Termwise BBS and Pseudonymous DID Keys

Transcript

1. Verifiable Credentials with JSON-LD, BBS, OID4VCI, OID4VP, and Pseudonymous DID

   key Dan Yamamoto (Internet Initiative Japan Inc.) 2024-11-19

2. Overview 1 ◼ Background ⚫ At IIW39, we demonstrated our

   prototype identity wallet: ⚫ Supports VCs based on the W3C Verifiable Credentials Data Model (VCDM) and Data Integrity ⚫ Protocol: OpenID4VCI and OpenID4VP and DIF Presentation Exchange (with JSON-LD Frame feature) ⚫ Signature scheme: Forked W3C VC-DI-BBS (Termwise BBS) with W3C RDF Dataset Canonicalization ⚫ Additional features: Pseudonymous DID Keys (Pseudonyms represented as did:key) ⚫ Status: Experimental, with some underlying libraries published as open-source (https://github.com/zkp-ld) ◼ Discussion Points 1. How can we effectively contribute to the community? → Kim has already suggested preparing an "interoperability profile" and provided an example 2. When and how should we align with VC-DI-BBS standardization? → We are concerned that integrating our proposal directly into VC-DI-BBS may delay its standardization. Therefore, we believe it would be better to position our approach as an extension to VC-DI-BBS or a completely separate cryptosuite 3. What feedback can improve our software implementation and approach? ◼ Materials for Discussion ⚫ Overview of our approaches: Termwise BBS and Pseudonymous DID Key ⚫ Live demo available, depending on time and participants' interest

3. History & Related Works 2 2020 2021 2022 2023 2024

   LDP-BBS2020 (W3C CCG) BBS (DIF & IRTF CFRG) VC-DI-BBS (W3C VCWG) Blind BBS BBS per Verifier Linkability Our fork: Termwise BBS ?

4. VC-DI-BBS vs. Termwise BBS: How to Encode LD for BBS

   3 ? 9139018... 7975413... 1672531200 4937101... 9139018... 1106247... ... 𝑚1 𝑚4 𝑚2 𝑚3 𝑚6 𝑚5 Integer Array 𝑚1 , 𝑚2 , … sign derive verify JSON-LD BBS Functions { "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "date": "2023-06-04", "vaccine": "code123" } } } For BBS, we need an encoding to convert JSON-LD into a sequence of integers

5. VC-DI-BBS vs. Termwise BBS: How to Encode LD for BBS

   4 _:c14n0 credentialSubject xyz xyz name "John Smith" xyz worksFor _:c14n1 _:c14n1 name "example.com" Canonicalize { "credentialSubject": { "id": "xyz", "name": "John Smith" "worksFor": { "name": "example.com" } } } _:c14n0 credentialSubject xyz xyz name "John Smith" xyz isPatientOf _:c14n1 _:c14n1 name "example.com" _:c14n0 xyz xyz _:c14n1 credentialSubject name isPatientOf name xyz "John Smith" _:c14n1 "example.com" JSON-LD Canonical N-Quads Term- wise 𝑚1 𝑚2 𝑚3 𝑚4 𝑚1 𝑚4 𝑚7 𝑚10 𝑚2 𝑚5 𝑚8 𝑚11 𝑚3 𝑚6 𝑚9 𝑚12 then hash each 𝑚𝑖 into integers as required for BBS input

6. Pros and Cons of Termwise BBS 5 ◼ Pros ⚫

   "id" can also be selectively disclosed ⚫ Hidden terms can be used for predicate proofs (incl. range proofs) using zk-SNARKs ⚫ Multiple credentials can be linked in a VP without revealing URLs ◼ Cons ⚫ More complicated algorithm, which is not yet documented ⚫ Data size of the derived proof value (in VP) is up to three times larger than VC-DI-BBS { "type": "VerifiablePresentation", "verifiableCredential": [ { "type": "VerifiableCredential", "credentialSubject": { "type": "Person", "worksFor": { "id": "_:b3" } } }, { "type": "VerifiableCredential", "credentialSubject": { "id": "_:b3", "type": "Organization", "numberOfEmployees": 10000 } } ] } { "type": "VerifiableCredential", "credentialSubject": { "id": "did:example:abcde", "type": "Person", "name": "John Smith", "worksFor": { "id": "http://example.com" } } } { "type": "VerifiableCredential", "credentialSubject": { "id": "http://example.com", "type": "Organization", "name": "Awesome Company", "numberOfEmployees": 10000 } } VC1 VC2 VP

7. Pseudonymous DID key 6 Holder / Wallet Verifiers Issuers secret

   key did:key for I1 did:key for I2 did:key for I3 did:key for V1 did:key for V2 did:key for V3 ◼ A single secret key can generate multiple public keys (did:key) for different domains ◼ Multiple public keys cannot be shown within a single domain (inner-domain linkability) ◼ It is not possible to correlate public keys across different domains (inter-domain unlinkability) did:key for domain := Hash domainID secret

8. Pseudonymous DID key 7 { "type": "VerifiablePresentation", "holder": "did:key:z3tEGdzB4Dk2...", "proof":

   { "domain": "example.org", "proofValue": "..." }, "verifiableCredential": [ { "type": "VerifiableCredential", "credentialSubject": { "type": "Person", "worksFor": { "id": "_:b3" } } }, { "type": "VerifiableCredential", "credentialSubject": { "id": "_:b3", "type": "Organization", "numberOfEmployees": 10000 } } ] } { "type": "VerifiableCredential", "credentialSubject": { "id": "did:example:abcde", "type": "Person", "name": "John Smith", "worksFor": { "id": "http://example.com" } } } { "type": "VerifiableCredential", "credentialSubject": { "id": "http://example.com", "type": "Organization", "name": "Awesome Company", "numberOfEmployees": 10000 } } VC1 VC2 VP { "type": "VerifiablePresentation", "holder": "did:key:z3tEEzuVcea...", "proof": { "domain": "domain.test", "proofValue": "..." }, "verifiableCredential": [ { "type": "VerifiableCredential", "credentialSubject": { "type": "Person", "worksFor": { "id": "_:b3" } } }, { "type": "VerifiableCredential", "credentialSubject": { "id": "_:b3", "type": "Organization", "numberOfEmployees": 10000 } } ] } VP

9. Pseudonymous DID Key 8 { "credentialSubject": { "id": "xyz", "name":

   "John Smith" "worksFor": { "name": "example.com" } } } _:c14n0 xyz xyz _:c14n1 credentialSubject name isPatientOf name xyz "John Smith" _:c14n1 "example.com" 𝑚1 𝑚4 𝑚7 𝑚10 𝑚2 𝑚5 𝑚8 𝑚11 𝑚3 𝑚6 𝑚9 𝑚12 *secret* 𝑚0 At the time of issuance, the Issuer signs the holder's secret without ever seeing it, using Blind BBS BBS. sign Holder's Commitment At the time of presentation, the holder proves that: ◼ The VCs included in the VP are signed by the issuer, ◼ They possess the secret that was blindly signed by the issuer within the VCs, and ◼ Their presented did:key is derived from their secret as DIDKey ← Hash domainID secret

10. Prototype Implementation jsonld-proofs rdf-proofs-wasm rdf-proofs zkp-ld-playground (online demo) docknetwork/crypto Demo

    application JSON-LD to N-Quads N-Quads to Scalars BBS and related cryptography 9 https://github.com/zkp-ld/ provides TS/JS APIs for key generation, VC issuance, verification, and presentation provides Rust APIs for key generation, VC issuance, verification, and presentation TS/Rust bridge web-wallet (not published yet)

11. Demo at IIW39 10 1. Obtain a certificate of residence

    from the local government 2. Present the certificate at a skills testing center for identity verification 3. Receive a skill credential from the testing center after the assessment 4. Attach the credential to your Nostr account and share it with your friends VC VC VP VP Issuer Verifier Issuer Verifier

12. Future Work 11 ◼ Develop comprehensive documentation for users, developers,

    and standardization efforts ◼ Improve code quality to enhance performance and maintainability ◼ Perform in-depth security and privacy analyses ◼ Introduce additional features, including credential revocation and delegation ◼ Explore secure hardware options for BBS (with a focus on the BLS12-381 curve) ◼ Investigate post-quantum cryptographic alternatives

13. Appendix: Termwise BBS Details

14. VC Issuance 13 1. Convert VC from JSON-LD to RDF

    N-Quads 2. Eliminate ambiguity of N-Quads data (Canonicalization) 3. Decompose N-Quads data into an array of Terms 4. Hash each Term to integer 5. Feed the array of integers into the BBS signing algorithm to generate a signature value

15. (1) Convert VC from JSON-LD to RDF N-Quads 14 _:b0

    type VerifiableCredential _:b0 issuer gov _:b0 credentialSubject xyz xyz type Person xyz name John Smith xyz isPatientOf _:b1 _:b1 type Vaccination _:b1 date 2022-04-04 _:b1 vaccine code#123 { "type": "VerifiableCredential", "issuer": "gov", "proof": { }, "credentialSubject": { "id": "xyz", "type": "Person", "name": "John Smith" "isPatientOf": { "type": "Vaccination", "date": "2022-04-04", "vaccine": { "id": "code#123", "type": "Vaccine" } } } } JSON-LD N-Quads

16. N-Quads 15 _:b0 type VerifiableCredential _:b0 issuer gov _:b0 credentialSubject

    xyz xyz type Person xyz name John Smith xyz isPatientOf _:b1 _:b1 type Vaccination _:b1 date 2022-04-04 _:b1 vaccine code#123 { "type": "VerifiableCredential", "issuer": "gov", "proof": { }, "credentialSubject": { "id": "xyz", "type": "Person", "name": "John Smith" "isPatientOf": { "type": "Vaccination", "date": "2022-04-04", "vaccine": { "id": "code#123", "type": "Vaccine" } } } } xyz type Person xyz name John Smith xyz isPatientOf _:x _:x type Vaccination _:x date 2022-04-04 _:x vaccine code#123 _:y type VerifiableCredential _:y issuer gov _:y credentialSubject xyz RDF data has "ambiguity" in terms of blank node labels and the order of quads → We need canonical form for signing and verifying

17. (2) Eliminate ambiguity of N-Quads data (Canonicalization) 16 _:b0 type

    VerifiableCredential _:b0 issuer gov _:b0 credentialSubject xyz xyz type Person xyz name John Smith xyz isPatientOf _:b1 _:b1 type Vaccination _:b1 date 2022-04-04 _:b1 vaccine code#123 _:c14n0 date 2022-04-04 _:c14n0 type Vaccination _:c14n0 vaccine code#123 _:c14n1 type VerifiableCredential _:c14n1 credentialSubject xyz _:c14n1 issuer gov xyz type Person xyz isPatientOf _:c14n1 xyz name John Smith RDF Canonicalization Regardless of the original blank node labels and the order of quads, you can obtain deterministically unique labels and orders

18. (3) Decompose N-Quads data into an array of Terms 17

    _:c14n0 .c8xd... date 2022-04-04 _:c14n0 .c8xd... type Vaccination _:c14n0.c8xd... vaccine code#123 _:c14n1.c8xd... type VerifiableCredential _:c14n1.c8xd... credentialSubject xyz _:c14n1.c8xd... issuer gov xyz type Person xyz isPatientOf _:c14n1.c8xd... xyz name John Smith _:c14n0 .c8xd... date 2022-04-04 Vaccination _:c14n0 .c8xd... type John Smith xyz name ... ... ... 1 4 2 5 26 25 3 6 27

19. (4) Hash each Term to integer 18 _:c14n0 date 2022-04-04

    Vaccination _:c14n0 type John Smith xyz name ... ... ... 1 4 2 5 26 25 3 6 27 9139018... 7975413... 8394757... 4937101... 9139018... 1106247... 5388010... 6580550... 4549787... ... ... ... 1 4 2 5 26 25 3 6 27 Hash to Scalar

20. (5) Feed the array of integers into the BBS signing

    algorithm 19 9139018... 7975413... 8394757... 4937101... 9139018... 1106247... 5388010... 6580550... 4549787... ... ... ... 1 4 2 5 26 25 3 6 27 BBS.sign ← Holder's secret blindly signed using its commitment signature { "type": "VerifiableCredential", "issuer": "gov", "proof": { BBS signature }, "credentialSubject": { "id": "xyz", "type": "Person", "name": "John Smith" "isPatientOf": { "type": "Vaccination", "date": "2022-04-04", "vaccine": { "id": "code#123", "type": "Vaccine" } } } } 4999362... 0 Issuer's secret key

21. VC Verification 20 9139018... 7975413... 8394757... 4937101... 9139018... 1106247... 5388010...

    6580550... 4549787... ... ... ... 1 4 2 5 26 25 3 6 27 BBS.verify accept / reject { "type": "VerifiableCredential", "issuer": "gov", "proof": { BBS signature }, "credentialSubject": { "id": "xyz", "type": "Person", "name": "John Smith" "isPatientOf": { "type": "Vaccination", "date": "2022-04-04", "vaccine": { "id": "code#123", "type": "Vaccine" } } } } 4999362... 0 Issuer's public key Steps (1) to (4) are the same as Issuance

22. VP Composition 21 _:b0 credentialSubject xyz xyz name John Smith

    xyz isPatientOf _:b1 _:b1 date 2022-04-04 _:b0 credentialSubject _:x0 _:x0 isPatientOf _:b1 _:b1 date 2022-04-04 Holder's view Verifier's view (after disclosure) { "credentialSubject": { "id": "xyz", "name": "John Smith" "isPatientOf": { "date": "2022-04-04" } } { "credentialSubject": { "id": "_:x0", "name": "John Smith", "isPatientOf": { "date": "2022-04-04" } } just removed redacted by blank node 2 types of selective disclosure

23. VP Composition 22 Verifier must restore the original layout to

    ensure successful verification _:b0 credentialSubject xyz xyz name John Smith xyz isPatientOf _:b1 _:b1 date 2022-04-04 _:b0 credentialSubject _:x0 _:x0 isPatientOf _:b1 _:b1 date 2022-04-04 _:c14n0 date 2022-04-04 _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name John Smith _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentialSubject _:c14n1 canonicalize canonicalize split split _:c14n0 date 2022-04-04 _:c14n1 credentia.. xyz xyz isPatientOf _:c14n0 xyz name John Smith _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentia.. _:c14n1 Holder's view Verifier's view If approached naively, the encoded results may differ significantly...

24. VP Composition 23 _:b0 credentialSubject xyz xyz name John Smith

    xyz isPatientOf _:b1 _:b1 date 2022-04-04 _:b0 credentialSubject _:x0 _:x0 isPatientOf _:b1 _:b1 date 2022-04-04 _:c14n0 date 2022-04-04 _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name John Smith _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentialSubject _:c14n1 canonicalize canonicalize Holder's view Verifier's view (predicted by Holder) (a) anonymize from to xyz _:x0 Holder first computes "triple map" that enables Verifier to obtain original layout

25. VP Composition 24 _:b0 credentialSubject xyz xyz name John Smith

    xyz isPatientOf _:b1 _:b1 date 2022-04-04 _:b0 credentialSubject _:x0 _:x0 isPatientOf _:b1 _:b1 date 2022-04-04 _:c14n0 date 2022-04-04 _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name John Smith _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentialSubject _:c14n1 canonicalize canonicalize (b) canonicalize from to _:b1 _:c14n0 _:x0 _:c14n1 _:b0 _:c14n2 (a) anonymize from to xyz _:x0 Holder's view Verifier's view (predicted by Holder) Holder first computes "triple map" that enables Verifier to obtain original layout

26. VP Composition 25 _:b0 credentialSubject xyz xyz name John Smith

    xyz isPatientOf _:b1 _:b1 date 2022-04-04 _:b0 credentialSubject _:x0 _:x0 isPatientOf _:b1 _:b1 date 2022-04-04 _:c14n0 date 2022-04-04 _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name John Smith _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentialSubject _:c14n1 canonicalize canonicalize (c) canonicalize from to _:b0 _:c14n1 _:b1 _:c14n0 (a) anonymize from to xyz _:x0 (b) canonicalize from to _:b1 _:c14n0 _:x0 _:c14n1 _:b0 _:c14n2 Holder's view Verifier's view (predicted by Holder) Holder first computes "triple map" that enables Verifier to obtain original layout

27. VP Composition 26 (a) anonymize-1 to from _:x0 xyz (b)

    canonicalize-1 from to _:c14n0 _:b1 _:c14n1 _:x0 _:c14n2 _:b0 (c) canonicalize from to _:b0 _:c14n1 _:b1 _:c14n0 (b)-1 × ((a)-1 + (c)) from to _:c14n0 _:c14n0 _:c14n1 xyz _:c14n2 _:c14n1 (a)-1 + (c) from to _:x0 xyz _:b0 _:c14n1.a _:b1 _:c14n0.a (a)-1 + (c) from to _:x0 xyz _:b0 _:c14n1.a _:b1 _:c14n0.a Holder first computes "triple map" that enables Verifier to obtain original layout

28. VP Composition 27 _:b0 credentialSubject xyz xyz name John Smith

    xyz isPatientOf _:b1 _:b1 date 2022-04-04 _:b0 credentialSubject _:x0 _:x0 isPatientOf _:b1 _:b1 date 2022-04-04 _:c14n0 date 2022-04-04 _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name John Smith _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentialSubject _:c14n1 canonicalize canonicalize (b)-1 × ((a)-1 + (c)) from to _:c14n0 _:c14n0 _:c14n1 xyz _:c14n2 _:c14n1 _:c14n0 date 2022-04-04 xyz isPatientOf _:c14n0 _:c14n1 credentialSubject xyz Holder's view Verifier's view (predicted by Holder) Holder first computes "triple map" that enables Verifier to obtain original layout

29. VP Composition 28 _:b0 credentialSubject xyz xyz name John Smith

    xyz isPatientOf _:b1 _:b1 date 2022-04-04 _:b0 credentialSubject _:x0 _:x0 isPatientOf _:b1 _:b1 date 2022-04-04 _:c14n0 date 2022-04-04 _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name John Smith _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentialSubject _:c14n1 canonicalize canonicalize _:c14n0 date 2022-04-04 xyz isPatientOf _:c14n0 _:c14n1 credentialSubject xyz triple map from to 0 0 1 2 2 1 #triples = 4 0 1 2 0 1 2 to be included in the VP Holder's view Verifier's view (predicted by Holder) Holder first computes "triple map" that enables Verifier to obtain original layout

30. VP Composition 29 _:b0 credentialSubject xyz xyz name John Smith

    xyz isPatientOf _:b1 _:b1 date 2022-04-04 _:c14n0 date 2022-04-04 _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name John Smith canonicalize split _:c14n0 date 2022-04-04 _:c14n1 credentia.. xyz xyz isPatientOf _:c14n0 xyz name John Smith triple map from to 0 0 1 2 2 1 #triples = 4 BBS. derive 1 2 3 4 5 6 7 8 9 10 11 12 _:b0 credentialSubject _:x0 _:x0 isPatientOf _:b1 _:b1 date 2022-04-04 Holder's view Verifier's view (after disclosure) undisclosed attribute indexes [[1,9],[4],[6,7],[10],[11],[12]] derived proof value sent to Verifier issuer's public key

31. VP Verification 30 _:b0 credentialSubject xyz xyz name John Smith

    xyz isPatientOf _:b1 _:b1 date 2022-04-04 _:b0 credentialSubject _:x0 _:x0 isPatientOf _:b1 _:b1 date 2022-04-04 _:c14n0 date 2022-04-04 _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name John Smith _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentialSubject _:c14n1 canonicalize canonicalize split split _:c14n0 date 2022-04-04 _:c14n1 credentia.. xyz xyz isPatientOf _:c14n0 xyz name John Smith _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentia.. _:c14n1 triple map from to 0 0 1 2 2 1 #triples = 4 Holder's view (Real) Verifier's view

32. VP Verification 31 _:b0 credentialSubject xyz xyz name John Smith

    xyz isPatientOf _:b1 _:b1 date 2022-04-04 _:b0 credentialSubject _:x0 _:x0 isPatientOf _:b1 _:b1 date 2022-04-04 _:c14n0 date 2022-04-04 _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name John Smith _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentialSubject _:c14n1 canonicalize canonicalize split split then reorder using triple map given by Holder _:c14n0 date 2022-04-04 _:c14n1 credentia.. xyz xyz isPatientOf _:c14n0 xyz name John Smith _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentia.. _:c14n1 triple map from to 0 0 1 2 2 1 #triples = 4 Holder's view (Real) Verifier's view

33. VP Verification 32 _:b0 credentialSubject xyz xyz name John Smith

    xyz isPatientOf _:b1 _:b1 date 2022-04-04 _:b0 credentialSubject _:x0 _:x0 isPatientOf _:b1 _:b1 date 2022-04-04 _:c14n0 date 2022-04-04 _:c14n1 credentialSubject xyz xyz isPatientOf _:c14n0 xyz name John Smith _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentialSubject _:c14n1 canonicalize canonicalize split _:c14n0 date 2022-04-04 _:c14n1 credentia.. xyz xyz isPatientOf _:c14n0 xyz name John Smith _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentia.. _:c14n1 triple map from to 0 0 1 2 2 1 #triples = 4 Holder's view split then reorder using triple map given by Holder (Real) Verifier's view Verifier regards every blank nodes as undisclosed attributes

34. VP Verification 33 _:b0 credentialSubject _:x0 _:x0 isPatientOf _:b1 _:b1

    date 2022-04-04 _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentialSubject _:c14n1 canonicalize _:c14n0 date 2022-04-04 _:c14n1 isPatientOf _:c14n0 _:c14n2 credentia.. _:c14n1 triple map from to 0 0 1 2 2 1 #triples = 4 split then reorder using triple map given by Holder (Real) Verifier's view 1 2 3 4 5 6 7 8 9 10 11 12 BBS. verify Proof Accept / Reject issuer's public key Holder's derived proof value (obtained from VP's proofValue)

35. Appendix: Example Use Case

36. LD-based Verifiable Credentials 35 Issuer Verifier Holder

37. LD-based Verifiable Credentials 36 xyz: Person name = John Smith

    credentialSubject : Vaccination date = 2023-06-04 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine vc#1: VerifiableCredential issuer = gov; proof = sig1 VC1 bound to Holder's secret Issuer Verifier Holder

38. xyz: Person name = John Smith : Vaccination date =

    2023-06-04 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine LD-based Verifiable Credentials 37 VC1 vc#1: VerifiableCredential issuer = gov; proof = sig1 credentialSubject Issuer Verifier Holder Prove that you got vaccinated using authorized vaccine after April 2023 !

39. xyz: Person name = John Smith : Vaccination date =

    2023-06-04 lotNo = 9999999 isPatientOf cvx#207 : Vaccine vaccine LD-based Verifiable Credentials 38 VC1 code#123 vc#1: VerifiableCredential issuer = gov; proof = sig1 credentialSubject Issuer Verifier Holder Prove that you got vaccinated using authorized vaccine after April 2023 ! Is it authorized?

40. xyz: Person name = John Smith : Vaccination date =

    2023-06-04 lotNo = 9999999 isPatientOf cvx#207 : Vaccine vaccine LD-based Verifiable Credentials 39 VC1 VC2 : VerifiableCredential issuer = prv; proof = sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = authorized credentialSubject download code#123 vc#1: VerifiableCredential issuer = gov; proof = sig1 credentialSubject Issuer Verifier Holder Prove that you got vaccinated using authorized vaccine after April 2023 ! Is it authorized? Issuer (vaccine info provider)

41. xyz: Person name = John Smith : Vaccination date =

    2023-06-04 lotNo = 9999999 isPatientOf cvx#207 : Vaccine vaccine LD-based Verifiable Credentials 40 VC1 VC2 : VerifiableCredential issuer = prv; proof = sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = authorized credentialSubject code#123 vc#1: VerifiableCredential issuer = gov; proof = sig1 credentialSubject Issuer Verifier Holder Prove that you got vaccinated using authorized vaccine after April 2023 ! Is it authorized? Issuer (vaccine info provider) download link data

42. xyz: Person name = John Smith : Vaccination date =

    2023-06-04 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine LD-based Verifiable Credentials 41 VC1 VC2 : VerifiableCredential issuer = prv; proof = sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = authorized credentialSubject vc#1: VerifiableCredential issuer = gov; proof = sig1 credentialSubject Issuer Verifier Holder Prove that you got vaccinated using authorized vaccine after April 2023 ! Issuer (vaccine info provider) link data

43. xyz: Person name = John Smith : Vaccination date =

    2023-06-04 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine LD-based Verifiable Credentials 42 VC1 VC2 : VerifiableCredential issuer = prv; proof = sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = authorized credentialSubject *** **************** **************** ********* ********* ********************** ************************* vc#1: VerifiableCredential issuer = gov; proof = sig1 selective disclosure *** credentialSubject Issuer Verifier Holder Prove that you got vaccinated using authorized vaccine after April 2023 ! Issuer (vaccine info provider)

44. xyz: Person name = John Smith : Vaccination date =

    2023-06-04 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine LD-based Verifiable Credentials 43 VC1 VC2 : VerifiableCredential issuer = prv; proof = sig2 code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = authorized credentialSubject *** **************** **************** *** X *** *** X *** ********************** ************************* proof of equality vc#1: VerifiableCredential issuer = gov; proof = sig1 *** credentialSubject Issuer Verifier Holder Prove that you got vaccinated using authorized vaccine after April 2023 ! Issuer (vaccine info provider) selective disclosure

45. xyz: Person name = John Smith : Vaccination date =

    2023-06-04 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine LD-based Verifiable Credentials 44 VC1 VC2 : VerifiableCredential issuer = prv; proof = ... code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = authorized credentialSubject *** **************** **************** *** X *** *** X *** ********************** ************************* *** vc#1: VerifiableCredential issuer = gov; proof = 署名値 *** **** signature hiding for unlinkability credentialSubject Issuer Verifier Holder Prove that you got vaccinated using authorized vaccine after April 2023 ! Issuer (vaccine info provider) proof of equality selective disclosure

46. xyz: Person name = John Smith : Vaccination date =

    2023-06-04 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine LD-based Verifiable Credentials 45 VC1 VC2 : VerifiableCredential issuer = prv; proof = ... code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = authorized credentialSubject *** **************** **************** *** X *** *** X *** ********************** ************************* *** vc#1: VerifiableCredential issuer = gov; proof = 署名値 *** **** credentialSubject Issuer Verifier Holder Prove that you got vaccinated using authorized vaccine after April 2023 ! Issuer (vaccine info provider) proof of equality selective disclosure >= 2023-04 Predicate Proof signature hiding for unlinkability

47. xyz: Person name = John Smith : Vaccination date =

    2023-06-04 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine LD-based Verifiable Credentials 46 VC1 VC2 : VerifiableCredential issuer = prv; proof = ... code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = authorized credentialSubject *** **************** **************** *** X *** *** X *** ********************** ************************* vc#1: VerifiableCredential issuer = gov; proof = 署名値 *** **** proof of secret knowledge credentialSubject Issuer Verifier Holder Prove that you got vaccinated using authorized vaccine after April 2023 ! Issuer (vaccine info provider) proof of equality selective disclosure *** Predicate Proof signature hiding for unlinkability >= 2023-04

48. xyz: Person name = John Smith : Vaccination date =

    2023-06-04 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine LD-based Verifiable Credentials 47 VC1 VC2 : VerifiableCredential issuer = prv; proof = ... code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = authorized credentialSubject *** **************** **************** *** X *** *** X *** ********************** ************************* vc#1: VerifiableCredential issuer = gov; proof = 署名値 *** **** credentialSubject Issuer Verifier Holder Prove that you got vaccinated using authorized vaccine after April 2023 ! Issuer (vaccine info provider) proof of equality selective disclosure *** VP proof of secret knowledge Predicate Proof signature hiding for unlinkability >= 2023-04

49. xyz: Person name = John Smith : Vaccination date =

    2023-06-04 lotNo = 9999999 isPatientOf code#123 : Vaccine vaccine LD-based Verifiable Credentials 48 VC1 VC2 : VerifiableCredential issuer = prv; proof = ... code#123: Vaccine name = Awesome Vaccine manufacturer = Example.com status = authorized credentialSubject *** **************** **************** *** X *** *** X *** ********************** ************************* vc#1: VerifiableCredential issuer = gov; proof = 署名値 *** **** credentialSubject Issuer Verifier Holder Prove that you got vaccinated using authorized vaccine after April 2023 ! Issuer (vaccine info provider) proof of equality selective disclosure *** VP I (anonymized) got vaccinated using authorized vaccine (anonymized) after April 2023 (without exact date) proof of secret knowledge Predicate Proof signature hiding for unlinkability >= 2023-04