Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

BLS-MT-ZKP: A novel approach to selective disclosure of claims from digital credentials

Šeila Bećirović Ramić, Irfan Prazina, Damir Pozderac, Razija Turčinhodžić Mulahasanović, Saša Mrdović

TL;DR

The paper tackles privacy-preserving selective disclosure in digital credentials by introducing BLS-MT-ZKP, a unified approach that blends Merkle hash trees, BLS signatures, and Bulletproofs. It supports selective disclosure from single or multiple credentials, allows credential aggregation, and enables proving values within ranges without revealing them, aligning with ETSI and broader privacy standards. A formalization of three use cases, security/threat analyses, and a JavaScript proof-of-concept demonstrate practical feasibility on commodity hardware. The approach advances verifiable and potentially self-sovereign identity workflows by enabling compact, cross-issuer presentations with strong privacy guarantees. Future work points toward post-quantum variants and deeper integration with verifiable credential ecosystems.

Abstract

Digital credentials represent crucial elements of digital identity on the Internet. Credentials should have specific properties that allow them to achieve privacy-preserving capabilities. One of these properties is selective disclosure, which allows users to disclose only the claims or attributes they must. This paper presents a novel approach to selective disclosure BLS-MT-ZKP that combines existing cryptographic primitives: Boneh-Lynn-Shacham (BLS) signatures, Merkle hash trees (MT) and zero-knowledge proof (ZKP) method called Bulletproofs. Combining these methods, we achieve selective disclosure of claims while conforming to selective disclosure requirements. New requirements are defined based on the definition of selective disclosure and privacy spectrum. Besides selective disclosure, specific use cases for equating digital credentials with paper credentials are achieved. The proposed approach was compared to the existing solutions, and its security, threat, performance and limitation analysis was done. For validation, a proof-of-concept was implemented, and the execution time was measured to demonstrate the practicality and efficiency of the approach.

BLS-MT-ZKP: A novel approach to selective disclosure of claims from digital credentials

TL;DR

The paper tackles privacy-preserving selective disclosure in digital credentials by introducing BLS-MT-ZKP, a unified approach that blends Merkle hash trees, BLS signatures, and Bulletproofs. It supports selective disclosure from single or multiple credentials, allows credential aggregation, and enables proving values within ranges without revealing them, aligning with ETSI and broader privacy standards. A formalization of three use cases, security/threat analyses, and a JavaScript proof-of-concept demonstrate practical feasibility on commodity hardware. The approach advances verifiable and potentially self-sovereign identity workflows by enabling compact, cross-issuer presentations with strong privacy guarantees. Future work points toward post-quantum variants and deeper integration with verifiable credential ecosystems.

Abstract

Digital credentials represent crucial elements of digital identity on the Internet. Credentials should have specific properties that allow them to achieve privacy-preserving capabilities. One of these properties is selective disclosure, which allows users to disclose only the claims or attributes they must. This paper presents a novel approach to selective disclosure BLS-MT-ZKP that combines existing cryptographic primitives: Boneh-Lynn-Shacham (BLS) signatures, Merkle hash trees (MT) and zero-knowledge proof (ZKP) method called Bulletproofs. Combining these methods, we achieve selective disclosure of claims while conforming to selective disclosure requirements. New requirements are defined based on the definition of selective disclosure and privacy spectrum. Besides selective disclosure, specific use cases for equating digital credentials with paper credentials are achieved. The proposed approach was compared to the existing solutions, and its security, threat, performance and limitation analysis was done. For validation, a proof-of-concept was implemented, and the execution time was measured to demonstrate the practicality and efficiency of the approach.
Paper Structure (23 sections, 15 figures, 3 algorithms)

This paper contains 23 sections, 15 figures, 3 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Digital credential system and roles
  4. Selective disclosure
  5. BLS signatures
  6. Merkle tree
  7. Bulletproofs and Pedersen commitment
  8. Related works
  9. Combined approach to selective disclosure
  10. Creating a credential
  11. Multi-issuer credentials
  12. Selective disclosure of claims
  13. Use case 1: Selective disclosure of claims from a single credential
  14. Use case 2: Selective disclosure of claims from multiple credentials
  15. Use case 3: Selective disclosure of claims/Proving claims without revealing them
  16. ...and 8 more sections

Figures (15)

  • Figure 1: Process of digital credential issuance and user roles
  • Figure 2: Selective disclosure use case - single credential
  • Figure 3: Selective disclosure use case - multiple credentials
  • Figure 4: Selective disclosure use case - zero-knowledge proof
  • Figure 5: Merkle tree generation and Merkle tree verification
  • ...and 10 more figures