Breakthrough: Parallel Signatures - NIST, ECDSA-SD, and BBS

Hi Credentials CG (bcc: W3C VCWG),

We're excited to announce that a big milestone, that our community has
been striving towards for years, has been achieved. This is a
historical first; to our knowledge, it's never been accomplished
before.

We now have the first public technical demonstration of cryptographic
layering[1] (aka parallel signatures) on a Verifiable Credential that
uses government approved cryptographic algorithms (FIPS-140) for full
and selective disclosure of a VC, as well as unlinkable signatures
using BBS, to achieve advanced privacy protections.

What this means is that a single Verifiable Credential can be issued
that meets all government requirements when it comes to cryptographic
algorithms as well as one that addresses privacy concerns highlighted
by civil society and existing government privacy regulations.

The work implements the latest W3C Data Integrity specifications that
are in the Candidate Recommendation phase in the W3C Verifiable
Credentials Working Group.

We have deployed this infrastructure to the Verifiable Credentials
Playground, so anyone reading this message has the ability to try this
out for themselves. If you'd like to do so, here are the steps:

1. Go to https://demo.vereswallet.dev/ and sign up for a free digital wallet.
2. Go to https://vcplayground.org/ and click on the "Issuer Demo".
3. Select the Gear icon at the top-right.
4. Select "@digitalbazaar/vc - ECDSA+Ed25519+BBS (did:web)" as the
backend issuer service.
5. Select the "Permanent Resident" VC.
6. Click "Issue Verifiable Credential".
7. Click "Skip DID Authentication" (optional, you can do this if you want).
8. Click "Store in wallet" and follow the prompts to save the
credential in the wallet.

You now have a VC that is secured using 5 different cryptographic
suites in parallel, each having different capabilities. We're going to
focus on unlinkable signatures via BBS for the demo today.

To present a BBS-secured VC:

1. Go to https://vcplayground.org/ and click on the "Verifier Demo".
2. Select "Permanent Resident (Country Only)" as the credential to request.
3. Click "Request Verifiable Credential".
4. Follow the prompts to share your VC with the Verifier Demo website.
5. You should see the VC that was shared, with a BBS signature on the
VC and ONLY type information, country of birth, and validity period
are shared (specifically, all of the other claims in the VC will be
hidden from the verifier).

As with any technology demo, there are some rough edges that need to
be sanded down (such as not including a counter-signature from the
holder, adding confidenceMethod, etc.). We'll follow this email up
with a technical explanation of what is possible today, and what we
think the community could focus on next. We'll be advancing these
initiatives over the next couple of weeks and months with others in
the ecosystem that we've been collaborating with on this release.
Exciting things to come.

We just wanted to share the good news to start.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
https://www.digitalbazaar.com/

Received on Monday, 29 January 2024 13:01:12 UTC