Compact and Selective Disclosure for Verifiable Credentials

TL;DR

This paper introduces CSD-JWT, a cryptographic mechanism for verifiable credentials that enables compact, privacy-preserving selective disclosure, significantly reducing memory and network usage, especially for resource-limited devices.

Contribution

It proposes a novel cryptographic accumulator-based method for compact and selective disclosure in verifiable credentials, with open-source implementation and extensive performance evaluation.

Findings

Memory usage reduced by up to 46%

Verifiable Presentation size decreased by 27% to 93%

Suitable for resource-constrained devices

Abstract

Self-Sovereign Identity (SSI) is a novel identity model that empowers individuals with full control over their data, enabling them to choose what information to disclose, with whom, and when. This paradigm is rapidly gaining traction worldwide, supported by numerous initiatives such as the European Digital Identity (EUDI) Regulation or Singapore's National Digital Identity (NDI). For instance, by 2026, the EUDI Regulation will enable all European citizens to seamlessly access services across Europe using Verifiable Credentials (VCs). A key feature of SSI is the ability to selectively disclose only specific claims within a credential, enhancing the privacy protection of the identity owner. This paper proposes a novel mechanism designed to achieve Compact and Selective Disclosure for VCs (CSD-JWT). Our method leverages a cryptographic accumulator to encode claims within a credential into a unique, compact representation. We implemented CSD-JWT as an open-source solution and extensively evaluated its performance under various conditions. CSD-JWT provides significant memory savings, lowering usage by up to 46% compared to the state-of-the-art. It also minimizes network overhead by producing remarkably smaller Verifiable Presentations (VPs), with size reduction from 27% to 93%. Such features make CSD-JWT especially well-suited for resource-constrained devices, including hardware wallets designed for managing credentials.