RE: selective disclosure without ZKP from Nikos Fotiou on 2020-06-11 (public-credentials@w3.org from June 2020)

From: Nikos Fotiou <fotiou@aueb.gr>
Date: Thu, 11 Jun 2020 03:34:28 +0300
To: W3C Credentials CG <public-credentials@w3.org>
Message-ID: <E1jjBB3-0000Am-FH@mimas.w3.org>

> . By "verifiable representation" did you mean verifiable presentation

Yes!

> In general it sounds like instead of putting the data directly into the VC, you'd like to put a reference to that data instead. Then, a verifier who can also access the data can check that the issuer authorized certain actions or statements related to that data. How close is this? Some examples would certainly help

Not really. Suppose you have these two claims:
name:”nikos fotiou”, age:”35” 

Instead of putting them directly in the VC you put:
Hash( Hash(name:”nikos fotiou”) , Hash(age:”35”) )

Where Hash is a hash function (e.g., sha-256) e.g.,
…
"credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "merkle_root": "43bfd3432……” //<-- this is the outer hash value
}
…

Now I can disclosure my age in a verifiable way by  including in the verifiable presentation, in the proof section:
Hash(name:”nikos fotiou”), age:”35”

Any verifier can re-calculate the outer hash (included in the VC), hence it can verify the presentation, but it does not learn my name. 

Best,
Nikos

From: Wayne Chang
Sent: Πέμπτη, 11 Ιουνίου 2020 2:50 πμ
To: Nikos Fotiou; W3C Credentials CG
Subject: Re: selective disclosure without ZKP

Hey Nikos, thanks for sharing the idea. This is one of those questions where you'd probably need to specify the exact data structures and algorithms to make sure no one is misinterpreting your steps. By "verifiable representation" did you mean verifiable presentation, or is that something specific to your use case?

In general it sounds like instead of putting the data directly into the VC, you'd like to put a reference to that data instead. Then, a verifier who can also access the data can check that the issuer authorized certain actions or statements related to that data. How close is this? Some examples would certainly help.

Best,
- Wayne

On Wed, Jun 10, 2020, at 7:39 PM, Nikos Fotiou wrote:

Hi,
We were thinking about VCs that support selective disclosure of claims without ZKP (we do not care about unlikability). A trivial approach that came up is the following: the issuer organizes all claims in a Merkle tree, includes the root of the Merkle tree (only) in the VC, and sends the VC and the tree to the holder. Then, the holder can include the VC and the corresponding Merkle membership proof in the verifiable representation.

Does this sound reasonable?

Best,
Nikos

Received on Thursday, 11 June 2020 00:34:44 UTC