ZKPs for JSON-LD using BBS+ - Round 2

From IIW

ZKPs For JSON-LD Using BBS+ - Round 2

Thursday 22H

Convener: Tobias Looker


Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Links to repository:




Link to slides: http://drive.google.com/file/d/1X1JApxDY48MJYYACNT9NPsgpZWft0wHk/view

Zoom Chat discussion:

10:29:32 From Daniel Burnett : FYI: THIS SESSION IS BEING RECORDED

10:29:46 From Oliver Terbu : 0:30 cet ;)


10:34:06 From Wayne Chang : +1 to recording reminders

10:38:48 From Siva Kannan : Is there a link to the deck?

10:39:36 From Oliver Terbu : Does it support range proofs in general?

10:39:37 From Oliver Terbu : q+

10:39:50 From Orie Steele : This suite does not.

10:40:10 From John Jordan : BC Gov is also funding Mike’s work and we are eager to bring this capability to the higher layers

10:40:11 From Oliver Terbu : Yeah, but would it be possible in a kind of efficient way?

10:40:20 From Orie Steele : But that can be handled with a higher order constructions

10:40:31 From Kalyan Kulkarni : Can the link to this deck at the bottom be shared on chat?

10:40:36 From Orie Steele : See John Jordands answer :)

10:40:40 From Oliver Terbu : I am personally not super excited about range proofs but just wanted to know


10:41:23 From Kyle Den Hartog : @nader do you have the link to the slides?

10:41:47 From motoko : since you are using BLS can you do compact aggregation like BLS multisign?

10:43:08 From Kyle Den Hartog : We currently use the BBS+ signature scheme only, but I believe it would be possible to support BLS signature schemes for aggregation as well, but that would need to be defined and implemented before I’d say definitely yes.

10:44:52 From Nader Helmy : Original presentation is in a private drive so I created a copy that's open to the public

10:44:54 From Nader Helmy : http://drive.google.com/file/d/1X1JApxDY48MJYYACNT9NPsgpZWft0wHk/view?usp=sharing

10:45:07 From motoko : perhaps two different proofpurpose, one for assertion with selective disclosure and one for multisign?

10:45:20 From Kyle Den Hartog : github.com/mattrglobal/node-bbs-signatures/

10:45:33 From Andrew Whitehead : Is there a use case for multi sign?

10:46:10 From Oliver Terbu : Does the library work in a mobile react-native environment as well?

10:46:24 From Oliver Terbu : I saw that it requires some rust bindings

10:46:28 From Nader Helmy : Let me clarify these are the slides for the presentation: http://drive.google.com/file/d/1X1JApxDY48MJYYACNT9NPsgpZWft0wHk/view?usp=sharing

10:46:54 From nembal : ty Nader

10:46:57 From Kyle Den Hartog : @Andrew I can think of a few for a web of trust issuance model where issuance is not authority based, but rather based on the number of people who issue the same data. For example, 17 people say my name is Kyle, therefore a verifier believes my name is Kyle.

10:47:40 From Anil John : Great choice of example! : -)

10:47:47 From Sam Curren : can issue a certificate that says your name isn't kyle?

10:48:28 From Oliver Terbu : thanks!

10:49:52 From Andrew Whitehead : I believe that getting the BBS+ signature scheme officially supported for w3c verifiable credentials is one goal, and doing the same for BLS signatures would be another

10:49:53 From Kyle Den Hartog : @Sam, I enjoy your rabbit hole, but will opt to not go down it right now :)

10:50:02 From Kyle Den Hartog : For the first time ever…

10:50:05 From Oliver Terbu : Would you need an additional proof of control?

10:50:28 From Oliver Terbu : Because the proof could also be produced by the issuer

10:50:51 From Oliver Terbu : Or whoever has the credentials + the public key of the issuer

10:51:38 From Markus Sabadello : I had the same question yesterday... Where's the (equivalent of) a link secret?

10:51:41 From Orie Steele : So just like a normal VP, proofPurpose authentication

10:52:00 From Oliver Terbu : Yep, thanks!

10:52:40 From Oliver Terbu : Still awesome!

10:52:42 From Nader Helmy : You can use this derived proof in two ways, either by disclosing the subject DID or using some form of link secret. The former is possible today the latter is TBD

10:53:07 From Nader Helmy : On the roadmap :)

10:53:32 From Oliver Terbu : Yep, for the first you would have correlation issues

10:53:37 From Mahmoud Alkhraishi  : I think im missing something basic here, but what do I need to provide to someone else to let them know that I am over 18 for example, is it just the proof in the json ld proof section

10:54:17 From Orie Steele : @Mahmoud this will only let you disclose existing terms, it does not support predicate proofs today.

10:54:59 From Nader Helmy : @Oliver right exactly, its a tradeoff.

10:55:20 From Oliver Terbu : Still cool, because you would have a way more efficient proofformat

10:55:50 From Oliver Terbu : Looking forward to the linked secret though

10:55:57 From Kyle Den Hartog : http://github.com/mattrglobal/jsonld-signatures-bbs

10:56:04 From Kyle Den Hartog : This is the library being shown right now

10:57:53 From Orie Steele : THE CROWD GOES WILD!!!!!!!!

10:57:59 From Mahmoud Alkhraishi  : +1

10:58:04 From Markus Sabadello : What's the idea behind storing the "revealedStatements" as a separate JSON-LD property? Couldn't that same data also be encoded as part of the "proofValue"?

10:58:25 From jer : what are the inputs to the verify step?

10:58:32 From Kyle Den Hartog : http://github.com/mattrglobal/jsonld-signatures-bbs-spec/

10:58:38 From Oliver Terbu : ^jer

10:58:55 From Kyle Den Hartog : This is a link to the spec which is the top link shown. The second link is https://github.com/mattrglobal/jsonld-signatures-bbs

10:59:02 From Sam Curren : Markus - that could be done.

10:59:24 From Sam Curren : also, totalStatements.

10:59:57 From Nader Helmy : Standardizing on schema attributes is what JSON-LD is for

11:00:15 From John Jordan : UX issues …

11:01:21 From Keith Kowal : Can you tell a little more about how you could prevent someone from removing a needed value like a credential expiration date?

11:01:25 From David Waite : If I understand the document per Jer’s question, the verification takes in the revealed indices, total statements and input proof document statements?

11:01:52 From Kyle Den Hartog : http://github.com/mattrglobal/jsonld-signatures-bbs-spec/

11:02:41 From Oliver Terbu : The API looks very slick, so good job!

11:02:57 From Sam Curren : david: everything shown. the things you mention, and also the attributes revealed in the doc.

11:03:57 From Oliver Terbu : What is the size of the dependencies?

11:04:30 From Orie Steele : How can I use the right now?!?!!? :)

11:04:43 From Orie Steele : npm will tell you

11:04:47 From Oliver Terbu : haha

11:04:50 From Oliver Terbu : I was just too lazy

11:04:52 From Siva Kannan : Can I delegate the responsibility of reveal to someone else? Or, that has to happen out of band?

11:05:10 From Markus Sabadello : when will the Java implementation of this be released? :) *duck*

11:05:16 From Andrew Whitehead : I can tell you the python lib is about 1.7mb, which probably includes some bloat..

11:05:19 From Oliver Terbu : +1 Markus ;)

11:05:34 From Orie Steele : +1 Markus, I know there is some work ongoing for python

11:06:10 From Oliver Terbu : Thanks andrew

11:06:34 From Kyle Den Hartog : @Oliver Bundlephobia is not revealing that information to me at the moment. I suspect it may be able the same as what Python has.

11:06:35 From motoko : link to BBS+ library?

11:06:36 From Andrew Whitehead : (That doesn’t include the JSON-LD parts, just signatures)

11:06:40 From motoko : curve?

11:06:41 From Oliver Terbu : Do you have a timeline and roadmap?

11:06:43 From Paul DIetrich : Great work. Thanks so much!!

11:07:16 From Nader Helmy : Here's the BBS+ signatures repo

11:07:17 From Nader Helmy : http://github.com/mattrglobal/node-bbs-signatures

11:07:23 From jer : who can generate a derived proof, the issuer and/or subject?

11:07:32 From Nader Helmy : the Rust dependencies are in Hyperledger Ursa as mentioned

11:07:54 From swcurran : Tell me about the canonicalization? Isn't that a problem?

11:09:07 From Orie Steele : Its not, its what is used to produce the messages that are signed.

11:09:07 From Oliver Terbu : Big big big kudos to mattr to get rid of the ledger-dependency

11:09:14 From swcurran : +1

11:09:33 From Micah McG : 🎉

11:09:35 From swcurran : I wasn't serious about canonicalization.

11:09:38 From Anil John : ^ +1 to what Oliver said!

11:09:47 From Orie Steele : @swcurran canonicalization and framing are JSON-LD things this this library and implementation depend on

11:09:58 From Orie Steele : :)

11:10:06 From swcurran : :-)

11:10:23 From Orie Steele : Its one of those things I hope to never discuss again :)

11:10:39 From swcurran : I will never raise it again. Promise

11:11:14 From Sam Curren : I'm thinking Orie gives a json-ld 101 next IIW.

11:11:24 From Kyle Den Hartog : @motoko http://github.com/mattrglobal/node-bbs-signatures

11:11:34 From Andrew Whitehead : Oh yeah Orie loves giving those 101 sessions

11:11:39 From Orie Steele : rofl

11:11:44 From Mahmoud Alkhraishi  : maybe 10001

11:11:50 From Kyle Den Hartog : Curve used is BLS12-381

11:12:22 From Orie Steele : You can use this without DIDs though

11:15:25 From Andrew Whitehead : Okay but what about canonicalization?

11:16:12 From Nader Helmy : There's a spec! Please review and open issues

11:16:14 From Nader Helmy : http://github.com/mattrglobal/jsonld-signatures-bbs-spec

11:16:52 From Oliver Terbu : Also kudos to Orie!

11:17:05 From Nader Helmy : We want to get this ready in time for the Linked Data Security standardization happening later this year

11:17:47 From Nader Helmy : Big thanks to all the prior art provided by Hyperledger Aries/Indy communities

11:17:48 From Mahmoud Alkhraishi  : Thanks! 11:17:55 From Orie Steele : THANK YOU!