Compact and Selective Disclosure for Verifiable Credentials
Alessandro Buldini, Carlo Mazzocca, Rebecca Montanari, Selcuk Uluagac
TL;DR
The paper tackles the storage and network overhead of selective disclosure in Verifiable Credentials within Self-Sovereign Identity. It introduces Compact and Selective Disclosure for VCs (CSD-JWT), which uses a trapdoor-based cryptographic accumulator to map all claims to a fixed-size value $a$ and per-claim witnesses $w_j$, enabling disclosure of any subset $C$ of claims with minimal data exposure. Empirical results show memory savings up to 46% and Verifiable Presentation size reductions of 27–93% compared with SD-JWT, while maintaining practical issuance and verification times on constrained devices, making it well-suited for hardware wallets and IoT contexts. The authors provide an open-source prototype and comprehensive evaluation against SD-JWT, highlighting strong privacy and efficiency gains, with discussion of security properties, revocation, and potential extensions toward zero-knowledge-proof-based unlinkability in future work.
Abstract
Self-Sovereign Identity (SSI) is a novel identity model that empowers individuals with full control over their data, enabling them to choose what information to disclose, with whom, and when. This paradigm is rapidly gaining traction worldwide, supported by numerous initiatives such as the European Digital Identity (EUDI) Regulation or Singapore's National Digital Identity (NDI). For instance, by 2026, the EUDI Regulation will enable all European citizens to seamlessly access services across Europe using Verifiable Credentials (VCs). A key feature of SSI is the ability to selectively disclose only specific claims within a credential, enhancing the privacy protection of the identity owner. This paper proposes a novel mechanism designed to achieve Compact and Selective Disclosure for VCs (CSD-JWT). Our method leverages a cryptographic accumulator to encode claims within a credential into a unique, compact representation. We implemented CSD-JWT as an open-source solution and extensively evaluated its performance under various conditions. CSD-JWT provides significant memory savings, lowering usage by up to 46% compared to the state-of-the-art. It also minimizes network overhead by producing remarkably smaller Verifiable Presentations (VPs), with size reduction from 27% to 93%. Such features make CSD-JWT especially well-suited for resource-constrained devices, including hardware wallets designed for managing credentials.