RE: selective disclosure without ZKP from Nikos Fotiou on 2020-06-11 (public-credentials@w3.org from June 2020)

From: Nikos Fotiou <fotiou@aueb.gr>
Date: Thu, 11 Jun 2020 04:41:42 +0300
To: "daniel.hardman@evernym.com" <daniel.hardman@evernym.com>
Cc: "public-credentials@w3.org" <public-credentials@w3.org>
Message-ID: <E1jjCE5-0001yL-DK@mimas.w3.org>

Indeed, if verifiers are colluding then you are losing the selectivity!  

From: Daniel Hardman
Sent: Πέμπτη, 11 Ιουνίου 2020 3:36 πμ
To: Nikos Fotiou
Cc: public-credentials@w3.org
Subject: Re: selective disclosure without ZKP

I believe this is the technique that Workday has advocated and demoed at the Fall 2019 IIW. They may have more info.

Just to be clear: the merkle tree root hash is itself a perfect correlator; every credential will have a different value for it. If you have fields 1-10, you can do selective disclosure on any subset of fields 1-10, but you are *always* revealing field 11 (the merkle tree root hash) to every verifier. This may or may not be a problem, depending on your requirements -- but should be accounted for in the analysis of the selectivity benefit.

On Wed, Jun 10, 2020 at 5:39 PM Nikos Fotiou <fotiou@aueb.gr> wrote:

Hi,
We were thinking about VCs that support selective disclosure of claims without ZKP (we do not care about unlikability). A trivial approach that came up is the following: the issuer organizes all claims in a Merkle tree, includes the root of the Merkle tree (only) in the VC, and sends the VC and the tree to the holder. Then, the holder can include the VC and the corresponding Merkle membership proof in the verifiable representation.

Does this sound reasonable?

Best,
Nikos

Received on Thursday, 11 June 2020 01:41:55 UTC