Re: Work item suggestion: BBS Cryptosuite for Data Integrity

Selective disclosure is essential. However, it also increases the burden of
communication and decision on the subject. Absent the opportunity to
delegate or consult on the application of selective disclosure, subjects
will overshare and nullify the benefit of selective disclosure.

How do the cryptosuites under consideration interact with a subject’s
opportunity to delegate attenuation to an expert?

-Adrian

On Fri, Mar 17, 2023 at 9:15 AM John, Anil <anil.john@hq.dhs.gov> wrote:

> Selective disclosure capabilities that natively support JSON-LD credential
> formats for W3C Verifiable Credentials are a must have functionality for
> our ongoing workstreams:
>
>    - From a privacy and non-linkability aspects for our immigration
>    credentials issuance by the U.S. Citizenship and Immigration Services and;
>    - From a selective business information disclosure for our U.S.
>    Customs and Border Protection cross-border supply chain / trade work
>
>
>
> The fact that the BBS work, incubated at the W3C CCG, is undergoing
> cryptographic review via the IETF CFRG (
> https://datatracker.ietf.org/doc/draft-irtf-cfrg-bbs-signatures/ ), which
> is respected globally for its expertise, and which provides visibility to
> our technical authority on cryptography, NIST, is something that gives us
> confidence in the work and its path to formal standardization.
>
>
>
> As such, we support this work for inclusion in the VC Data Integrity
> cryptosuites given our existing and stated support for VC Data Integrity in
> our technical implementation profile.
>
>
>
> Support added to the letter.
>
>
>
> Best Regards,
>
>
>
> Anil
>
>
>
> Anil John
>
> Technical Director, Silicon Valley Innovation Program
>
> Science and Technology Directorate
>
> US Department of Homeland Security
>
> Washington, DC, USA
>
>
>
> Email Response Time – 24 Hours
>
>
>
> [image: A picture containing graphical user interface Description
> automatically generated] <https://www.dhs.gov/science-and-technology>[image:
> /Users/holly.johnson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1972159395]
>
>
>
>
>
> *From:* Tobias Looker <tobias.looker@mattr.global>
> *Sent:* Tuesday, March 14, 2023 6:41 PM
> *To:* public-vc-wg@w3.org
> *Subject:* Work item suggestion: BBS Cryptosuite for Data Integrity
>
>
>
> *CAUTION: *This email originated from outside of DHS. DO NOT click links
> or open attachments unless you recognize and/or trust the sender. Contact
> your component SOC with questions or concerns.
>
>
>
> Hi all,
>
> Following the VCWG adoption of the VC Data Integrity, this email is to
> call for the adoption of the BBS crypto suite for usage in this scheme [1].
>
>
>
> Since its inception as a CCG work item in 2020, significant work has been
> put in to mature the underlying cryptographic scheme of BBS which is shown
> through the adoption of it as a work item of the CFRG and recent
> publication of our second draft version that contains end to end test
> vectors which have been verified by multiple independent implementations
> [2].
>
>
>
> Following this we have been working on a revision to the current
> BbsSignature*2020 suite (formerly know as a Linked Data Proof suite) that
> will form the basis of this work item that makes use of the latest version
> of the BBS crypto scheme[2].
>
>
>
> BBS represents an important work item for Data Integrity as it enables
> properties such as selective disclosure and unlinkability.
>
>
>
> Given the impending new work item freeze / feature freeze in the VCWG at
> the end of March 2023, roughly two weeks from now, we need to make the
> call for adoption of this work item soon.
>
>
> If you are an organization (or an implementer) that would like to see support
> for BBS in the VC Data Integrity cryptosuites, then please add your name, title,
> and organization to the end of this Google Doc:
>
>
> https://docs.google.com/document/d/1RCQWjqeHL-o6gddXC3kzPy0chEC0rdWQFp1J_xk2HsI/edit
> <https://urldefense.us/v3/__https:/docs.google.com/document/d/1RCQWjqeHL-o6gddXC3kzPy0chEC0rdWQFp1J_xk2HsI/edit__;!!BClRuOV5cvtbuNI!T4f5ESrz0TeaHYUAY-eTS85UtwiIewSnU2AskDPDZlkzUFi64OR4zVk5auuRb2uD4Ctc$>
>
> As has been the case for other recent adoption calls we'll be collecting
> signatures this week, and then running a call for adoption in the VCWG once
> we have enough signatures. The more signatures of support the better, you
> don't have to be a W3C Member to sign the letter.
>
>
>
> [1] https://w3c-ccg.github.io/ldp-bbs2020/
> <https://urldefense.us/v3/__https:/w3c-ccg.github.io/ldp-bbs2020/__;!!BClRuOV5cvtbuNI!T4f5ESrz0TeaHYUAY-eTS85UtwiIewSnU2AskDPDZlkzUFi64OR4zVk5auuRb9nu8qNh$>
>
> [2]https://www.ietf.org/archive/id/draft-irtf-cfrg-bbs-signatures-02.html
> <https://urldefense.us/v3/__https:/www.ietf.org/archive/id/draft-irtf-cfrg-bbs-signatures-02.html__;!!BClRuOV5cvtbuNI!T4f5ESrz0TeaHYUAY-eTS85UtwiIewSnU2AskDPDZlkzUFi64OR4zVk5auuRb8pBN2Uv$>
>
>
>
> Thanks,
>
> [image: MATTR website]
> <https://urldefense.us/v3/__https:/mattr.global/__;!!BClRuOV5cvtbuNI!T4f5ESrz0TeaHYUAY-eTS85UtwiIewSnU2AskDPDZlkzUFi64OR4zVk5auuRbxeE6J74$>
>
>
>
> *Tobias Looker*
>
> MATTR
>
> +64 273 780 461
> tobias.looker@mattr.global <first.last@mattr.global>
>
> [image: MATTR website]
> <https://urldefense.us/v3/__https:/mattr.global/__;!!BClRuOV5cvtbuNI!T4f5ESrz0TeaHYUAY-eTS85UtwiIewSnU2AskDPDZlkzUFi64OR4zVk5auuRbxeE6J74$>
>
> [image: MATTR on LinkedIn]
> <https://urldefense.us/v3/__https:/www.linkedin.com/company/mattrglobal__;!!BClRuOV5cvtbuNI!T4f5ESrz0TeaHYUAY-eTS85UtwiIewSnU2AskDPDZlkzUFi64OR4zVk5auuRbwquTg1L$>
>
> [image: MATTR on Twitter]
> <https://urldefense.us/v3/__https:/twitter.com/mattrglobal__;!!BClRuOV5cvtbuNI!T4f5ESrz0TeaHYUAY-eTS85UtwiIewSnU2AskDPDZlkzUFi64OR4zVk5auuRb763jNVe$>
>
> [image: MATTR on Github]
> <https://urldefense.us/v3/__https:/github.com/mattrglobal__;!!BClRuOV5cvtbuNI!T4f5ESrz0TeaHYUAY-eTS85UtwiIewSnU2AskDPDZlkzUFi64OR4zVk5auuRb1xOjxqp$>
>
>
> This communication, including any attachments, is confidential. If you are
> not the intended recipient, you should not read it – please contact me
> immediately, destroy it, and do not copy or use any part of this
> communication or disclose anything about it. Thank you. Please note that
> this communication does not designate an information system for the
> purposes of the Electronic Transactions Act 2002.
>