credentials, and any personal data remain off-chain under the control of holders, issuers, and journals. For single-journal pilots, the same protocol can be instantiated using a local transparency log, and the ledger can be introduced incrementally when multi-party interoperability or shared auditability is required.
Read access in the baseline deployment is restricted to consortium participants; external verifiers (e.g., readers checking an article) interact with the system via journal- or publisher-operated APIs that query the registry on their behalf. This indirection reduces the exposure of raw ledger metadata to the general public and allows journals to enforce access controls and rate-limiting in line with their data protection policies.
4.4 Credential lifecycle workflow
Identity issuance. Institutions issue AffiliationVCs to authors and reviewers and publish revocation status (StatusList). DIDs resolve to DID Documents via their methods; no DIDs are written to the registry.
Submission and explicit consent. The submitting author provides manuscriptID and co-author DIDs. The journal requests a self-issued ConsentToken VC from each co-author over DIDComm. After verification (signature, schema, and status), the journal canonicalizes the verified object and anchors a receipt tuple
The manuscript cannot advance to review unless
hasAllConsentsholds (at least one non-revoked ConsentToken per listed co-author).
3. COI screening (privacy-preserving). The journal normalizes author affiliations and publishes a session salt and the set of commitments with (SNARK-friendly hash ). A reviewer computes for each of their affiliations and proves in zero-knowledge that . The journal verifies off-chain and anchors the proof receipt hash as .
4. Metadata embedding and publication. Upon acceptance, the journal signs and embeds DID references and the registry transaction IDs (consent and COI receipts) into JATS/PDF metadata; no PII or VC payloads are embedded in the registry. Post-publication verification recomputes file hashes and checks receipt existence/status.
4.5 Credential revocation and auditability
Revocation follows a StatusList-style mechanism. Each VC carries a credentialStatus pointer and index. Institutions control AffiliationVC status; journals control ConsentToken status (e.g., withdrawal or dispute). Verifiers must check status at verification time.
The registry’s append-only receipts provide an immutable audit of (i) verified consent events and (ii) verified COI proofs, without exposing PII or VC payloads. If consent is later withdrawn, the status bit is flipped; future verifications fail while the historic receipt remains available for audit and dispute resolution.
4.6 Zero-knowledge non-intersection construction and security
We now make the zero-knowledge (ZK) conflict-of-interest check from §4.1 concrete. Intuitively, a reviewer proves that none of their institutional affiliations intersect the set of author affiliations for a given manuscript, without revealing either side in the clear. We formalize the statement, describe a baseline circuit, and briefly discuss the choice of proof system and its security properties.
4.6.1 Statement and relation
For a manuscript, the journal computes a session-specific salt and a set of author commitmentswhere is a SNARK-friendly hash (e.g., Poseidon) and maps free-text affiliations to canonical identifiers (see §4.1.7).
A reviewer holds affiliations as part of one or more AffiliationVCs. The non-intersection statement we wish to prove is:
We define the NP relation over public input and witness as:
The ZK proof convinces the verifier that without revealing the values.
4.6.2 Circuit sketch
In a zk-SNARK setting, we encode
as an arithmetic circuit (or R1CS). For each affiliation
in the witness, the circuit performs:
Computes inside the circuit.
Enforces that for all .
A simple inequality constraint can be expressed using the standard “inverse trick”: for each pair the circuit introduces a witness variable and enforcesIf , then Equation 1 would require , which is unsatisfiable. Conversely, whenever the prover can set in the field, making the constraint hold. Thus, the circuit enforces for all , and hence non-intersection.1
The resulting constraint system is in the baseline construction, where is the number of (distinct) author affiliations and is the number of reviewer affiliations. In typical editorial settings is small (often ) and is bounded by the number of authors and their institutions. For larger , Merkle-tree or accumulator-based variants can reduce complexity to ; we leave their implementation to future work and focus on the simpler, more transparent baseline.
4.6.3 Instantiation choice
For an initial prototype we assume a pairing-based zk-SNARK such as Groth16, as implemented in mature libraries (e.g., Circom/snarkjs or Bellman). Groth16 offers:
Succinct proofs (a few hundred bytes) suitable for embedding in editorial backends;
Fast verification (milliseconds on commodity servers) even for tens of thousands of constraints;
Well-understood tooling and deployments in adjacent domains.
The main trade-off is the need for a trusted setup per circuit. In our use case, the COI-check circuit is fixed and can be generated once under consortium governance; the structured reference string can then be reused by all participating journals and reviewers. Alternative proof systems (PLONK, Halo2, zk-STARKs) with universal or transparent setups are discussed in §4.7.
4.6.4 Security discussion
Under the soundness and zero-knowledge guarantees of the chosen zk-SNARK:
Completeness. Honest reviewers with affiliations that are genuinely disjoint from can always generate a satisfying witness, and thus a valid proof, for the circuit encoding Equation 1.
Soundness. A malicious reviewer whose affiliation set intersects would need to satisfy Equation 1 with some such that , which is impossible. Any prover that could nevertheless produce an accepting proof would break SNARK soundness.
Zero-knowledge. By construction, the only public inputs are the salt and the commitments (already known to the journal). The affiliations remain in the witness, and their hashed images do not appear as public inputs. By the ZK property of the SNARK, the verifier learns nothing about beyond the non-intersection statement.
This construction directly addresses adversary (A2) in §3.6: a reviewer with an undisclosed conflict cannot produce a valid proof without breaking SNARK soundness, while adversaries (A3) and (A4) are mitigated by the use of salted commitments and zero-knowledge, aligned with goals (G3) and (G5).
4.7 Comparison of candidate ZK proof systems
The non-intersection circuit in §4.6 can be instantiated with several modern zero-knowledge proof systems. Table 2 summarizes four widely used families along qualitative dimensions relevant to our setting: trusted setup requirements, proof size, verifier cost, prover cost, hardware expectations, and ecosystem maturity.
TABLE 2
| Property | Groth16 | PLONK-style | Halo2-style | zk-STARK |
|---|---|---|---|---|
| Setup | Circuit-specific trusted setup | Universal trusted setup | Universal trusted setup | Transparent (no trusted setup) |
| Proof size | Very small (constant-size) | Small (polylogarithmic) | Small/medium | Larger (kilobytes to tens of kilobytes) |
| Verifier time | Very fast | Fast | Fast | Moderate (hash-intensive) |
| Prover time | Fast for small/medium circuits | Moderate; improves with batching | Higher, but supports recursion well | Higher, but highly parallelizable |
| Post-quantum | No | No | No | Yes (hash-based) |
| Implementation maturity | Widely deployed; mature tooling | Rapidly maturing; ecosystem growing | Active development; used in recursive settings | Growing adoption; used in rollups and L2s |
| Hardware expectations | Commodity server/desktop | Commodity server/desktop | Commodity server/desktop | Server or cluster recommended for large circuits |
Qualitative comparison of candidate ZK proof systems for the COI non-intersection circuit.
For the initial prototype we favour a Groth16-style zk-SNARK due to its extremely small proofs, low verification cost in editorial backends, and availability of mature tooling and audited implementations. The primary drawback—a circuit-specific trusted setup—is mitigated by the fact that the conflict-of-interest circuit is fixed and can be generated once under consortium governance.
At the same time, the framework is deliberately proof-system-agnostic. In deployments where avoiding a trusted setup is paramount, a zk-STARK instantiation could be preferable, at the cost of larger proofs and higher verifier overhead. Universal-setup systems such as PLONK or Halo2 provide a middle ground, allowing multiple circuits (e.g., different COI policies) to share a single structured reference string, and enabling recursive aggregation of proofs if needed for batched verification across many manuscripts. We therefore treat Groth16 as a pragmatic baseline rather than a hard requirement.
4.8 Complexity and indicative performance
The non-intersection circuit described in §4.6 has baseline complexity constraints, where is the number of distinct author affiliations for a manuscript and is the number of affiliations held by the reviewer. In typical editorial settings we expect to be small (often ) and to be bounded by the number of authors and their institutions, yielding circuits in the low tens of thousands of constraints for the baseline construction. Merkle-tree or accumulator variants can reduce the complexity to at the cost of slightly more complex circuits; we leave their implementation to future work and focus here on the transparent baseline.
To address concerns about processing requirements in multi-author, multi-reviewer scenarios, Table 3 provides an indicative mapping from problem size to circuit size and expected prover and verifier effort under a Groth16-style zk-SNARK, as selected in Section 4.7. The values are extrapolated from published Groth16 benchmarks, where circuits with roughly constraints exhibit proving times on the order of 3 seconds and verification times in the low millisecond range on commodity hardware (Vinaik, 2025).2
TABLE 3
| Scenario | Approx. constraints | Prover/Verifier cost | ||
|---|---|---|---|---|
| Small manuscript (single institution; few authors) | 5 | 1–2 | – | Prover s; verifier ms |
| Medium manuscript (multiple institutions; typical COI check) | 15 | 2–3 | – | Prover –0.5 s; verifier ms |
| Large collaboration (many institutions) | 30–40 | 3–4 | – | Prover –3 s; verifier ms |
Indicative complexity and resource requirements for the COI non-intersection circuit under a Groth16-style zk-SNARK. Values are extrapolated from existing Groth16 benchmarks and should be interpreted as order-of-magnitude estimates rather than measurements of our implementation.
These magnitudes are compatible with editorial workflows in which proof generation runs on a journal or publisher backend rather than on end-user devices. For more demanding settings (e.g., very large author lists or resource-constrained devices), several optimizations are available: (i) replacing the inequality checks with Merkle or accumulator membership gadgets; (ii) batching multiple COI proofs and aggregating them using recursive proof systems such as Halo2 or PLONK-style schemes (§4.7); or (iii) offloading heavy proving to specialized prover services or accelerators (Garg et al., 2023; Vinaik, 2025). A full empirical evaluation across different proof systems and circuit variants is outside the scope of this design-oriented contribution and is left as future work.
4.9 Registry/chaincode interface (permissioned ledger)
We target a consortium-managed permissioned registry (e.g., Hyperledger Fabric with Raft) whose on-chain state is limited to
fixed-size hashes and status bits. No DIDs, names, affiliations, or full VC payloads are stored on the ledger. The registry exposes a minimal API to:
Anchor hashes of verified consent receipts and COI proof receipts for a salted manuscript alias;
Expose StatusList-style revocation bits for issuer- or journal-controlled status lists; and
Support aggregate checks such as whether all required consents have been recorded for a manuscript.
Write access is restricted to consortium members in specific roles (e.g., journals for receipt anchoring, issuers and journals for status updates); read access is consortium-public, with external verifiers typically interacting via journal- or publisher-operated APIs rather than directly with the ledger.
A concrete chaincode sketch with example function signatures is provided in Supplementary Appendix 3; the framework itself is agnostic to the specific smart contract platform as long as it provides an append-only log of receipt hashes and status artifacts under consortium governance.
4.10 Deployment and pilot plan
A pragmatic pilot will (1) enforce per-author ConsentToken collection with a hasAllConsents gate prior to review, (2) introduce ZK COI proofs for a subset of reviewer assignments, and (3) embed consent/COI receipt TXIDs in JATS/PDF and Crossref deposits. It will track: fraction of manuscripts with complete consent before review, consent turnaround time, COI proof verification rate, ZK prover time versus author-set size, and confirmation that registry contents remain limited to cryptographic receipts and status artifacts.
5 Discussion and evaluation
We assess the feasibility and perceived value of the proposed SSI-based framework using a formative stakeholder survey and discuss implications, limitations, and next steps. Our aim is to provide design guidance rather than summative effectiveness claims.
5.1 Survey design and measurement
We conducted a small formative survey to elicit experiences and design preferences from stakeholders involved in scholarly publishing. The target population comprised individuals with current or recent roles as authors, reviewers, editors, publishers, or research administrators. Recruitment followed a snowball (referral) strategy: initial invitations were sent via professional mailing lists and institutional contacts, and recipients were encouraged to forward the survey to colleagues. Participation was voluntary and uncompensated. The survey remained open for approximately 4 weeks in 2024.
The final sample comprised respondents: 80 researchers/authors (50%), 38 reviewers (24%), 21 editors (13%), 10 publishers (6%), and 10 research administrators (6%). Item-level denominators vary () because some questions were optional or role-specific; for each quantitative item we therefore report the number of valid responses alongside proportions.
The instrument included four groups of items:
Demographics and roles. Multiple-choice questions captured primary role (author, reviewer, editor, publisher, administrator), discipline, and geographic region.
Experiences with authorship and COI issues. Frequency of unconsented authorship, gift/ghost authorship, exclusion of contributors, and suspected COI in peer review was measured on five-point Likert-type scales (“never”, “rarely”, “sometimes”, “often”, “very often”).
Perceptions of existing mechanisms. Perceived adequacy of current tools (e.g., ORCID, email-based consent, institutional policies) was assessed using agreement scales (from “strongly disagree” to “strongly agree”) and single-choice items (e.g., dominant mechanism used at the respondent’s institution).
Attitudes toward the proposed framework. Support for explicit, manuscript-bound consent tokens, privacy-preserving COI checks, and a consortium registry was measured on five-point agreement scales, while implementation concerns (privacy, complexity, integration) and feature priorities (integration, automation, audit trails, notifications, mobile access) were captured via multi-select questions with ranked importance.
For descriptive results we report response counts and proportions. Given the non-probability sampling and uneven item-level , inferential statistics are not appropriate; instead, for key proportions we compute Wilson 95% confidence intervals to convey uncertainty (see Supplementary Appendix 1). We therefore treat the findings as design signals for feature prioritization rather than population estimates of prevalence or support.
5.2 Key findings
The survey highlighted several recurring themes in current authorship validation practices and stakeholder perceptions. Key findings and their implications are summarized below.
Prevalence of problematic authorship. Respondents reported encountering unconsented/gift authorship and exclusion of contributors with non-trivial frequency (Figure 4). This reinforces the need for verifiable, manuscript-bound consent rather than email-based or informal attestations.
Current validation mechanisms. A substantial share indicated absent or informal mechanisms (e.g., email/written consent) and limited integration with identity infrastructure (Figure 5). This motivates a low-friction consent artifact (ConsentToken VC) and a gate (hasAllConsents) before review assignment.
Perceptions of existing platforms. Many respondents did not view current platforms (e.g., ORCID) as sufficient for consent enforcement (Figure 6). This supports our positioning of ORCID for disambiguation, with consent captured as a separate, verifiable event.
Support for consent + privacy. There was strong stated support for a consent-based system with privacy-preserving COI checks (Figure 7). This directly informed our inclusion of a ZK non-intersection proof so that reviewers need not reveal affiliations. Perceived benefits of the proposed system are summarized in Figure 8.
Implementation concerns. Top concerns were privacy, technical complexity, and integration with existing pipelines (Figure 9). These shaped design choices: off-chain PII with on-chain hashes/status only, a permissioned registry for predictable latency and no gas costs, and strict alignment with W3C DID/VC and StatusList for interoperability.
Feature priorities for adoption. Respondents prioritized integration with existing publishing platforms and automated verification, followed by audit-trail capabilities and real-time notifications; mobile accessibility trailed (Figure 10).
FIGURE 4
FIGURE 5
FIGURE 6
FIGURE 7
FIGURE 8
FIGURE 9
FIGURE 10
Beyond the items summarized above, several additional results further contextualize the problem and perceived value of a consent-based system. First, respondents viewed unethical authorship as substantively harmful: across three practices, roughly half to two-thirds rated the impact as “very serious” or “extremely serious”—including (53%) for inclusion of authors for reasons unrelated to contribution, (53%) for addition of senior researchers without explicit consent, and (68%) for exclusion of contributors who deserve authorship. Personal exposure was also common: just over half of respondents (53%) reported pressure to add someone as an author despite minimal contribution, (32%) reported being added as an author without their knowledge, and only (26%) selected “none of the above.”
Second, support extended beyond a single adoption item to specific features and expected benefits. For example, respondents (78%) agreed or strongly agreed that real-time notifications about authorship status would be useful. When asked about potential benefits of such a system, the most frequently selected options were “improved integrity of research” (78%), “reduction in unethical practices” (61%), and “increased trust in authorship claims” (56%), with about half (50%) also anticipating better management of citation metrics. Likewise, Likert items about transparency, reduced unethical practices, enhanced trust, and addressing a significant need yielded weighted averages between 3.5 and 4.0 on a 5-point scale (where 3 = “neither agree nor disagree” and 4 = “agree”), indicating that median responses lay between “agree” and “strongly agree” rather than being neutral.
5.3 Implications
Taken together, the findings suggest that stakeholders perceive unethical authorship practices, such as unconsented and ghost authorship, as a meaningful problem and view existing mechanisms as insufficiently robust. The proposed SSI- and blockchain-based framework addresses these concerns by establishing tamper-evident records of authorship consent and verifiable contribution metadata, and by supporting COI screening without exposing affiliations.
The reported support for integration and automation indicates that adoption will depend heavily on how seamlessly the framework fits into existing publishing workflows. At the same time, concerns about privacy, technical complexity, and platform integration highlight critical areas for careful attention in deployment. Effective implementation will require targeted educational efforts, pilot deployments with clear KPIs, and incremental integration with current systems. If these challenges are addressed, the framework has the potential to improve accountability and trust in authorship and peer review processes.
5.4 Limitations
Our contribution is primarily design-oriented, and several limitations follow from this positioning. As discussed in §5.1 and Supplementary Appendix 1, the stakeholder survey is explicitly treated as formative rather than representative: it relies on snowball sampling, small and uneven item-level denominators, and self-report Likert-type items. We therefore use the survey only to obtain design signals and feature priorities, not to estimate population-level prevalence or support. Future work should combine such perceptions with behavioural data from live deployments (e.g., observed consent completion rates and COI check usage).
Second, the technical architecture has not yet been evaluated through a full implementation. We specify a concrete non-intersection circuit, discuss candidate proof systems, and provide order-of-magnitude complexity estimates based on existing Groth16 benchmarks (§4.6, §4.8), but we do not report end-to-end latency, prover performance across real manuscripts, or registry throughput under load. The deployment plan in §4.10 is intended to address this by instrumenting a pilot with explicit KPIs (consent turnaround time, COI proof verification rate, prover time as a function of and , zero on-chain PII).
Third, several critical aspects of trust and data quality are handled by governance rather than cryptography. AffiliationVCs depend on credible issuers and robust onboarding (domain verification, legal agreements, KYC/AML for private entities) as outlined in §4.1.6; if issuers behave maliciously or negligently, the system can revoke and de-trust them, but it cannot prevent all bad issuance a priori. Likewise, correct conflict-of-interest detection hinges on consistent institutional normalization (§4.1.7): residual false negatives remain possible if affiliations cannot be mapped cleanly to canonical identifiers (e.g., ROR–Research Organization Registry–IDs or the older GRID IDs), and pilot evaluations should explicitly monitor and mitigate such cases.
Fourth, although the registry stores only fixed-size hashes and status bits, side channels and linkage risks remain. An adversary with access to both the ledger and editorial systems could, in principle, exploit timing correlations, transaction patterns, or metadata in JATS/PDF files (e.g., embedded transaction identifiers) to infer relationships across manuscripts. We partially mitigate this by using salted manuscript aliases, avoiding on-chain DIDs or affiliations, and supporting batching or delayed anchoring (§4.3), but a formal analysis of linkability and traffic-analysis-style attacks is left to future work.
Finally, introducing a consortium registry and SSI-based workflows imposes non-trivial organizational overhead. Participating journals, publishers, and institutions must agree on governance (trust framework, issuer onboarding and removal, dispute resolution, retention policies, cross-border hosting), and stakeholders require training and appropriate wallet UX (key management, recovery, multi-device use). While these challenges are comparable to those faced by other shared infrastructures (e.g., ORCID, Crossref), our design does not resolve them; instead, it aims to make assumptions explicit and to provide technical hooks (status lists, receipt anchoring, DID-based policies) that such governance frameworks can build upon.
6 Conclusion
We presented a standards-aligned framework that treats authorship consent as a verifiable event and conflict-of-interest (COI) screening as a privacy-preserving proof. The design comprises four concrete primitives: (i) a manuscript-bound ConsentToken VC issued by each co-author; (ii) a ZK non-intersection proof over salted commitments for COI; (iii) StatusList-style revocation for both affiliation and consent; and (iv) an append-only receipt registry that anchors only fixed-size hashes and status artifacts. Personal data and full VC payloads remain off-chain. The permissioned registry (Raft-ordered) provides predictable latency, auditability, and consortium governance without gas costs, while alignment with W3C DID/VC, DIDComm, and StatusList enables incremental integration with ORCID, Crossref, and ROR/GRID (cf.Section 4.1; Section 4.10).
Our formative survey (snowball sample) signaled strong support for explicit, manuscript-bound consent and private COI checks, and highlighted concerns—privacy, technical complexity, and integration—that directly shaped our choices: off-chain PII with hash/status-only anchoring, interoperable VC/DID schemas, and lightweight JATS/PDF metadata embedding with opaque receipt references (Section 5). Together, these elements provide a deployable path that improves transparency and accountability without disrupting existing publishing infrastructure.
As immediate next steps, we will run a limited pilot and evaluate consent completion, turnaround, COI proof verification, prover time, and confirmation of zero on-chain PII, as detailed in Section 4.10.
Future work. Implement and benchmark the registry/wallet flows; compare COI circuits (baseline equality vs. accumulator/Merkle variants); run usability studies for consent/withdrawal and reviewer proofs; formalize linkability/privacy bounds under salted aliases; and publish governance templates (trust framework, issuer onboarding, status-list operations). Extending attestations beyond authors (e.g., data curators, software contributors) is a natural next step toward richer, verifiable contribution records.
Overall, the proposed primitives and deployment plan offer a concrete, interoperable route to strengthen ethical authorship validation, while preserving privacy and compatibility with existing scholarly ecosystems.
Statements
Data availability statement
The original contributions presented in the study are included in the article/Supplementary Material, further inquiries can be directed to the corresponding author.
Ethics statement
This study involved human participants through an online perception survey. Electronic informed consent was obtained: participants were required to affirmatively select “I agree” on a consent screen before accessing the survey. Participation was voluntary and no personally identifying information was collected or stored. The study was conducted in accordance with applicable institutional ethical requirements.
Author contributions
KA-S: Methodology, Conceptualization, Project administration, Writing – review and editing, Visualization, Formal Analysis, Writing – original draft, Data curation, Resources. YA: Validation, Writing – review and editing, Supervision, Investigation.
Funding
The author(s) declared that financial support was not received for this work and/or its publication.
Conflict of interest
The author(s) declared that this work was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.
Generative AI statement
The author(s) declared that generative AI was not used in the creation of this manuscript.
Any alternative text (alt text) provided alongside figures in this article has been generated by Frontiers with the support of artificial intelligence and reasonable efforts have been made to ensure accuracy, including review by the authors wherever possible. If you identify any issues, please contact us.
Publisher’s note
All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article, or claim that may be made by its manufacturer, is not guaranteed or endorsed by the publisher.
Supplementary material
The Supplementary Material for this article can be found online at: https://www.frontiersin.org/articles/10.3389/fbloc.2025.1730645/full#supplementary-material
Footnotes
1.^We assume the SNARK-friendly hash has negligible collision risk; equality in the field corresponds to an actual hash match.
2.^We use these benchmarks only to derive order-of-magnitude expectations; an implementation-specific evaluation of our circuit is left to future work.
References
1
BaiY.LeiH.LiS.GaoH.LiJ.LiL. (2022). “Decentralized and self-sovereign identity in the era of blockchain: a survey,” in 2022 IEEE international conference on blockchain (Blockchain), 500–507. 10.1109/Blockchain55522.2022
2
BelchiorR.PutzB.PernulG.CorreiaM.VasconcelosA.GuerreiroS. (2020). “Ssibac: Self-sovereign identity based access control,” in 2020 IEEE 19th international conference on trust, security and privacy in computing and communications (TrustCom), 1935–1943. 10.1109/TrustCom50675.2020.00264
3
BellK.KingoriP.MillsD. (2024). Scholarly publishing, boundary processes, and the problem of fake peer reviews. Sci. Technol. & Hum. Values49, 78–104. 10.1177/01622439221112463
4
BeştaşM.TaşR.AkinE.Ozkan-OkayM.AslanÖ.AktuğS. S. (2023). A novel blockchain-based scientific publishing system. Sustainability15, 3354. 10.3390/su15043354
5
BistarelliS.MicheliF.SantiniF. (2023). A survey on decentralized identifier methods for self sovereign identity. ITASEC, 3488, 1–15.
6
ButincuC. N.AlexandrescuA. (2024). Design aspects of decentralized identifiers and self-sovereign identity systems. IEEE Access12, 60928–60942. 10.1109/ACCESS.2024.3394537
7
DagherG. G.MohlerJ.MilojkovicM.MarellaP. B. (2018). Ancile: Privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustain. Cities Soc.39, 283–297. 10.1016/j.scs.2018.02.014
8
GargS.GoelA.JainA.PolicharlaG.-V.SekarS. (2023). {zkSaaS}: {Zero-Knowledge} {SNARKs} as service. In 32nd USENIX Security symposium (USENIX security 23). 4427–4444.
9
HaakL. L.FennerM.PaglioneL.PentzE.RatnerH. (2012). Orcid: a system to uniquely identify researchers. Learn. Publishing25, 259–264. 10.1087/20120404
10
JavaidM.HaleemA.Pratap SinghR.KhanS.SumanR. (2021). Blockchain technology applications for industry 4.0: a literature-based review. Blockchain Res. Appl.2, 100027. 10.1016/j.bcra.2021.100027
11
JohannD. (2022). Perceptions of scientific authorship revisited: country differences and the impact of perceived publication pressure. Sci. Eng. Ethics28, 10. 10.1007/s11948-021-00356-z
12
LuxZ. A.ThatmannD.ZickauS.BeierleF. (2020). “Distributed-ledger-based authentication with decentralized identifiers and verifiable credentials,” in 2020 2nd conference on blockchain research & applications for innovative networks and services (BRAINS), 71–78. 10.1109/BRAINS49436.2020.9223292
13
MackeyT. K.ShahN.MiyachiK.ShortJ.ClausonK. (2019). A framework proposal for blockchain-based scientific publishing using shared governance. Front. Blockchain2, 19. 10.3389/fbloc.2019.00019
14
MohanV. (2019). On the use of blockchain-based mechanisms to tackle academic misconduct. Res. Policy48, 103805. 10.1016/j.respol.2019.103805
15
NaikN.JenkinsP. (2020). “Governing principles of self-sovereign identity applied to blockchain enabled privacy preserving identity management systems,” in 2020 IEEE international symposium on systems engineering (ISSE), 1–6. 10.1109/ISSE49799.2020.9272212
16
NovotnyP.ZhangQ.HullR.BasetS.LaredoJ.VaculinR.et al (2018). Permissioned blockchain technologies for academic publishing. Inf. Serv. Use38, 159–171. 10.3233/ISU-180020
17
Pava DiazR. A.Paez MendezR. V.Niño VasquezL. F. (2023). A bibliometric study of scientific production on self-sovereign identity. Ingeniería28, e19656. 10.14483/23448393.19656
18
PreukschatA.ReedD. (2021). Self-Sovereign identity: decentralized digital identity and verifiable credentials (manning)
19
SamirE.WuH.AzabM.XinC.ZhangQ. (2022). Dt-ssim: a decentralized trustworthy self-sovereign identity management framework. IEEE Internet Things J.9, 7972–7988. 10.1109/JIOT.2021.3112537
20
SchardongF.CustódioR. (2022). Self-sovereign identity: a systematic review, mapping and taxonomy. Sensors22, 5641. 10.3390/s22155641
21
SinghalS.KalraB. S. (2021). Publication ethics: role and responsibility of authors. Indian J. Gastroenterology40, 65–71. 10.1007/s12664-020-01129-5
22
SkalaK.ŠojatZ.MaričevićJ.DavidovićD.BojovićV.ZubčićT.et al (2024). Prospects of digital scientific publishing on blockchain: the concept of dap [version 2; peer review: 3 approved, 2 approved with reservations, 1 not approved]. Open Res. Eur.3, 117. 10.12688/openreseurope.15771.2
23
SoltaniR.NguyenU. T.AnA. (2021). A survey of self-sovereign identity ecosystem. Secur. Commun. Netw.2021. 10.1155/2021/8873429
24
StockburgerL.KokosioulisG.MukkamalaA.MukkamalaR. R.AvitalM. (2021). Blockchain-enabled decentralized identity management: the case of self-sovereign identity in public transportation. Blockchain Res. Appl.2, 100014. 10.1016/j.bcra.2021.100014
25
TarkhanovI.Fomin-NilovD.FominM. (2019). Application of public blockchain to control the immutability of data in online scientific periodicals. Libr. Hi Tech.37, 829–844. 10.1108/lht-12-2018-0186
26
TennantJ. P. (2018). The state of the art in peer review. FEMS Microbiol. Lett.365, fny204. 10.1093/femsle/fny204
27
TennantJ. P.Ross-HellauerT. (2020). The limitations to our understanding of peer review. Res. Integr. Peer Rev.5, 6. 10.1186/s41073-020-00092-1
28
Tenorio-FornésÁ.TiradorE. P.Sánchez-RuizA. A.HassanS. (2021). Decentralizing science: towards an interoperable open peer review ecosystem using blockchain. Inf. Process. & Manag.58, 102724. 10.1016/j.ipm.2021.102724
29
Van NoordenR. (2023). More than 10,000 research papers were retracted in 2023—a new record. Nature624, 479–481. 10.1038/d41586-023-03974-8
30
VinaikR. (2025). Groth16 zk-snarks: production implementation and optimization. Available online at: https://rohanv.me/papers/Groth16_ZK_SNARKs.html (Accessed December 5, 2025).
31
YinX. (2023). Blockchain technology in corporate governance: advantages and limitations. Acad. J. Bus. & Manag.5 (11), 89–103. 10.25236/AJBM.2023.051115
32
Yli-HuumoJ.KoD.ChoiS.ParkS.SmolanderK. (2016). Where is current research on blockchain technology? a systematic review. PLOS ONE11, 1–27. 10.1371/journal.pone.0163477
Summary
Keywords
authorship consent, conflict-of-interest screening, decentralized identifiers, peer review integrity, permissioned blockchain, self-sovereign identity, verifiable credentials, zero-knowledge proofs
Citation
Al-Sabahi K and Al Mabsali YK (2026) Self-sovereign identity for verifiable authorship consent and privacy-preserving conflict-of-interest screening in academic publishing: a permissioned blockchain registry approach. Front. Blockchain 8:1730645. doi: 10.3389/fbloc.2025.1730645
Received
23 October 2025
Revised
08 December 2025
Accepted
23 December 2025
Published
01 April 2026
Volume
8 - 2025
Edited by
Jiaming Pei, The University of Sydney, Australia
Reviewed by
Haotian Wu, Torrens University Australia - Surry Hills Central Sydney Campus, Australia
Mansur Beştaş, Bitlis Eren University, Türkiye
Updates
Copyright
© 2026 Al-Sabahi and Al Mabsali.
This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) and the copyright owner(s) are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.
*Correspondence: Kamal Al-Sabahi, kamal@cbfs.edu.om
Disclaimer
All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.