Upgrade to Pro — share decks privately, control downloads, hide ads and more …

JSON-LD BBS+ Verifiable Credentials with Private Holder Binding, Pseudonym, ...

JSON-LD BBS+ Verifiable Credentials with Private Holder Binding, Pseudonym, ...

Presented at IIW 37 on 2023-10-10

Dan Yamamoto

October 10, 2023
Tweet

More Decks by Dan Yamamoto

Other Decks in Technology

Transcript

  1. JSON-LD BBS+ Verifiable Credentials
    with Private Holder Binding, Pseudonym, ...
    Dan Yamamoto (Internet Initiative Japan)
    2023-10-10 @ IIW 37

    View full-size slide

  2. Our work
    1
    ◼ Experimental JSON-LD BBS+ Verifiable Credentials with...
    ✓ Selective disclosure
    ✓ Signature hiding for unlinkability
    ✓ Proof of equality for hidden attributes
    ✓ Blind signature for private holder binding
    ✓ Pairwise pseudonymous identifier (PPID)
     Predicate proofs (on-going)
     Revocation, issuer-hiding, secure key storage, ...
     Documentation, rigorous security review, standardization, ...

    View full-size slide

  3. Example Use Case
    2
    Issuer
    Verifier
    Holder

    View full-size slide

  4. Example Use Case
    3
    xyz: Person
    name = John Smith
    credentialSubject
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    code#123
    : Vaccine
    vaccine
    vc#1: VerifiableCredential
    issuer = gov; proof = sig1
    VC1
    bound to
    Holder's secret
    Issuer
    Verifier
    Holder

    View full-size slide

  5. xyz: Person
    name = John Smith
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    code#123
    : Vaccine
    vaccine
    Example Use Case
    4
    VC1
    vc#1: VerifiableCredential
    issuer = gov; proof = sig1
    credentialSubject
    Issuer
    Verifier
    Holder
    Prove that you got vaccinated
    using authorized vaccine
    after April 2022 !

    View full-size slide

  6. xyz: Person
    name = John Smith
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    cvx#207
    : Vaccine
    vaccine
    Example Use Case
    5
    VC1
    code#123
    vc#1: VerifiableCredential
    issuer = gov; proof = sig1
    credentialSubject
    Issuer
    Verifier
    Holder
    Prove that you got vaccinated
    using authorized vaccine
    after April 2022 !
    Is it
    authorized?

    View full-size slide

  7. xyz: Person
    name = John Smith
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    cvx#207
    : Vaccine
    vaccine
    Example Use Case
    6
    VC1
    VC2
    : VerifiableCredential
    issuer = prv; proof = sig2
    code#123: Vaccine
    name = Awesome Vaccine
    manufacturer = Example.com
    status = authorized
    credentialSubject
    download
    code#123
    vc#1: VerifiableCredential
    issuer = gov; proof = sig1
    credentialSubject
    Issuer
    Verifier
    Holder
    Prove that you got vaccinated
    using authorized vaccine
    after April 2022 !
    Is it
    authorized?
    Issuer
    (vaccine info
    provider)

    View full-size slide

  8. xyz: Person
    name = John Smith
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    cvx#207
    : Vaccine
    vaccine
    Example Use Case
    7
    VC1
    VC2
    : VerifiableCredential
    issuer = prv; proof = sig2
    code#123: Vaccine
    name = Awesome Vaccine
    manufacturer = Example.com
    status = authorized
    credentialSubject
    code#123
    vc#1: VerifiableCredential
    issuer = gov; proof = sig1
    credentialSubject
    Issuer
    Verifier
    Holder
    Prove that you got vaccinated
    using authorized vaccine
    after April 2022 !
    Is it
    authorized?
    Issuer
    (vaccine info
    provider)
    download
    link data

    View full-size slide

  9. xyz: Person
    name = John Smith
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    code#123
    : Vaccine
    vaccine
    Example Use Case
    8
    VC1
    VC2
    : VerifiableCredential
    issuer = prv; proof = sig2
    code#123: Vaccine
    name = Awesome Vaccine
    manufacturer = Example.com
    status = authorized
    credentialSubject
    vc#1: VerifiableCredential
    issuer = gov; proof = sig1
    credentialSubject
    Issuer
    Verifier
    Holder
    Prove that you got vaccinated
    using authorized vaccine
    after April 2022 !
    Issuer
    (vaccine info
    provider)
    link data

    View full-size slide

  10. xyz: Person
    name = John Smith
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    code#123
    : Vaccine
    vaccine
    Example Use Case
    9
    VC1
    VC2
    : VerifiableCredential
    issuer = prv; proof = sig2
    code#123: Vaccine
    name = Awesome Vaccine
    manufacturer = Example.com
    status = authorized
    credentialSubject
    ***
    **************** ****************
    *********
    *********
    **********************
    *************************
    vc#1: VerifiableCredential
    issuer = gov; proof = sig1
    selective
    disclosure
    ***
    credentialSubject
    Issuer
    Verifier
    Holder
    Prove that you got vaccinated
    using authorized vaccine
    after April 2022 !
    Issuer
    (vaccine info
    provider)

    View full-size slide

  11. xyz: Person
    name = John Smith
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    code#123
    : Vaccine
    vaccine
    Example Use Case
    10
    VC1
    VC2
    : VerifiableCredential
    issuer = prv; proof = sig2
    code#123: Vaccine
    name = Awesome Vaccine
    manufacturer = Example.com
    status = authorized
    credentialSubject
    ***
    **************** ****************
    *** X ***
    *** X ***
    **********************
    *************************
    proof of
    equality
    vc#1: VerifiableCredential
    issuer = gov; proof = sig1
    ***
    credentialSubject
    Issuer
    Verifier
    Holder
    Prove that you got vaccinated
    using authorized vaccine
    after April 2022 !
    Issuer
    (vaccine info
    provider)
    selective
    disclosure

    View full-size slide

  12. xyz: Person
    name = John Smith
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    code#123
    : Vaccine
    vaccine
    Example Use Case
    11
    VC1
    VC2
    : VerifiableCredential
    issuer = prv; proof = ...
    code#123: Vaccine
    name = Awesome Vaccine
    manufacturer = Example.com
    status = authorized
    credentialSubject
    ***
    **************** ****************
    *** X ***
    *** X ***
    **********************
    *************************
    ***
    vc#1: VerifiableCredential
    issuer = gov; proof = 署名値
    ***
    **** signature
    hiding
    credentialSubject
    Issuer
    Verifier
    Holder
    Prove that you got vaccinated
    using authorized vaccine
    after April 2022 !
    Issuer
    (vaccine info
    provider)
    proof of
    equality
    selective
    disclosure

    View full-size slide

  13. xyz: Person
    name = John Smith
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    code#123
    : Vaccine
    vaccine
    Example Use Case
    12
    VC1
    VC2
    : VerifiableCredential
    issuer = prv; proof = ...
    code#123: Vaccine
    name = Awesome Vaccine
    manufacturer = Example.com
    status = authorized
    credentialSubject
    ***
    **************** ****************
    *** X ***
    *** X ***
    **********************
    *************************
    ***
    vc#1: VerifiableCredential
    issuer = gov; proof = 署名値
    ***
    **** signature
    hiding
    credentialSubject
    Issuer
    Verifier
    Holder
    Prove that you got vaccinated
    using authorized vaccine
    after April 2022 !
    Issuer
    (vaccine info
    provider)
    proof of
    equality
    selective
    disclosure
    >= 2022-04
    Predicate
    Proof

    View full-size slide

  14. xyz: Person
    name = John Smith
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    code#123
    : Vaccine
    vaccine
    Example Use Case
    13
    VC1
    VC2
    : VerifiableCredential
    issuer = prv; proof = ...
    code#123: Vaccine
    name = Awesome Vaccine
    manufacturer = Example.com
    status = authorized
    credentialSubject
    ***
    **************** ****************
    *** X ***
    *** X ***
    **********************
    *************************
    vc#1: VerifiableCredential
    issuer = gov; proof = 署名値
    ***
    ****
    proof of
    secret knowledge
    credentialSubject
    Issuer
    Verifier
    Holder
    Prove that you got vaccinated
    using authorized vaccine
    after April 2022 !
    Issuer
    (vaccine info
    provider)
    signature
    hiding
    proof of
    equality
    selective
    disclosure
    ***
    >= 2022-04
    Predicate
    Proof

    View full-size slide

  15. xyz: Person
    name = John Smith
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    code#123
    : Vaccine
    vaccine
    Example Use Case
    14
    VC1
    VC2
    : VerifiableCredential
    issuer = prv; proof = ...
    code#123: Vaccine
    name = Awesome Vaccine
    manufacturer = Example.com
    status = authorized
    credentialSubject
    ***
    **************** ****************
    *** X ***
    *** X ***
    **********************
    *************************
    vc#1: VerifiableCredential
    issuer = gov; proof = 署名値
    ***
    ****
    credentialSubject
    Issuer
    Verifier
    Holder
    Prove that you got vaccinated
    using authorized vaccine
    after April 2022 !
    Issuer
    (vaccine info
    provider)
    signature
    hiding
    proof of
    equality
    selective
    disclosure
    ***
    VP
    proof of
    secret knowledge
    >= 2022-04
    Predicate
    Proof

    View full-size slide

  16. xyz: Person
    name = John Smith
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    code#123
    : Vaccine
    vaccine
    Example Use Case
    15
    VC1
    VC2
    : VerifiableCredential
    issuer = prv; proof = ...
    code#123: Vaccine
    name = Awesome Vaccine
    manufacturer = Example.com
    status = authorized
    credentialSubject
    ***
    **************** ****************
    *** X ***
    *** X ***
    **********************
    *************************
    vc#1: VerifiableCredential
    issuer = gov; proof = 署名値
    ***
    ****
    credentialSubject
    Issuer
    Verifier
    Holder
    Prove that you got vaccinated
    using authorized vaccine
    after April 2022 !
    Issuer
    (vaccine info
    provider)
    signature
    hiding
    proof of
    equality
    selective
    disclosure
    ***
    VP
    I (anonymized) got vaccinated
    using authorized vaccine (anonymized)
    after April 2022 (without exact date)
    proof of
    secret knowledge
    >= 2022-04
    Predicate
    Proof

    View full-size slide

  17. Prototype Implementation
    jsonld-proofs
    rdf-proofs-wasm
    rdf-proofs
    zkp-ld-playground
    docknetwork/crypto
    demo apps
    JSON-LD
    processing
    RDF
    processing
    BBS+ and
    zk-SNARKs
    16
    thin wrapper
    https://github.com/zkp-ld/
    ◆issue & verify JSON-LD VC
    ◆compose & verify JSON-LD VP
    ◆issue & verify N-Quads VC
    ◆compose & verify N-Quads VP
    ◆issue & verify N-Quads VC
    ◆compose & verify N-Quads VP
    ◆sign & verify integer array
    ◆derive & verify ZKP for integer array

    View full-size slide

  18. Playground
    17
    https://playground.zkp-ld.org/

    View full-size slide

  19. VC Issuance
    19
    1. Convert VC from JSON-LD to RDF N-Quads
    2. Eliminate ambiguity of N-Quads data (Canonicalization)
    3. Decompose N-Quads data into an array of Terms
    4. Hash each Term to integer
    5. Feed the array of integers into the BBS+ signing algorithm to
    generate a signature value

    View full-size slide

  20. (1) Convert VC from JSON-LD to RDF N-Quads
    20
    {
    "type": "VerifiableCredential",
    "issuer": "gov",
    "proof": { },
    "credentialSubject": {
    "id": "xyz",
    "type": "Person",
    "name": "John Smith"
    "isPatientOf": {
    "type": "Vaccination",
    "date": "2022-04-04",
    "vaccine": {
    "id": "code#123",
    "type": "Vaccine"
    }
    }
    }
    }
    xyz: Person
    name = John Smith
    : Vaccination
    date = 2022-04-04
    lotNo = 9999999
    isPatientOf
    code#123
    : Vaccine
    vaccine
    vc#1: VerifiableCredential
    issuer = gov; proof = sig1
    credentialSubject
    JSON-LD

    View full-size slide

  21. (1) Convert VC from JSON-LD to RDF N-Quads
    21
    _:b0 type VerifiableCredential
    _:b0 issuer gov
    _:b0 credentialSubject xyz
    xyz type Person
    xyz name John Smith
    xyz isPatientOf _:b1
    _:b1 type Vaccination
    _:b1 date 2022-04-04
    _:b1 vaccine code#123
    {
    "type": "VerifiableCredential",
    "issuer": "gov",
    "proof": { },
    "credentialSubject": {
    "id": "xyz",
    "type": "Person",
    "name": "John Smith"
    "isPatientOf": {
    "type": "Vaccination",
    "date": "2022-04-04",
    "vaccine": {
    "id": "code#123",
    "type": "Vaccine"
    }
    }
    }
    }
    JSON-LD
    N-Quads

    View full-size slide

  22. N-Quads
    22
    _:b0 type VerifiableCredential
    _:b0 issuer gov
    _:b0 credentialSubject xyz
    xyz type Person
    xyz name John Smith
    xyz isPatientOf _:b1
    _:b1 type Vaccination
    _:b1 date 2022-04-04
    _:b1 vaccine code#123
    {
    "type": "VerifiableCredential",
    "issuer": "gov",
    "proof": { },
    "credentialSubject": {
    "id": "xyz",
    "type": "Person",
    "name": "John Smith"
    "isPatientOf": {
    "type": "Vaccination",
    "date": "2022-04-04",
    "vaccine": {
    "id": "code#123",
    "type": "Vaccine"
    }
    }
    }
    }
    xyz type Person
    xyz name John Smith
    xyz isPatientOf _:x
    _:x type Vaccination
    _:x date 2022-04-04
    _:x vaccine code#123
    _:y type VerifiableCredential
    _:y issuer gov
    _:y credentialSubject xyz
    RDF data has "ambiguity" in terms of blank node labels and
    the order of quads
    → We need canonical form for signing and verifying

    View full-size slide

  23. (2) Eliminate ambiguity of N-Quads data (Canonicalization)
    23
    _:b0 type VerifiableCredential
    _:b0 issuer gov
    _:b0 credentialSubject xyz
    xyz type Person
    xyz name John Smith
    xyz isPatientOf _:b1
    _:b1 type Vaccination
    _:b1 date 2022-04-04
    _:b1 vaccine code#123
    _:c14n0 date 2022-04-04
    _:c14n0 type Vaccination
    _:c14n0 vaccine code#123
    _:c14n1 type VerifiableCredential
    _:c14n1 credentialSubject xyz
    _:c14n1 issuer 政府
    xyz type Person
    xyz isPatientOf _:c14n1
    xyz name John Smith
    RDF Canonicalization
    Regardless of the original blank
    node labels and the order of quads,
    you can obtain deterministically
    unique labels and orders

    View full-size slide

  24. (3) Decompose N-Quads data into an array of Terms
    24
    _:c14n0.c8xd... date 2022-04-04
    _:c14n0.c8xd... type Vaccination
    _:c14n0.c8xd... vaccine code#123
    _:c14n1.c8xd... type VerifiableCredential
    _:c14n1.c8xd... credentialSubject xyz
    _:c14n1.c8xd... issuer gov
    xyz type Person
    xyz isPatientOf _:c14n1.c8xd...
    xyz name John Smith
    _:c14n0.c8xd... date 2022-04-04
    Vaccination
    _:c14n0.c8xd... type
    John Smith
    xyz name
    ...
    ...
    ...
    1
    4
    2
    5
    26
    25
    3
    6
    27

    View full-size slide

  25. (4) Hash each Term to integer
    25
    _:c14n0 date 2022-04-04
    Vaccination
    _:c14n0 type
    John Smith
    xyz name
    ...
    ...
    ...
    1
    4
    2
    5
    26
    25
    3
    6
    27
    9139018... 7975413... 8394757...
    4937101...
    9139018... 1106247...
    5388010...
    6580550... 4549787...
    ...
    ...
    ...
    1
    4
    2
    5
    26
    25
    3
    6
    27
    Hash to Scalar

    View full-size slide

  26. (5) Feed the array of integers into the BBS+ signing algorithm
    26
    9139018... 7975413... 8394757...
    4937101...
    9139018... 1106247...
    5388010...
    6580550... 4549787...
    ...
    ...
    ...
    1
    4
    2
    5
    26
    25
    3
    6
    27
    BBS+.sign
    ← Holder's secret
    signature
    { "type": "VerifiableCredential",
    "issuer": "gov",
    "proof": { BBS+ signature },
    "credentialSubject": {
    "id": "xyz",
    "type": "Person",
    "name": "John Smith"
    "isPatientOf": {
    "type": "Vaccination",
    "date": "2022-04-04",
    "vaccine": {
    "id": "code#123",
    "type": "Vaccine"
    } } } }
    4999362...
    0
    Issuer's secret key

    View full-size slide

  27. VC Verification
    27
    9139018... 7975413... 8394757...
    4937101...
    9139018... 1106247...
    5388010...
    6580550... 4549787...
    ...
    ...
    ...
    1
    4
    2
    5
    26
    25
    3
    6
    27
    BBS+.verify
    accept / reject
    { "type": "VerifiableCredential",
    "issuer": "gov",
    "proof": { BBS+ signature },
    "credentialSubject": {
    "id": "xyz",
    "type": "Person",
    "name": "John Smith"
    "isPatientOf": {
    "type": "Vaccination",
    "date": "2022-04-04",
    "vaccine": {
    "id": "code#123",
    "type": "Vaccine"
    } } } }
    4999362...
    0
    Issuer's public key
    Steps (1) to (4) are the same as Issuance

    View full-size slide

  28. VP Composition
    28
    _:b0 credentialSubject xyz
    xyz name John Smith
    xyz isPatientOf _:b1
    _:b1 date 2022-04-04
    _:b0 credentialSubject _:x0
    _:x0 isPatientOf _:b1
    _:b1 date 2022-04-04
    VC held by the Holder VC to be presented to the Verifier
    {
    "credentialSubject": {
    "id": "xyz",
    "name": "John Smith"
    "isPatientOf": {
    "date": "2022-04-04"
    }
    }
    {
    "credentialSubject": {
    "id": "_:x0",
    "name": "John Smith",
    "isPatientOf": {
    "date": "2022-04-04"
    }
    }
    remove quad
    replace with
    blank node
    2 types of
    selective disclosure

    View full-size slide

  29. VP Composition
    29
    Verifier must resume the original layout
    before verification
    _:b0 credentialSubject xyz
    xyz name John Smith
    xyz isPatientOf _:b1
    _:b1 date 2022-04-04
    _:b0 credentialSubject _:x0
    _:x0 isPatientOf _:b1
    _:b1 date 2022-04-04
    _:c14n0 date 2022-04-04
    _:c14n1 credentialSubject xyz
    xyz isPatientOf _:c14n0
    xyz name John Smith
    _:c14n0 date 2022-04-04
    _:c14n1 isPatientOf _:c14n0
    _:c14n2 credentialSubject _:c14n1
    canonicalize canonicalize
    split split
    _:c14n0 date 2022-04-04
    _:c14n1 credentia.. xyz
    xyz isPatientOf _:c14n0
    xyz name John Smith
    _:c14n0 date 2022-04-04
    _:c14n1 isPatientOf _:c14n0
    _:c14n2 credentia.. _:c14n1
    VC held by the Holder VC to be presented to the Verifier

    View full-size slide

  30. VP Composition
    30
    _:b0 credentialSubject xyz
    xyz name John Smith
    xyz isPatientOf _:b1
    _:b1 date 2022-04-04
    _:b0 credentialSubject _:x0
    _:x0 isPatientOf _:b1
    _:b1 date 2022-04-04
    _:c14n0 date 2022-04-04
    _:c14n1 credentialSubject xyz
    xyz isPatientOf _:c14n0
    xyz name John Smith
    _:c14n0 date 2022-04-04
    _:c14n1 isPatientOf _:c14n0
    _:c14n2 credentialSubject _:c14n1
    canonicalize canonicalize
    VC held by the Holder VC to be presented to the Verifier
    (a) anonymize
    from to
    xyz _:x0

    View full-size slide

  31. VP Composition
    31
    _:b0 credentialSubject xyz
    xyz name John Smith
    xyz isPatientOf _:b1
    _:b1 date 2022-04-04
    _:b0 credentialSubject _:x0
    _:x0 isPatientOf _:b1
    _:b1 date 2022-04-04
    _:c14n0 date 2022-04-04
    _:c14n1 credentialSubject xyz
    xyz isPatientOf _:c14n0
    xyz name John Smith
    _:c14n0 date 2022-04-04
    _:c14n1 isPatientOf _:c14n0
    _:c14n2 credentialSubject _:c14n1
    canonicalize canonicalize
    VC held by the Holder VC to be presented to the Verifier
    (b) canonicalize
    from to
    _:b1 _:c14n0
    _:x0 _:c14n1
    _:b0 _:c14n2
    (a) anonymize
    from to
    xyz _:x0

    View full-size slide

  32. VP Composition
    32
    _:b0 credentialSubject xyz
    xyz name John Smith
    xyz isPatientOf _:b1
    _:b1 date 2022-04-04
    _:b0 credentialSubject _:x0
    _:x0 isPatientOf _:b1
    _:b1 date 2022-04-04
    _:c14n0 date 2022-04-04
    _:c14n1 credentialSubject xyz
    xyz isPatientOf _:c14n0
    xyz name John Smith
    _:c14n0 date 2022-04-04
    _:c14n1 isPatientOf _:c14n0
    _:c14n2 credentialSubject _:c14n1
    canonicalize canonicalize
    VC held by the Holder VC to be presented to the Verifier
    (c) canonicalize
    from to
    _:b0 _:c14n1
    _:b1 _:c14n0
    (a) anonymize
    from to
    xyz _:x0
    (b) canonicalize
    from to
    _:b1 _:c14n0
    _:x0 _:c14n1
    _:b0 _:c14n2

    View full-size slide

  33. VP Composition
    33
    (a) anonymize-1
    to from
    _:x0 xyz
    (b) canonicalize-1
    from to
    _:c14n0 _:b1
    _:c14n1 _:x0
    _:c14n2 _:b0
    (c) canonicalize
    from to
    _:b0 _:c14n1
    _:b1 _:c14n0
    (b)-1 × ((a)-1 + (c))
    from to
    _:c14n0 _:c14n0
    _:c14n1 xyz
    _:c14n2 _:c14n1
    (a)-1 + (c)
    from to
    _:x0 xyz
    _:b0 _:c14n1.a
    _:b1 _:c14n0.a
    (a)-1 + (c)
    from to
    _:x0 xyz
    _:b0 _:c14n1.a
    _:b1 _:c14n0.a

    View full-size slide

  34. VP Composition
    34
    _:b0 credentialSubject xyz
    xyz name John Smith
    xyz isPatientOf _:b1
    _:b1 date 2022-04-04
    _:b0 credentialSubject _:x0
    _:x0 isPatientOf _:b1
    _:b1 date 2022-04-04
    _:c14n0 date 2022-04-04
    _:c14n1 credentialSubject xyz
    xyz isPatientOf _:c14n0
    xyz name John Smith
    _:c14n0 date 2022-04-04
    _:c14n1 isPatientOf _:c14n0
    _:c14n2 credentialSubject _:c14n1
    canonicalize canonicalize
    (b)-1 × ((a)-1 + (c))
    from to
    _:c14n0 _:c14n0
    _:c14n1 xyz
    _:c14n2 _:c14n1
    VC held by the Holder VC to be presented to the Verifier
    _:c14n0 date 2022-04-04
    xyz isPatientOf _:c14n0
    _:c14n1 credentialSubject xyz

    View full-size slide

  35. VP Composition
    35
    _:b0 credentialSubject xyz
    xyz name John Smith
    xyz isPatientOf _:b1
    _:b1 date 2022-04-04
    _:b0 credentialSubject _:x0
    _:x0 isPatientOf _:b1
    _:b1 date 2022-04-04
    _:c14n0 date 2022-04-04
    _:c14n1 credentialSubject xyz
    xyz isPatientOf _:c14n0
    xyz name John Smith
    _:c14n0 date 2022-04-04
    _:c14n1 isPatientOf _:c14n0
    _:c14n2 credentialSubject _:c14n1
    canonicalize canonicalize
    VC held by the Holder VC to be presented to the Verifier
    _:c14n0 date 2022-04-04
    xyz isPatientOf _:c14n0
    _:c14n1 credentialSubject xyz
    index map
    from to
    0 0
    1 2
    2 1
    #quads = 4
    0
    1
    2
    0
    1
    2
    to be included in the VP

    View full-size slide

  36. VP Composition
    36
    _:b0 credentialSubject xyz
    xyz name John Smith
    xyz isPatientOf _:b1
    _:b1 date 2022-04-04
    _:b0 credentialSubject _:x0
    _:x0 isPatientOf _:b1
    _:b1 date 2022-04-04
    _:c14n0 date 2022-04-04
    _:c14n1 credentialSubject xyz
    xyz isPatientOf _:c14n0
    xyz name John Smith
    _:c14n0 date 2022-04-04
    _:c14n1 isPatientOf _:c14n0
    _:c14n2 credentialSubject _:c14n1
    canonicalize canonicalize
    split split
    _:c14n0 date 2022-04-04
    _:c14n1 credentia.. xyz
    xyz isPatientOf _:c14n0
    xyz name John Smith
    _:c14n0 date 2022-04-04
    _:c14n1 isPatientOf _:c14n0
    _:c14n2 credentia.. _:c14n1
    VC held by the Holder VC to be presented to the Verifier
    index map
    from to
    0 0
    1 2
    2 1
    #quads = 4

    View full-size slide

  37. VP Composition
    37
    _:b0 credentialSubject xyz
    xyz name John Smith
    xyz isPatientOf _:b1
    _:b1 date 2022-04-04
    _:b0 credentialSubject _:x0
    _:x0 isPatientOf _:b1
    _:b1 date 2022-04-04
    _:c14n0 date 2022-04-04
    _:c14n1 credentialSubject xyz
    xyz isPatientOf _:c14n0
    xyz name John Smith
    _:c14n0 date 2022-04-04
    _:c14n1 isPatientOf _:c14n0
    _:c14n2 credentialSubject _:c14n1
    canonicalize canonicalize
    split
    split then
    reorder using index map
    _:c14n0 date 2022-04-04
    _:c14n1 credentia.. xyz
    xyz isPatientOf _:c14n0
    xyz name John Smith
    _:c14n0 date 2022-04-04
    _:c14n1 isPatientOf _:c14n0
    _:c14n2 credentia.. _:c14n1
    VC held by the Holder VC to be presented to the Verifier
    index map
    from to
    0 0
    1 2
    2 1
    #quads = 4

    View full-size slide

  38. VP Composition
    38
    _:b0 credentialSubject xyz
    xyz name John Smith
    xyz isPatientOf _:b1
    _:b1 date 2022-04-04
    _:b0 credentialSubject _:x0
    _:x0 isPatientOf _:b1
    _:b1 date 2022-04-04
    _:c14n0 date 2022-04-04
    _:c14n1 credentialSubject xyz
    xyz isPatientOf _:c14n0
    xyz name John Smith
    _:c14n0 date 2022-04-04
    _:c14n1 isPatientOf _:c14n0
    _:c14n2 credentialSubject _:c14n1
    canonicalize canonicalize
    split
    split then
    reorder using index map
    _:c14n0 date 2022-04-04
    _:c14n1 credentia.. xyz
    xyz isPatientOf _:c14n0
    xyz name John Smith
    _:c14n0 date 2022-04-04
    _:c14n1 isPatientOf _:c14n0
    _:c14n2 credentia.. _:c14n1
    VC held by the Holder VC to be presented to the Verifier
    index map
    from to
    0 0
    1 2
    2 1
    #quads = 4
    Reveal / unreveal indexes have been successfully identified → Verifier can verify BBS+ proof

    View full-size slide

  39. VP Composition
    39
    9139018... 7975413... 8394757...
    4937101...
    9139018... 1106247...
    5388010...
    6580550... 4549787...
    ...
    ...
    ...
    1
    4
    2
    5
    26
    25
    3
    6
    27
    BBS+.derive
    Non-Interactive
    Zero-Knowledge Proof
    4999362...
    0
    reveal indexes
    [5, 6, ..., 25, 26, 27]
    equal witnesses
    [ [1,4], ... ]
    Issuer's public key

    View full-size slide