Verifiable Credential (VC)

Verifiable credentials (or VCs) are a standard format for the digital representation of credentials (documents that collect attributes about a subject) that are cryptographically secure, verifiable through machines, and that guarantee privacy by enabling methods such as minimum disclosure. 

VCs can be used to describe identity credentials, such as a an academic diploma, driver’s licenses, passports, insurance cards, vaccination records (and so much more), and they contain metadata properties that reference the holder (or user), the issuer, associated DIDs, the issue date, and the expiration date.

Verifiable Credentials include information (one or several claims) about one or more subjects - typically personal information about an individual, however, claims could be also related to legal entities, animals, or objects.

There are 3 components in a VC:

  1. Credential Metadata: Properties or attributes of the credential

  2. Claims: A statements about a subject (individual, legal entity, or thing).

  3. Proofs: cryptographic signatures tied to private keys that prove the user sharing the VC is the subject of the information.

 

W3C reference: https://www.w3.org/TR/vc-data-model/

“In the physical world, a credential might consist of:

- Information related to identifying the subject of the credential (for example, a photo, name, or identification number)

- Information related to the issuing authority (for example, a city government, national agency, or certification body)

- Information related to the type of credential this is (for example, a Dutch passport, an American driving license, or a health insurance card)

- Information related to specific attributes or properties being asserted by the issuing authority about the subject (for example, nationality, the classes of vehicle entitled to drive, or date of birth)

- Evidence related to how the credential was derived

- Information related to constraints on the credential (for example, expiration date, or terms of use).

A verifiable credential can represent all of the same information that a physical credential represents. The addition of technologies, such as digital signatures, makes verifiable credentials more tamper-evident and more trustworthy than their physical counterparts.

Holders of verifiable credentials can generate verifiable presentations and then share these verifiable presentations with verifiers to prove they possess verifiable credentials with certain characteristics.

Both verifiable credentials and verifiable presentations can be transmitted rapidly, making them more convenient than their physical counterparts when trying to establish trust at a distance.”

VC Group

One of the biggest problems related to VCs, is the implementation of selective disclosure mechanisms. Selective disclosure is the ability of an individual to granularly decide (i.e. at claim level) what information to share. With Data minimization, an individual can share only selected claims included in a Verifiable Credentials without disclosing the full document and yet guaranteeing the validity and authorship of such claims.

In the physical world, selective disclosure is not possible. When a person needs to identify him/herself, that person must show an ID document in whole (an ID card, passport, or driver’s license), which includes information often not relevant for authentication purposes , such as the address, date of birth, or place of birth.

With current SSI architectures, there are two ways of implementing selective disclosure:

  1. Implementing Zero Knowledge Proof

  2. Implementing mono-claim Credentials.

The purpose of ZKP is for a Prover to convince a Verifier that a certain statement is true without revealing any more information on that statement. While there are a few successful tests on using ZKP in SSI environment, the technology still presents a few critical limitations:

  1. Absence of standards, systems and homogeneous languages prevents distinct actors to interact with services based on this technology

  2. It is computationally expensive compared to other encryption systems, which may not be sustainable for mobile devices

  3. Many algorithms are limited to binary responses (yes/no)

  4. Many Trusted Authorities and Cybersecurity regulators have not (yet) supporting ZKPs, so these algorithms cannot yet be used in regulated use cases like KYC processes.

At GATACA we believe in ZKP as the future of selective disclosure. Nonetheless, most algorithms are still in their infancy stages, so we decided to wait for broader adoption and legal acceptance before we could implement it. For this reason, at GATACA we use MonoClaim Credentials; that is, Credentials that only contain one claim about a subject.

This approach presents a UX challenge, since from a person’s perspective, one ID Credential (such as a national ID document) is composed of many different claims. To make this technical implementation seamless to the user, we then group mono-claim credentials in Credential Groups.

A Credential Group is a set of related MonoClaim Credentials. Our current Data model hierarchy is as follows:


Gataca data model hierarchy

As an illustrative example, the Credential Group type Driver’s License may be composed of 5 MonoClaim Credentials:

  • VC1: Name

  • VC2: Last Name

  • VC3: Driver’s license number

  • VC4: DOB

  • VC5: Address

The Credential Group is specified in the field “TYPE” in our MonoClaim Credentials schemas.

This model is an extension the the current SSI model used by most SSI vendors, because in this model we can still implement multi-claim VCs grouped together with other mono-claim VCs in Credential Groups - the only caviat is that those multi-claim VCs will not be enabled for selective disclosure.

 

SSI data model hierarchy

Multi-claim credentials may be useful in very specific scenarios: e.g. A Credential type Address can be split in 3 mono-claim credentials (Street and number, ZIP code, City) or be represented by a single multi-claim credential -if for any reason they should never be presented individually.

Verifiable Presentations

Along with VCs, comes the Verifiable Presentation (VP) concept: a pack of claims extracted from one or more Verifiable Credentials from the same or different issuers (If Verifiable Credentials are presented directly, they become Verifiable Presentations). With VPs, holders can freely choose which information (from underlying VCs) they include in a Verifiable Presentation and thus, share with a relying party.