On Cryptographic Mechanisms for the Selective Disclosure of Verifiable Credentials

TL;DR

This paper reviews cryptographic methods for privacy-preserving selective disclosure of verifiable credentials, analyzing their design, standardization, cryptographic properties, and performance through experiments.

Contribution

It provides a comprehensive comparison of cryptographic mechanisms for selective disclosure, including design, standardization status, and experimental performance evaluation.

Findings

BBS signatures support predicate proofs and unlinkability.

Hiding commitments like mdl ISO/IEC 18013-5 vary in cryptographic maturity.

Experimental results show trade-offs in credential size and verification time.

Abstract

Verifiable credentials are a digital analogue of physical credentials. Their authenticity and integrity are protected by means of cryptographic techniques, and they can be presented to verifiers to reveal attributes or even predicates about the attributes included in the credential. One way to preserve privacy during presentation consists in selectively disclosing the attributes in a credential. In this paper we present the most widespread cryptographic mechanisms used to enable selective disclosure of attributes identifying two categories: the ones based on hiding commitments - e.g., mdl ISO/IEC 18013-5 - and the ones based on non-interactive zero-knowledge proofs - e.g., BBS signatures. We also include a description of the cryptographic primitives used to design such cryptographic mechanisms. We describe the design of the cryptographic mechanisms and compare them by performing an analysis on their standard maturity in terms of standardization, cryptographic agility and quantum safety, then we compare the features that they support with main focus on the unlinkability of presentations, the ability to create predicate proofs and support for threshold credential issuance. Finally we perform an experimental evaluation based on the Rust open source implementations that we have considered most relevant. In particular we evaluate the size of credentials and presentations built using different cryptographic mechanisms and the time needed to generate and verify them. We also highlight some trade-offs that must be considered in the instantiation of the cryptographic mechanisms.