Re: selective disclosure without ZKP from steve capell on 2020-06-11 (public-credentials@w3.org from June 2020)

From: steve capell <steve.capell@gmail.com>
Date: Thu, 11 Jun 2020 10:36:15 +1000
To: Wayne Chang <wyc@fastmail.fm>
Cc: Nikos Fotiou <fotiou@aueb.gr>, W3C Credentials CG <public-credentials@w3.org>, "Raymond YEH (GOVTECH)" <Raymond_YEH@tech.gov.sg>, "Shujing LIEW (IMDA)" <LIEW_Shujing@imda.gov.sg>, Sin Yong LOH <LOH_Sin_Yong@imda.gov.sg>
Message-ID: <CAEMprtKOJxszUXP0qKAEKR=cs1WKWzEJ=7xY3-v46cYS0g5q3w@mail.gmail.com>

Hi All,

I'd like to mention that we in Australia are working on some cross-border
document exchange and document verification with our colleagues in
Singapore.  Part of the framework is an ethereum anchored public notary
service that includes a well developed framework for *selective disclosure*
whilst still maintaining the verifiability of the document integrity based
on the original proof.  It's all open source - from the Singapore
government - have a look at https://openattestation.com/

I should add that the open attestation v2 was developed before W3C VC/DID
stuff but I gather that Singapore is keen to make V3 align with the
specifications from this working group - so that would deliver a DID/VC
compliant selective disclosure model.

I've copied the authors of the framework in case they'd like to add
anything- or correct me if I've inadvertently mis-represented the work of
the Singapore team.

Kind regards,
Steve capell

On Thu, 11 Jun 2020 at 09:52, Wayne Chang <wyc@fastmail.fm> wrote:

> Hey Nikos, thanks for sharing the idea. This is one of those questions
> where you'd probably need to specify the exact data structures and
> algorithms to make sure no one is misinterpreting your steps. By
> "verifiable representation" did you mean verifiable presentation, or is
> that something specific to your use case?
>
> In general it sounds like instead of putting the data directly into the
> VC, you'd like to put a reference to that data instead. Then, a verifier
> who can also access the data can check that the issuer authorized certain
> actions or statements related to that data. How close is this? Some
> examples would certainly help.
>
> Best,
> - Wayne
>
> On Wed, Jun 10, 2020, at 7:39 PM, Nikos Fotiou wrote:
>
>
>
> Hi,
>
> We were thinking about VCs that support selective disclosure of claims
> without ZKP (we do not care about unlikability). A trivial approach that
> came up is the following: the issuer organizes all claims in a Merkle tree,
> includes the root of the Merkle tree (only) in the VC, and sends the VC and
> the tree to the holder. Then, the holder can include the VC and the
> corresponding Merkle membership proof in the verifiable representation.
>
>
>
> Does this sound reasonable?
>
>
>
> Best,
>
> Nikos
>
>
>
>
>

-- 
Steve Capell

Received on Thursday, 11 June 2020 00:36:40 UTC