Skip to content

Selective Disclosure

Selective Disclosure involves using credentials that implement BBS+ signatures. BBS+ signatures offer the unique capability of multi-message signing while generating a single output signature. This means that a comprehensive proof of knowledge can be established, allowing the prover to reveal only specific messages from the originally signed set.

Using this method, you will be able to prove that a piece of information revealed by the user is based on a valid verifiable credential (issued by the relevant Issuer) without needing to see the entirety of the credential. For example, a user can reveal that the birth date on their passport is 01/01/1994 without disclosing the rest of the details of their passport.

This ability, to selectively reveal only the minimum possible required information to meet a given eligibility criteria, minimises data exposure for users and empowers them with greater agency and control of their data.

Consideration for usage

As selective disclosure involves disclosing information to the Verifier, it can only be used off-chain. Therefore, it's is important to consider the needs of your use case and the nature of your compliance requirements when selecting a method that best serves them.

BBS-Signatures Package

Selective Disclosure requires using the npm package developed by Mattr Labs, @mattrglobal/bbs-signatures. This package comes with its own internal methods that can be used out of the box to issue and hold verifiable credentials of this type and ultimately to verify disclosed information based on those credentials.

  • The Issuer module uses generateBls12381G2KeyPair to generate the key-pair that will be used to sign and generate the selective disclosure verifiable credential and blsSign to sign it.

  • The Holder module uses blsVerify to verify the issued credential from the Issuer and then uses blsCreateProof to create the proofs with selective information that is requested by the Verifier.

  • The Verifier module uses blsVerifyProof to verify the proof presented by the Holder in line with their request.

High Level Diagram

sequenceDiagram
    autonumber

    participant Issuer
    participant Holder
    participant Verifier

    Issuer->>Issuer: Generate a Verifiable Credential(VC) using Json-ld Schema.
    Issuer->>Issuer: Deconstruct the VC into multiple parts and set them in a messages array.
    Issuer->>Issuer: Sign the messages and construct the proof.
    Issuer->>Issuer: Embed the proof in the VC.

    Issuer->>Holder: Passes the VC to holder

    Verifier->>Holder: Requests for a VC with specific attributes to be revealed


    Holder->>Holder: Processes the request to generate a new VC(nVC) with only requested attributes revealed
    Holder->>Holder: Generate a proof for the new VC and embed it in the nVC
    Holder->>Verifier: Passes the nVC to verifier

    Verifier->>Verifier: Processes the nVC and verifies the proof