SD-BLS: Privacy Preserving Selective Disclosure of Verifiable Credentials with Unlinkable Threshold Revocation
Denis Roio, Rebecca Selvaggini, Gabriele Bellini, Andrea D'Intino
TL;DR
SD-BLS tackles privacy-preserving selective disclosure and unlinkable threshold revocation for verifiable credentials by leveraging BLS signatures on the BLS12-381 curve and a threshold revocation workflow via PVSS. The approach enables proofs of possession for selected credentials without revealing their content, while enabling anonymous revocation that is verifiable by anyone and governed by a multi-stakeholder revocation dealer. It demonstrates fast revocation checks and provides concrete use-cases across digital identity, academia, KYC/AML, and blockchain VC contexts, with a practical benchmark and implementation in Zenroom. The work also discusses security considerations and future directions, including standards alignment with EUDI-ARF and potential integrations with Signroom, DIDroom, DPP, and DAO technologies for broader adoption.
Abstract
Ensuring privacy and protection from issuer corruption in digital identity systems is crucial. We propose a method for selective disclosure and privacy-preserving revocation of digital credentials using second-order Elliptic Curves and Boneh-Lynn-Shacham (BLS) signatures. We make holders able to present proofs of possession of selected credentials without disclosing them, and we protect their presentations from replay attacks. Revocations may be distributed among multiple revocation issuers using publicly verifiable secret sharing (PVSS) and activated only by configurable consensus, ensuring robust protection against issuer corruption. Our system's unique design enables extremely fast revocation checks, even with large revocation lists, leveraging optimized hash map lookups.