BLS-MT-ZKP: A novel approach to selective disclosure of claims from digital credentials

TL;DR

This paper introduces BLS-MT-ZKP, a new cryptographic method combining BLS signatures, Merkle trees, and Bulletproof zero-knowledge proofs to enable privacy-preserving selective disclosure in digital credentials.

Contribution

It presents a novel cryptographic approach that enhances selective disclosure in digital credentials, integrating multiple primitives for improved privacy and efficiency.

Findings

Achieved selective disclosure with privacy guarantees.

Validated approach through a practical proof-of-concept.

Demonstrated efficiency and security in performance tests.

Abstract

Digital credentials represent crucial elements of digital identity on the Internet. Credentials should have specific properties that allow them to achieve privacy-preserving capabilities. One of these properties is selective disclosure, which allows users to disclose only the claims or attributes they must. This paper presents a novel approach to selective disclosure BLS-MT-ZKP that combines existing cryptographic primitives: Boneh-Lynn-Shacham (BLS) signatures, Merkle hash trees (MT) and zero-knowledge proof (ZKP) method called Bulletproofs. Combining these methods, we achieve selective disclosure of claims while conforming to selective disclosure requirements. New requirements are defined based on the definition of selective disclosure and privacy spectrum. Besides selective disclosure, specific use cases for equating digital credentials with paper credentials are achieved. The proposed approach was compared to the existing solutions, and its security, threat, performance and limitation analysis was done. For validation, a proof-of-concept was implemented, and the execution time was measured to demonstrate the practicality and efficiency of the approach.