Binary Globe by GDj

Identity Decentralized

6 minute read

Main

Website - Specification - Specification V2

Hyperledger AnonCreds – short for “Anonymous Credentials”- is the most commonly used Verifiable Credential (VC) format in the world. Ledger agnostic and with a formal open specification, AnonCreds is a VC format that adds important privacy-protecting ZKP (zero-knowledge proof) capabilities to the core VC assurances.

  • Hyperledger launches new digital identity project, AnonCreds 2022-11-15

    The technology itself is not new, as it was originally part of Hyperledger Indy, the digital identity ledger project. However, it has now been separated from Indy so that it can be used for verifiable credentials on ledgers such as Hyperledger Fabric or Ethereum-based Hyperledger Besu, or others.

  • Verifiable Credentials Flavors Explained 2021 CCI Kaliya ‘Identity Woman’ Young

    ZKP-CL: This credential format was created specifically to leverage the CL Signatures. JSON-JWT and JSON-LD Signatures each have their own way of representing the meaning of the attributes within a VC. JSON-JWT references an IANA registry and assumes a “closed world” authority model based on that authoritative registry. JSON-LD Signatures use an @context field to reference existing RDF mapping to known dictionaries and assumes an open world model where new terms and definitions can easily be introduced

  • [Literature] A Signature Scheme with Efficient Protocols 2001 Jan Camenisch IBM Zurich, Anna Lysyanskaya Brown

    Digital signature schemes are a fundamental cryptographic primitive, of use both in its own right, and as a building block in cryptographic protocol design. In this paper, we propose a practical and provably secure signature scheme and show protocols (1) for issuing a signature on a committed value (so the signer has no information about the signed value), and (2) for proving knowledge of a signature on a committed value. This signature scheme and corresponding protocols are a building block for the design of anonymity-enhancing cryptographic systems, such as electronic cash, group signatures, and anonymous credential systems. The security of our signature scheme and protocols relies on the Strong RSA assumption. These results are a generalization of the anonymous credential system of Camenisch and Lysyanskaya

Working Group

  • AnonCreds Specification Working Group 2022-11-02

    The AnonCreds Specification Working Group operates under the Community Specification License v1.0 to create the AnonCreds Specification. Current work is focused on Version 1.0 of the specification that covers the current CL-Signatures-based implementation of AnonCreds agnostic to the underlying ledger.

  • [Video] Hyperledger AnonCreds Specification Working Group 2023-06-19 Hyperledger Foundation

    The big thing I want to talk about was a couple of things on revocation approaches and and go over possibilities. There, there’s a few things happening that I wanted to share. […] as I mentioned in our credits announcements, the 0.1.0 rust implementation was officially released

Development

Background

  • Wrapping Indy Credentials (AnonCreds) in W3C VCs 2021-04-12 Finema

    AnonCreds are typically bound to a holder by using a link secret and not by issuing a credential to a public DID. In order to add such a credential (or a subset of attributes) to the public profile, we suggest the following mechanism which expresses the intent: I self-attest that I have this credential with the specific attribute values, if you require a proof you can ask me using the Aries present proof protocol.

  • Anonymous Credential Part 2: Selective Disclosure and CL Signature 2021-02-04 Finema

    selective disclosure and an anonymous credential (Anoncred) relies on an efficient signature scheme that supports multiple messages with a single signature. One such signature scheme is known as CL signature that is named after its Jan Camenisch and Anna Lysyanskaya […] CL signature popularized Anoncreds, and it also served as a cryptographic building block in Identity Mixer (Idemix) and Hyperledger Indy projects.

  • Anonymous Credential Part 1: Brief Overview and History 2020-10-01

    An anonymous credential (Anoncred), which is also known as an attribute-based credential (ABC), is a concept for a digital credential that provides a credential holder maximal privacy and an ability to selectively disclose their personal information.

  • CL Signatures for Anonymous Credentials 2019-01-14 Will Abramson

    A CL Signature is a signature scheme developed by Jan Camenisch and Anna Lysyanskaya. This scheme has some properties that make it ideal for use in an anonymous credential system and is, in fact, the scheme that Sovrin, and I am sure others, currently use. In this post, I will try to synthesise my current understanding of this scheme, including a look at how Sovrin uses it in practice.

  • Attribute Based Credentials and Variable Length Data Graphs 2018-02-28

    In an effort to allow JSON-LD data structures to leverage attribute based credentials and zero knowledge signature schemes, this paper outlines differences, requirements and possible options for representing JSON-LD data in attribute based credential schemes such as the one in use by the Sovrin network, implemented in the Hyperledger Indy project.

Critique

  • Being “Real” about Hyperledger Indy & Aries / Anoncreds 2022-09-10 IdentityWoman

    This article surfaces a synthesis of challenges / concerns about Hyperledger Indy & Aries / Anoncreds, the most marketed Self-Sovereign Identity technical stack. It is aimed to provide both business and technical decision makers a better understanding of the real technical issues and related business risks of Hyperledger Indy & Aries / Anoncreds, which have not been shared and discussed openly or publicly as the author believes need to be.

Response

Link Secrets and Privacy-Trust Paper

  • Significant section of critique discusses link secrets
  • Repeats old claim they are insecure
  • Cites 2019 paper by Arnold and Longley for support
  • Assertion made that the paper has inaccuracies and misrepresentations
  • Rebuttal sent to W3C CCG with supporting documentation
  • Encourages reading both sources before deciding on credential security

Misunderstanding About Credential Formats (AnonCreds vs. VC Spec)

  • Differences in how “credential” is defined between AnonCreds and VC spec
  • AnonCreds’ internal “credentials” are not designed for sharing or verification
  • Verifiable AnonCreds “proofs” should be evaluated as verifiable credentials
  • Interoperability work focuses on proofs, not credential formats per se
  • Mapping between AnonCreds proofs and VC data model already exists
  • Lack of willingness to alter UX and messaging may hinder interoperability

Prior Work

See Also


Ecosystem Overview

This page includes a breakdown of the Web Standards, Protocols,Open Source Projects, Organizations, Companies, Regions, Government and Policy surrounding Verifiable Credentials and Self Sovereign Identity.

Updated: 2024-02-26 4 minute read

Tags:

Verifiable Credentials with JSON-LD and BBS+ Signatures

BBS signatures were implicitly proposed by Boneh, Boyen, and Shacham (CRYPTO ’04) as part of their group signature scheme, and explicitly cast as stand-alone signatures by Camenisch and Lysyanskaya (CRYPTO ’04). A provably secure version, called BBS+, was then devised by Au, Susilo, and Mu (SCN ’...

Updated: 2023-09-29 8 minute read

Tags:
BBS
Data Integrity
JSON-LD
Verifiable Credentials
W3C

Verifiable Credentials with JOSE (JWT) / COSE (CBOR)

Digital proof mechanisms, a subset of which are digital signatures, are required to ensure the protection of a verifiable credential. Having and validating proofs, which may be dependent on the syntax of the proof (for example, using the JSON Web Signature of a JSON Web Token for proofing a key h...

Updated: 2023-09-09 12 minute read

Tags:
COSE
IANA
JOSE
JWT
Verifiable Credentials
W3C

Verifiable Credentials with JSON-LD and Linked Data Proofs

Starting with the name, JSON-LD stands for JavaScript Object Notation with Linked Data. JSON-LD is a method of encoding linked data using JSON. The term “JSON-LD Credential” alone is somewhat ambiguous but the way it is colloquially used, it means a W3C Verifiable Credential Data Model compliant ...

Updated: 2023-09-29 4 minute read

Tags:
Data Integrity
JSON-LD
Verifiable Credentials
W3C