vc-data-model icon indicating copy to clipboard operation
vc-data-model copied to clipboard

Published 20 hours ago verified publisher icon w3c

Potential improvements to section "5.8 Zero-Knowledge Proofs"

Open Sebastian-Elfors-IDnow opened this issue 2 years ago • 0 comments

Here are some suggestions on how section "5.8 Zero-Knowledge Proofs" in the W3C VC Data Model v1.1 could be improved.

The title may be changed to "Selective disclosure and unlikability" to make the section more generic and broaden the scope from Zero Knowledge Proof schemes to other techniques.

The list with "key capabilities" could be extended with one more option:

  • Create a list with hashed values of salted claims, and combine them into an object which is signed by the issuer. The holder can present the selected claims and related salts, and also provide the object with hashed salted claims, to the verifier. Thus, the verifier can check the validity of the presented claims and salts by hashing them, and compare them with the hash values in the provided object.

SD-JWT is an example of such salted claims in JSON format. SD-JWT is however a format, and needs to be complemented with a presentment format such as DIF Presentation Exchange and presentment protocols such as WACI-DIDComm or OIDC4VP. (Another example of the same technique is the MSO in ISO mDL 18013-5, which is used for offline selective disclosure; the MSO is however CBOR encoded and goes beyond the scope of JSON encoded VCs.)

As regards to the Zero Knowledge Proof protocols, the examples in section 5.8 could be extended with BBS Signature Scheme and zk-SNARK, in addition to the already described CL-signatures.

(Lastly, and this might be too protocol specific but could be mentioned for completeness within brackets: one more option for selective disclosure is for the verifier to request an OIDC ID Token with selected claims provided by the IdP. This is how the ISO mDL 18013-5 has designed selective disclosure for online verification. However, the ISO mDL model leaks information to the issuer's IdP, which could be a privacy issue under certain regulations, so a better option for such scenarios could be OIDC4VP in conjunction with SIOP2, whereby selected claims of a VC is presented to the verifier without the involvement of the issuer. The OIDC4VP protocol or a similar approach could potentially be described as an example in section 5.8.)

Sebastian-Elfors-IDnow avatar Oct 03 '22 09:10 Sebastian-Elfors-IDnow