The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back


Credentials CG Telecon

Minutes for 2018-04-17

David Chadwick: I will scribe
David Chadwick is scribing.

Topic: Introductions

Arnaud Le Hors: I've been working on standards and open source development for over 25 years, both as a staff member of standards development organizations (SDO) such as W3C and the X Consortium, as well as a representative for IBM. I'm currently Senior Technical Staff Member (STSM) Web & Blockchain Open Technologies at IBM and part of Hyperledger's Technical Steering Committee (TSC).

Topic: Announcements

Virtual hackathon and credentials outreach planned for this summer
If you want to be involved tell ChristopherA when you are NOT available
Decentralised conference is meeting first week of Aug, so outreach may be planned to mesh with this
Midata conference is last week of August in Helsinki

Topic: Issues List

Christopher Allen: https://goo.gl/ZeyJUS

Topic: ZK Lang

JanCamenisch gives a talk about the slides
ZKLang is a language for mapping VCs to cryptographic algorithms
Uses zero knowledge proof of knowledge statements
So instead of prooving age is GT 21, because it is a hidden message in an anonymous credential then instead would ask if hidden message m1 contained an interger between 22 and 100
Drummond Reed: Manu, that makes sense to me: that any data external to a credential has a pointer and zklang would treat that pointer as data it describes.
Manu Sporny: Drummond, yes... I'm trying to do a gap analysis between ZKLang and what we'd need to shove into the `proof` block in a Verifiable Presentation (which used to be called a Verifiable Profile).
Kim Hamilton Duffy: Is it clear where the mappings to m1, m2, ... is happening?
Or if hidden message contains date of birth, you would ask if the difference between this and today's date is greater than 21
Lionel Wolberger: Please repost updated link to presentation
All fields in a VC have to mapped down to integers in ZKlang
Purpose is that the implementor does not need to have any knowledge of the crypto
By writing the validation in ZKLang, the result will return true or false to the questions being asked
Christopher Allen: Can we use bullet proofs? [scribe assist by Lionel Wolberger]
Manu Sporny: Previous attempt at mapping CL Signatures to LD Proofs: https://w3c-dvcg.github.io/lds-pseudonymous2016/#examples
@Manu At a previous RWOT we tried to map linked signatures to ??
Christopher Allen: Christopher Webber also worked on a preliminary ideas on a predicate language for signatures: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/draft-documents/smarm.md
Nathan George: A note that the issues around types and encodings that are are unaddressed in JSON-LD and the issues with mapping to proof of possession instead of disclosing the signature that we've talked about in the VCWG are relevant to why we have been helping pursue this approach
Note in Slide 15, the prover is what we call the holder
Manu Sporny: JanCamenisch, Nathan, are we doing anything in our VCWG work that would block ZKLang from working?
Drummond Reed: I like that term: "verifiable presentation object"
Ans: no, our current approach is facilitating it
Kim Hamilton Duffy: When we say "Verifiable Presentation" are we referring to the sort of thing discussed here: https://github.com/w3c/vc-data-model/issues/136
Nathan George: Agreed, that the "proof request" object is an important part of how our protocol works, but has been out of scope for the VC data model
Manu Sporny: Kimhd, no, nothing to do w/ that issue.
Nathan George: We talk about the protocol negotiating between an offer->request->offer->request->return the object (for both credentials and proofs)
Kim Hamilton Duffy: I can't find anything on "Verifiable Presentation"
Manu Sporny: Kimhd, What we call "Verifiable Profile" now is going to change to "Verifiable Presentation" per the VCWG F2F discussion.
Dave Longley: Seeing real examples in JSON-LD (exactly what Verifiable Presentation and Verifiable Credentials could look like with ZKLang) in an issue would be really helpful -- and if there are places where the mapping isn't clear those areas could be marked and others more steeped in the data model stuff could jump in and help
Kim Hamilton Duffy: Ok
Manu Sporny: Kimhd, that's because we suck at writing down issues :)
Manu Sporny: Kimhd, I'm going to raise an issue now... and then do a PR.
@Cwebber2 would like more examples to see how this will work in our test suite
Kim Hamilton Duffy: +1 Absolutely true; yes to examples
@JanCamenisch said he will do this after they have finished the coding and proved that it all works!
Drummond Reed: Yes, it feels to me like zklang is an ideal level of abstraction to enable developers to use ZKP.
@JanCamenisch thinks that the level of ZKLang is about right for this group because it abstracts away all the cryptographic complexities
Kim Hamilton Duffy: One thing I like about the ZKLang approach is that I can actually envision building tooling to support these types of proofs
Drummond Reed: +1 To Kim's point - you can see how developers can build to this
Mike Lodder: I like to think of those as parameters
Mike Lodder: Which hashes to use, generators, moduli, primitives
@JamCamenisch all the publick paramters are shared between the holder and verifier, but things like private keys remain with the holder
@JanCamenisch we should have the spec finished by Q3 this year
Drummond Reed: Really excellent presentation, Jan. Great work!
Thanks a lot!
Many thanks to @JanCamenisch for his presentation