Credential verifiers can check that specific credential attributes satisfy certain required conditions without learning the attributes themselves.
For example, users can prove that their yearly income is less than $x for qualifying for social welfare without revealing their actual income. Similarly, users could prove that their annual income is more than a certain amount to access a high-risk, high-reward investment fund.
When users present a Credential for verification, they can share one (or more) attributes within the Credential without presenting the entire Credential. For example, a student could share the name of his university from his Student Card without revealing his name or student number.
With Range Proofs, someone can verify if a user's attribute is within a specific range.
For example, verifying if the user's age is between 20 and 25 or that their annual income is between $50,000 and $60,000 without knowing their actual age or income.
Verifiable Encryption allows the holder to encrypt any attribute(s) of the credential specifically for authorities and regulators.
When accessing a service, the verifier can request that the holder encrypts a specific attribute (like an ID number) so that a regulator can access it if need be. The verifier will not be able to decrypt the attribute. Only the regulator will.
Threshold Anonymous Credentials
Credentials can be issued jointly by a group of issuers. Using Threshold Anonymous Credentials, a valid credential will only be issued when a threshold number of issuers agree.
Base signature is BBS+.
The cryptographic library contains different primitives in separate crates. The notable ones are BBS+ signatures, accumulators, verifiable encryption, and the composite proof system. The composite proof system allows you to combine these primitives like proving knowledge of 2 BBS+ signatures with proof of accumulator membership, range proofs, using Circom and verifiable encryption.
The core cryptographic library that implements the signature schemes and proof protocols is implemented in Rust.
Privacy regulations such as GDPR require the minimization of data processing. This means that organizations must only use, collect, or access the minimum data necessary for the intended operation.
Using privacy-preserving techniques such as Zero-Knowledge Proofs, you can request and access only the minimum data necessary from your users. Ensuring you're compliant with data regulations and reducing the risk of potential data breaches.