Re: New Work Item Proposal: Revocation List 2020 from Manu Sporny on 2020-05-02 (public-credentials@w3.org from May 2020)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sat, 2 May 2020 08:58:10 -0400
To: Adrian Gropper <agropper@healthurl.com>, daniel.hardman@evernym.com
Cc: Credentials Community Group <public-credentials@w3.org>
Message-ID: <31abae90-b135-19a1-845d-3e2eb3ae38dc@digitalbazaar.com>

On 5/2/20 2:56 AM, Adrian Gropper wrote:
> I’m old enough to remember when credit card companies published
> “little books” of revoked credit card numbers. Each merchant would
> check to make sure the credit card number was not tampered with and
> not in the list in the little book of the week.
> 
> Is this a scheme to compress the size of the “little book” so that
> the publisher could seed many copies at reasonable cost every week to
> avoid traffic analysis when merchants come to ask for a copy?

Yes, you could think of it in that way (with some hand waving over the
details).

To answer your earlier question, Adrian, here's a simple way to think
about this revocation method:

You are an issuer, and you issue 100,000+ VCs. You will have a "little
book" that looks like this:

[_____ ... lots of entries ... _____]

Each underscore above (there are 100,000+ of those) map to ONE
Verifiable Credential. If it's an underscore, the Verifiable Credential
has not been revoked, if there is an "X" the Verifiable Credential has
been revoked. So, after a week, you revoke one VC, your little book now
looks like this:

[_____ ... lots of entries ... __X__]

Note that there is only one "X", which corresponds to the VC that was
revoked.

When a Verifier goes to check to check the "little book", they say:
"Give me the entire little book", and in this case, you hand it over to
them. You have no idea which entry they're interested in, you just give
the little book over to them.

Once the Verifier has the book, in the privacy of their organization,
they check the entry they're interested in. If there is an "X" in the
book beside the Verifiable Credential they're interested in, they know
it's revoked. Otherwise, the VC is still valid (as far as the revocation
status is confirmed).

Now, if we were to not compress that little book, for a roughly 100K
entries, the file size would be roughly 16KB. But, thanks to compression
technologies that were invented in the 1990s, we can reduce the size of
the little book by a lot... because there is only one "X" in it, we
really just need to store the location of that one "X", which takes far
less space than stating "this VC has not been revoked" over 100K times.

... and that's more or less all there is to it.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Saturday, 2 May 2020 12:58:28 UTC