# DID C&C WG: Collaborating on ZKP Credential Schemes & Specifications Verifiable credentials use cryptography to strongly authenticate information shared between participants. There are many considerations when sharing information in the digital realm, which affect the privacy and security guarantees between the parties who exchange data. Some of these considerations include: 1. Eliminating tracability vectors from data exchanged between participants. 2. Enable participants to share only subsets or minimized derivatives of the data a credential contains. 3. Ensure that any status check and revocation mechanisms do not leak credential usage information. One way to limit information sharing and preserve privacy throughout the lifecycle of that information's use, is a set of cryptographic tools known as Zero-Knowledge Proofs (ZKPs). ZKPs allow participants to account for the issues listed above using cryptographic schemes that cut off tracking vectors, enable minimal disclosure of data, and ensure usage of credentials does not leave a trail third parties can observe to compromise user privacy. There are many ZKP schemes that have been developed over the years that can be used in decentralized identity systems, but few that have seen wide spread adoption. There is still a lot of work to be done to ensure the identity community is equipped with all the tools required to address a wide array of use cases, as well as specifications and libraries that ensure interoperability among various ZKP solutions. To that end, the DIF Claims & Credentials Working Group is starting a collaborative initiative to work on a range of ZKP solutions to address the credential use cases of DIF members, and the wider identity community. This includes: work on ZKP cryptographic schemes, specifications that ensure interop for credentials generated using different schemes, and the libraries and tooling to generate and validate credentials generated with different schemes. Two organizations have stepped up with contributions to kick-off this initiative: #### MATTR MATTR is committed to the community effort required to achieve a disruptive shift in digital identity technologies. We support the collective effort towards a more user-centric model that enhances user choice and privacy, and advocate that concepts like selective disclosure of information in digital interactions are essential to have at the forefront. One way selective disclosure is achievable that provides an array of unique benifets, is through the application of the branch of emerging cryptographic technologies known as "zero knowledge proofs". MATTR has been actively investing in the development of a performant multi-message digital signature scheme supporting selective reveal via "zero knowledge proofs". Our team has built on and contributed to work originating from the [Hyperledger Ursa](https://github.com/hyperledger/ursa) project, extending it to provide a solution compatible with [Verifiable Credentials](https://www.w3.org/TR/vc-data-model/). In the past month we have open sourced multiple repositories for the decentralized identity community to use and continue to develop. We are also currently seeking to standardize the digital signature scheme with a formal draft in progress. We are excited to participate in an effort with like-minded organisations who are committed to the continued development of work in this space. Relivant links - [JSONLD BBS Signature Specification](https://w3c-ccg.github.io/ldp-bbs2020/) - [JSONLD BBS Signature Implementation](https://github.com/mattrglobal/jsonld-signatures-bbs) - [BLS12-381 Key Pair](https://github.com/mattrglobal/bls12381-key-pair) - [BBS Signatures Implementation (WASM)](https://github.com/mattrglobal/bbs-signatures) - [BBS Signatures Implementation (Node)](https://github.com/mattrglobal/node-bbs-signatures) #### Microsoft Microsoft's decentralized identity team and Microsoft Research have been working on a SNARK-based ZKP scheme that is now in final draft stages. The white paper describing the scheme and the design of its cryptographic primitives will be shared by Daniel Buchner in a subsequent blog post. Microsoft will be contributing the paper in the coming days, and beginning work on an implementation of the scheme within the DIF C&C WG this summer. We encourage you to contribute to this effort, whether it be through the definition of use cases, code contributions, or work on specifications. It is critical that we equip the community with the tools to the preserve privacy and the personal safety of users in the digital realm. With this initiative, we hope to advance that cause, and we invite you to join us in doing so. ---- There are two problems with solely using digital signatures: the signature is a unique identifier that can be used to track the holder, and the signature IS the credential which when given to the verifier to validate, is a digital copy and can be used to impersonate the holder. Proof of knowledge of a signature allows a holder of a digital signature to present a proof of a valid signature instead of the signature itself. The verifier never sees the original signature preventing impersonation. ZKPs are also unlinkable i.e. one proof cannot be linked to another limiting correlatable information disclosure. Selective disclosure is a proof where only a subset of the information is shared instead of its entirety. In the context of verifiable credentials, they can be used to limit the number of claims shared with another party to those that are necessary to complete an interaction. For example, a government issued ID card may contain 10 claims about a subject like first name, surname, address, birth date, unique citizen ID, phone number, and others. One scenario may only need to know an address for delivery or a phone number and first name to begin an introduction. Selective disclosure would create a ZKP that only reveals those claims to the other party and all others will remain hidden. Luckily there are cryptographic primitives that support creating these proofs quickly and efficiently called short group signatures with efficient protocols. Camenisch-Lysyanskaya (CL), Boneh-Boyen-Shacum (BBS+), and Pointcheval-Saunders (PS) are 3 signatures that support signing multiple messages with one signature and creating the previously mentioned ZKPs. **TODO: Do we need to discuss how the signatures work?**