In Partnership with the LINKS Foundation
TL;DR:
The IOTA Foundation is working with its long-term partner LINKS Foundation to bring privacy-preserving selective disclosure credentials to IOTA Identity. This solution allows users to selectively share parts of credentials at their full discretion.
In October 2023 the Cybersecurity Research Group at the non-profit research center LINKS Foundation announced their ZKryptium library for zero-knowledge selective disclosure credentials and their intention to integrate them into IOTA Identity. Since then we’ve worked together on making these techniques available for users of IOTA Identity, the digital identity framework based on IOTA Technology.
The LINKS Foundation has also joined the Identity Working Group, which gathers builders using IOTA Identity to achieve the adoption of self-sovereign identity (SSI).
Before we delve into SSI and how LINKS’ integration of zero knowledge credentials enhances selective disclosure, let’s share more about the Identity Working Group and its latest member.
Identity Working Group
The Identity Working Group collaborates on the development of the IOTA Identity Library. It was established by founding members walt.id, Teleconsys, TangleLabs, Impierce Technologies, Filancore, Demia, TLIP, and the IOTA Foundation in July 2023.
Engineers from these organizations have come together to maintain and deliver significant improvements. If your organization is interested in joining the Identity Working Group, please reach out to [email protected].
About the LINKS Foundation
The latest member of the Identity Working Group is the LINKS Foundation. LINKS focuses on applied research, innovation, and technology transfer, bridging the gap between basic research and the market.
The foundation’s Cybersecurity Research Group conducts R&D on topics including SSI and zero-knowledge proof. They are also coordinating QUBIP, a European Union-funded Horizon Europe project that researches the transition of network and digital identity protocols to post-quantum cryptography. The IOTA Foundation is a member of QUBIP’s Institutional and Industrial Advisory Board.
SSI and Selective Disclosure
The main focus of the Identity Working Group is self-sovereign identity (SSI), which empowers users to control their data sharing through cryptographic proofs. Using traditional SSI credentials, a user can decide individually whether to share the credential with a trusted recipient.
Selective disclosure extends SSI by allowing users to share specific data fields of a credential. For example, users can share only their date of birth from a national identity document when accessing age-restricted services, without revealing other details like address or ID number. This ensures that verifiers only see the necessary information while guaranteeing the credential’s authenticity.
Selective Disclosure in Practice
There are several ways of implementing selective disclosure, each with its own specifications, techniques, and trade-offs. Some use advanced cryptography while others use relatively simple hashing functions. The common denominator is the concealment of selected attributes or fields of credentials and the disclosure of only non-concealed attributes to verifiers while maintaining strong proof of the data’s authenticity and origin.
Different methods of selective disclosure offer varying levels of vulnerability to malicious verifiers recording and analyzing meta-data or colluding with other verifiers to track the credential holder’s data. Another important difference is the degree of flexibility in creating and presenting selectively disclosable credentials.
Finally, the underlying cryptography has important implications for the computing resources needed to create and verify the proofs. While the latest cryptographic implementations might be more capable, their relatively young age means they are less proven in real-world applications.
To cater to different needs, IOTA Identity’s library supports two selective disclosure implementations: The Selective Disclosure JSON Web Token (SD-JWT) and BBS+-based Selective Disclosure.
SD-JWT
The Selective Disclosure JSON Web Token (SD-JWT) requires the issuer to decide which credential fields can be disclosed by a holder. To conceal the fields, the issuer prepares separate data packages and replaces the concealed values with a cryptographic hash of the data. The issuer can also decide to add decoy values to make the credentials less predictable to malicious observers. Fields that the issuer does not conceal will be readable in all presentations of the credential.
The holder can disclose prepared concealed values to verifiers as needed.
IOTA has implemented Draft 07 of the SD-JWT specification as a general-purpose library and added support in the 1.1 version of IOTA Identity in February 2024. SD-JWT is closely aligned with the Architecture Reference Framework of the eIDAS 2.0 regulation (the EU’s upcoming digital identity framework) and does not rely on advanced or experimental cryptography.
We intend to follow the advancements and provide long-term support for this style of selective disclosure credential: You can find an overview of the implementation and examples here.
While SD-JWT significantly enhances user sovereignty and privacy, it does not solve all concerns about the linkability and traceability of users.
Selective Disclosure Based on BBS+
Together with the LINKS Foundation, we have investigated the potential for zero-knowledge-based selective disclosure credentials. This style of credential uses advanced cryptography to create proofs for data the verifier does not need to know, while still deriving strong guarantees regarding the authenticity and origin of the information.
Compared to SD-JWT credentials, the holder does not need to decide which fields are selectively disclosable. Instead, the holder can construct any combination of disclosures on an ad hoc basis, allowing more flexibility compared to SD-JWT, where the issuer needs to predefine which attributes are selectively disclosable. Building on the foundational work of Camenisch, Kohlweiss, and Soriente (2010) in “Solving Revocation with Efficient Update of Anonymous Credentials,” LINKS Foundation has developed a revocation scheme for BBS+ that avoids creating linkable identifiers, thereby maximizing user autonomy and privacy through cutting-edge cryptographic techniques.
IOTA has recently released BBS+-based Selective Disclosure Credentials in Version 1.3 of the IOTA Identity library. This feature is experimental for now, as we continue to extend the capabilities of the technology and refine the implementation for issuers, holders, and verifiers. You can find an overview of the implementation and examples here.
The Future of IOTA Identity
Over the next months, IOTA will investigate extensions to the zero-knowledge-based selective disclosure credentials together with the LINKS Foundation to further maximize user privacy and autonomy, while optimizing the resources and complexity requirements for issuers and verifiers. We also will follow the latest developments in the SD-JWT specification and adapt new stable versions.