Potential improvements to section "5.8 Zero-Knowledge Proofs"

[Sebastian-Elfors-IDnow]

Here are some suggestions on how section "5.8 Zero-Knowledge Proofs" in the W3C VC Data Model v1.1 could be improved.

The title may be changed to "Selective disclosure and unlikability" to make the section more generic and broaden the scope from Zero Knowledge Proof schemes to other techniques.

The list with "key capabilities" could be extended with one more option:

• Create a list with hashed values of salted claims, and combine them into an object which is signed by the issuer. The holder can present the selected claims and related salts, and also provide the object with hashed salted claims, to the verifier. Thus, the verifier can check the validity of the presented claims and salts by hashing them, and compare them with the hash values in the provided object.

SD-JWT is an example of such salted claims in JSON format. SD-JWT is however a format, and needs to be complemented with a presentment format such as DIF Presentation Exchange and presentment protocols such as WACI-DIDComm or OIDC4VP. (Another example of the same technique is the MSO in ISO mDL 18013-5, which is used for offline selective disclosure; the MSO is however CBOR encoded and goes beyond the scope of JSON encoded VCs.)

As regards to the Zero Knowledge Proof protocols, the examples in section 5.8 could be extended with BBS Signature Scheme and zk-SNARK, in addition to the already described CL-signatures.

(Lastly, and this might be too protocol specific but could be mentioned for completeness within brackets: one more option for selective disclosure is for the verifier to request an OIDC ID Token with selected claims provided by the IdP. This is how the ISO mDL 18013-5 has designed selective disclosure for online verification. However, the ISO mDL model leaks information to the issuer's IdP, which could be a privacy issue under certain regulations, so a better option for such scenarios could be OIDC4VP in conjunction with SIOP2, whereby selected claims of a VC is presented to the verifier without the involvement of the issuer. The OIDC4VP protocol or a similar approach could potentially be described as an example in section 5.8.)

[Sakurann]

suggested text might be useful in relation to a conversation in PR #999

[brentzundel]

There is a PR #1030 that modifies the ZKP section. I believe it may be merged soon.
Once it is merged it would be helpful for folks to re-review and possibly re-state what further changes are desired.

[brentzundel]

@Sebastian-Elfors-IDnow please re-review

[Sebastian-Elfors-IDnow]

@brentzundel, I've re-reviewed the section and added a comment about "unlinkability" in PR 1030.

[iherman]

The issue was discussed in a meeting on 2023-04-12

• no resolutions were taken

View the transcript

4.5. Potential improvements to section "5.8 Zero-Knowledge Proofs" (issue vc-data-model#939)

See github issue vc-data-model#939.

Brent Zundel: issue #939.
… Potential improvements to section "5.8 Zero-Knowledge Proofs.

Oliver Terbu: +1 brentz.

Brent Zundel: recommendation that it be marked as pending closed because some have been made and has had no objections.

Manu Sporny: Sebastian was asking about salted claims (?).

Ted Thibodeau Jr.: what was noted is that PR1030 will be merged soon so nothing for Sebastian to review yet. Brent will mark it pending closed and alert Sebastian.

[brentzundel]

@Sebastian-Elfors-IDnow PR #1084 has been raised to add the text your recommend, please review.

[msporny]

@Sebastian-Elfors-IDnow has signalled approval of PR #1084, this issue will be closed once PR #1084 is merged.