- From: Orie Steele <orie@transmute.industries>
- Date: Wed, 26 Oct 2022 07:53:05 -0500
- To: Morgan Hedges <morgan.hedges@gosource.com.au>
- Cc: W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CAN8C-_JoRvfNeji4-zny4xhSE9hjzUX5cziPyg=m5v_mL2k1uA@mail.gmail.com>
FIPS (and signature agility) was a major motivating factor for creating that suite. Here is another one to keep an eye on: https://github.com/oauth-wg/oauth-selective-disclosure-jwt Both rely on traditional digital signatures and hashing (HMAC or Merkle Proofs). A related area are hash based signature schemes which have been reviewed by NIST, such as XMSS, LMS. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208.pdf And Sphincs: https://csrc.nist.gov/CSRC/media/Presentations/SPHINCS/images-media/SPHINCS-Plus-April2018.pdf My untested assumption is that both merkle proof and hmac systems that rely on approved hash functions and approved digital signature algorithms would meet requirements. But I have not heard a conclusive yes or no to this question. Regards, OS On Tue, Oct 25, 2022 at 5:53 PM Morgan Hedges <morgan.hedges@gosource.com.au> wrote: > Hello CCG, > > Main question: Are there any FIPS compliant mechanisms for selective > disclosure, or at least candidates? > > My understanding is that BBS+ is unlikely to become a FIPS standard due to > the focus on post-quantum algorithms for new crypto work (please correct me > here). > > One recently-discussed workaround seems to be using multiple proofs: e.g. > one a FIPS compliant one, and a BBS+ one. But of course this means one > can't use selective disclosure when interacting with a verifier who > requires the FIPS proof. > > The especially naive bit- I think/presume it's not as easy as just using a > FIPS compliant signature algorithm on some kind of "hash of hashes" > (obvious example: a Merkle tree, something like MerkleDisclosureProof2021 > <https://w3c-ccg.github.io/Merkle-Disclosure-2021/>), but despite > spending some time with the FIPS-186-5 draft, I'm still not clear why this > should be ruled out. > > Much appreciated if anyone shed some light. > > thanks, > Morgan > > > --- > The content of this email and attachments are considered confidential. If > you are not the intended recipient, please delete the email and any copies, > and notify the sender immediately. The information in this email must only > be used, reproduced, copied, or disclosed for the purposes for which it was > supplied. > -- *ORIE STEELE* Chief Technical Officer www.transmute.industries <https://www.transmute.industries>
Received on Wednesday, 26 October 2022 12:53:29 UTC