RE: AnonCreds v2 + Data Integrity -> Demonstrated path to convergence

>The thing that's different this time around is that we have a feature in Data Integrity called "cryptographic layering" (also called "parallel signatures").

>The feature lets you digitally sign the same data using more than one type of cryptography. For example, with this Data Integrity feature,

>you can digitally sign a trade document using ECDSA (which is NIST-approved), and in parallel, digitally sign the same trade

>document using BBS, or CL Signatures (which are not NIST-approved).



>What this enables is both digital signatures to live along-side the document, peacefully co-existing,

>and which one is used is up to the Holder and Verifier to decide. Government verifiers might only accept

>the ECDSA-signed version, while enterprises that are more innovative (when it comes to use of

>new cryptographic features) could choose to accept the latter.



FINALLY!



The support for “parallel signatures” in Data Integrity Proofs has always been one of the primary reasons for the difference between the SHALL and the MAY in the “DHS Implementation Profile of W3C VCDM and W3C DID” when it comes to support for various Credential Data Model Proof Formats:

  *   Verifiable Credentials, as defined in W3C VCDM, SHALL be secured using the Data Integrity Proof format
  *   Verifiable Credentials, as defined in W3C VCDM, MAY be secured using the JSON Web Token Proof format



I look forward learning more about the nuances and the details of this implementation!


Best Regards,

Anil

Anil John
Technical Director, Silicon Valley Innovation Program
Science and Technology Directorate
US Department of Homeland Security
Washington, DC, USA

Email Response Time – 24 Hours

[A picture containing graphical user interface  Description automatically generated]<https://www.dhs.gov/science-and-technology>[/Users/holly.johnson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1972159395]