veramo
veramo copied to clipboard
decentralized-identity
LD Proof Support for BBS+
As an implementer I would like to use BBS+ Signatures as a Veramo module, in order to create and verify credentials with that signature suite.
Acceptance Criteria
- Provide a Veramo Module for BBS+ that can by dynamically added to a Veramo configuration
- Implementation template code for JS is probably the implementation by MATTR (https://w3c-ccg.github.io/ldp-bbs2020/)
- Analyze the dependency to crypto primitives (e.g. currently that's a WASM dependency in browser for the MATTR implementation)
- Design and update solution to support the Veramo KMS interface
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Is there a good way to keep updated on the status of BBS+ proof support for Veramo besides this issue?
This is it, but there hasn't been significant progress on BBS+ recently.
The biggest blocker until recently was generic support for JSON-LD proofs. Now that we have that, next steps are support for BLS keys and a signature suite for BBS+.
Are there already libraries or solutions that you are using for this? We should be able to create some adapters for veramo.
@mirceanis That is great, it seems like there's consensus that BBS+ is a key in solving some of the challenges around VCs today.
Mattr have this library for generating BBS signatures/proofs, I'm guessing it could be either used directly in an adapter or as inspiration for writing a custom library: https://github.com/mattrglobal/bbs-signatures
They use it in this library to create JSON-LD BBS proofs: https://github.com/mattrglobal/jsonld-signatures-bbs
This is it, but there hasn't been significant progress on BBS+ recently.
The biggest blocker until recently was generic support for JSON-LD proofs. Now that we have that, next steps are support for BLS keys and a signature suite for BBS+.
Are there already libraries or solutions that you are using for this? We should be able to create some adapters for veramo.
The docknetwork team has implemented BBS+ together with ZKP-related functionalities in their wallet already: https://github.com/docknetwork/crypto-wasm-ts#bbs-signature
can we consider this a solution? https://github.com/zkorum/veramo-plugin-anonymous-credential
can we consider this a solution? https://github.com/zkorum/veramo-plugin-anonymous-credential
Hi, I am the maintainer of that repo. I started it because I plan to work on it, but I haven't had time to proceed with coding, as I am focused on other priorities.
At this point, you can discard it entirely.
In case it can help anyone, here is the transcript of the Discord conversation I had with @mirceanis about it. Seems like it is one or two days of work to get it done, but I just always had other priorities...
Nicolas: Hi there! I am considering integrating this crypto library with Veramo: https://github.com/docknetwork/crypto-wasm-ts Where to start?
Mircea:
The easiest way would be to create a plugin.
From the looks of it, it seems that the best fit for it would be as a replacement for the @veramo/kms-local plugin.
Since it's a wasm library, it won't work easily in react-native, and that is a constraint that we impose on the code in the veramo repository. You would be able to run your plugin in other platforms, though.
Nicolas: I'm working on a PWA so react-native isn't an issue. The library contains a presentation spec with many non standard functionalities such as attributes equality, pseudonyms, circom circuits, verifiable encryption or blind signing. How can I map this presentation spec with the Verifiable Presentation object in Veramo?
Mircea: That's a very good question, which I can try to answer on the spot, but which will likely require some deeper analysis on our part.
From Veramo's perspective, presentations are just some objects, that have a schema that looks like the one from the W3C VC spec.
If a presentation matches that schema, (has a "holder", has a "proof", has a "verifiableCredential" array), then it's going to be parsed properly.
Parsing it matters when you try to verify or store the presentation in a database.
Storage should not raise too many problems since it also gets stored in raw form.
For verification, it has to have a proof property that is then matched by one of the signature suites passed to the credential-ld plugin during setup.
You could also build a more loosely coupled plugin that doesn't try to map to the existing credential/presentation stack.
This plugin would have its own methods for creating, deriving, and verifying credentials and presentations.
I imagine a more loosely coupled plugin would still be able to use the DID resolution and management, and the key management logic from other veramo plugins.
I can also imagine a key management system implementation that adds bbs+ support using the wasm crypto lib.
I guess verifiable credentials would still be used, but with much stricter schema requirements, based on what I observe from skimming through the crypto-wasm lib
Nicolas: How would I write the loosely coupled plugin? Which package would I need to override?
The work for mapping this presentation spec defined in crypto-wasm-ts to verifiable presentation has already been done here: https://github.com/docknetwork/sdk/blob/master/src/presentation.js
This function https://github.com/docknetwork/sdk/blob/master/src/presentation.js#L164 is returning an instance of w3c verifiable presentation defined here https://github.com/docknetwork/sdk/blob/master/src/verifiable-presentation.js
Mircea: Oh, I wasn't aware of the dock network sdk. It seems the work I was talking about earlier is already mostly solved 🙂
With the mapping already existing, it means that at least the storage would work without any changes.
also, what we call createVerifiablePresentation in Veramo, seems to be equivalent to deriveCredentials in the dock sdk
now, about creating a plugin:
We have a plugin template repo which shows how to create several types of plugins: https://github.com/uport-project/veramo-plugin
The template can be used to create multiple types, but usually you'd only create one type of plugin What we call an agent plugin is what gets exposed as a top level method on a Veramo instance:
const agent = createAgent({
plugins: [
new CustomAgentPlugin(),
// ...
],
// ...
})
// and then you would use the plugin methods like:
agent.customMethodFromThePlugin({...})
you can discard the did-manager and key-manager folders from the template and maybe also ignore the event logic
The way I would start would be to create 4 methods (similar to the myPluginFoo() method in the template), for creating and verifying credentials and presentations, and using the dock SDK in them.
Then, once that works, I'd look at ways to integrate with the other Veramo plugins.
The easiest to integrate seems to be the did-resolver. The credentials and presentations created with the dock SDK seem to be suitable for storage in the @veramo/data-store, so that would be the next thing to try Later, the key management and DID management of Veramo can be leveraged.
Here, it would be a bit more complicated than before, as it looks like the dock SDK (or at least their examples) use private keys or keypairs directly, while the Veramo approach is to decouple key management from the crypto operations that can be done on keys
Nicolas: Thank you, that's super clear Mircea Its great of you to spend time explaining all that. Now, I just need to get to work! Will get back to you if i have more questions but what you presented should be enough to get started
Mircea: awesome! let us know how it goes
@nickz-t3 @nicobao I was also made aware of this project: https://github.com/pcibraro/veramo-bls-issuer I haven't checked it out yet, but linking it here for reference