The IOTA Foundation successfully implemented its decentralized identifier (DID) mechanism in September last year. The organization conceived the novel infrastructure called “IOTA Identity” in 2018.

Today, $IOTA announced a new feature for the DID, which it formulated under its long-term partnership with the LINKS Foundation. The collaboration leverages LINKS’ ZKryptiumlibrary to integrate selective disclosure credentials to IOTA Identity. This will let users preserve their privacy by enabling them to choose only parts of the credentials that they wish to share with verifiers.

SSI and Selective Disclosure

The IOTA Identity Working Group aims to offer users self-sovereign identity (SSI). The protocol empowers them to share only parts of the information required by the recipient. Cryptographic or zero-knowledge (ZK) proof primarily governs and protects the data sharing between the transacting parties.

For example, if the requesting party only wants to verify the age of the user to ensure their compliance with age-restricted services, the selective disclosure mechanism prevents a document such as a national ID from displaying more than what the verifier is asking for.

In this case, only the name and birthdate will be provided to fulfill the requirements and establish authenticity. The recipient will not see unnecessary details like the user’s address, ID number, and birthplace using the mechanism.

Of course, the aforementioned example only illustrates a simple use case for the technology. With such a feature, users can also prevent malicious verifiers from obtaining or recording their meta-data within a transaction.

SD-JWT and BBS+-based Selective Disclosure Credentials

IOTA and LINKS designed the Selective Disclosure JSON Web Token (SD-JWT) to go with the SSI model. It requires the issuer to determine which fields of the credentials a holder can share.

SD-JWT separates each important field into data packages and conceals it through a cryptographic hash. At this point, the issuer can optionally place decoy values to make the masked information less predictable to malicious observers.

The user can then use SD-JWT to reveal concealed values to verifiers as needed. However, it should be noted that areas not hidden by the issuer are always available to verifiers.

Meanwhile, the BBS+-based Selective Disclosure Credentials serves as an alternative to SD-JWT. This allows the user to conveniently make predefined combinations of disclosures. However, the feature is still experimental at this stage.

Future Plans for IOTA Identity

IOTA and LINKS plan to gain leverage from the project’s latest progress to arrive at a more stable version of IOTA Identity’s ZK-based selective disclosure credentials. The two look forward to further optimizing user privacy and autonomy through future developments.