This specification describes several Data Integrity Cryptosuites for use when generating a digital signature using Post-Quantum digital signature algorithms.

This specification is experimental, do not use it in any production setting.

Introduction

This specification defines several cryptographic suites for the purpose of creating, and verifying proofs for Post-Quantum signatures in conformance with the Data Integrity [[VC-DATA-INTEGRITY]] specification.

This specification uses either the RDF Dataset Canonicalization Algorithm [[RDF-CANON]] or the JSON Canonicalization Scheme [[RFC8785]] to transform the input document into its canonical form. It uses SHA-256 [[RFC6234]] as the message digest algorithm and ML-DSA-44 as the signature algorithm.

Terminology

Terminology used throughout this document is defined in the Terminology section of the [[[VC-DATA-INTEGRITY]]] specification.

A conforming proof is any concrete expression of the data model that complies with the normative statements in this specification. Specifically, all relevant normative statements in Sections [[[#data-model]]] and [[[#algorithms]]] of this document MUST be enforced.

A conforming processor is any algorithm realized as software and/or hardware that generates or consumes a [=conforming proof=]. Conforming processors MUST produce errors when non-conforming documents are consumed.

This document contains examples of JSON and JSON-LD data. Some of these examples are invalid JSON, as they include features such as inline comments (`//`) explaining certain portions and ellipses (`...`) indicating the omission of information that is irrelevant to the example. Such parts need to be removed if implementers want to treat the examples as valid JSON or JSON-LD.

Data Model

The following sections outline the data model that is used by this specification to express verification methods, such as cryptographic public keys, and data integrity proofs, such as digital signatures.

Verification Methods

These verification methods are used to verify Data Integrity Proofs [[VC-DATA-INTEGRITY]] produced using ML-DSA-44 cryptographic key material that is compliant with [[FIPS-204]]. The encoding formats for these key types are provided in this section. Lossless cryptographic key transformation processes that result in equivalent cryptographic key material MAY be used during the processing of digital signatures.

Multikey

The Multikey format, as defined in [[VC-DATA-INTEGRITY]], is used to express public keys for the cryptographic suites defined in this specification.

The `publicKeyMultibase` property represents a Multibase-encoded Multikey expression of a ML-DSA public key.

The Multikey encoding of a ML-DSA public key MUST start with the two-byte prefix `0x8724` (the varint expression of `0x1207`) followed by the 1312-byte compressed public key data. The resulting 1314-byte value MUST then be encoded using the base-64-url alphabet, according to the Multibase section in the [[VC-DATA-INTEGRITY]] specification, and then prepended with the base-64-url Multibase header (`u`).

Developers are advised to not accidentally publish a representation of a private key. Implementations of this specification will raise errors in the event of a Multicodec value other than `0x1207` being used in a `publicKeyMultibase` value. 

{
  "id": "https://example.com/issuer/123#key-0",
  "type": "Multikey",
  "controller": "https://example.com/issuer/123",
  "publicKeyMultibase": "u"
}
Do the examples need updating? 
{
  "id": "https://example.com/issuer/123#key-0",
  "type": "Multikey",
  "controller": "https://example.com/issuer/123",
  "publicKeyMultibase": "uPGHVsCZXDE40VylpEwQ0QlAnLkw2empYUxtIK9SGegFgU0NdSWc
                         vShMlZ3EzETQ2ejMKBixPJjV4M0AqGtmDBEUZVsasUhMsKg4lUGf
                         enhckEmQKZ1AEeHZXEHQBJ2NTCwR9cg7Wll1yc3BEKBLasDtSCSQ
                         tCiRhEUJMSGIMbgZOAgYvfGUsCt2RCmoaSiFGCk9YP0hMfUUGDx4
                         mdMOPJTVKPjIzI0JJDCsCUDgdFn7UpVhkPcWd1rt7zpE5JjJ53os
                         OW2cBFHAeI82DQRhvPhw9Xmk2WCt5FRxE060GbgFY1aFVOQnEm2Z
                         jyZkDXjnHrwZHAloCBGsZP9KjWHsjR1pnIyVmNUlebCMdKXQpW2I
                         oIAc-VWQyVzBRfE4ocRUZPStrwqEcbXZGUVAeehkGUg5TNgN4ZUX
                         KvFxTFg"
}
          
{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/multikey/v1"
  ],
  "id": "did:example:123",
  "verificationMethod": [{
    "id": "did:example:123#key-1",
    "type": "Multikey",
    "controller": "did:example:123",
    "publicKeyMultibase": "zDnaerx9CtbPJ1q36T5Ln5wYt3MQYeGRG5ehnPAmxcf5mDZpv"
  }, {
    "id": "did:example:123#key-2",
    "type": "Multikey",
    "controller": "did:example:123",
    "publicKeyMultibase": "uPGHVsCZXDE40VylpEwQ0QlAnLkw2empYUxtIK9SGegFgU0NdSWc
                           vShMlZ3EzETQ2ejMKBixPJjV4M0AqGtmDBEUZVsasUhMsKg4lUGf
                           enhckEmQKZ1AEeHZXEHQBJ2NTCwR9cg7Wll1yc3BEKBLasDtSCSQ
                           tCiRhEUJMSGIMbgZOAgYvfGUsCt2RCmoaSiFGCk9YP0hMfUUGDx4
                           mdMOPJTVKPjIzI0JJDCsCUDgdFn7UpVhkPcWd1rt7zpE5JjJ53os
                           OW2cBFHAeI82DQRhvPhw9Xmk2WCt5FRxE060GbgFY1aFVOQnEm2Z
                           jyZkDXjnHrwZHAloCBGsZP9KjWHsjR1pnIyVmNUlebCMdKXQpW2I
                           oIAc-VWQyVzBRfE4ocRUZPStrwqEcbXZGUVAeehkGUg5TNgN4ZUX
                           KvFxTFg"
  }],
  "authentication": [
    "did:example:123#key-1"
  ],
  "assertionMethod": [
    "did:example:123#key-2"
  ],
  "capabilityDelegation": [
    "did:example:123#key-2"
  ],
  "capabilityInvocation": [
    "did:example:123#key-2"
  ]
}

The `secretKeyMultibase` property represents a Multibase-encoded Multikey expression of a ML-DSA secret key (also sometimes referred to as a private key).

The encoding of a ML-DSA-44 secret key MUST start with the two-byte prefix `0x8726` (the varint expression of `0x1307`) followed by the 2528-byte secret key data. The 2530-byte value MUST then be encoded using the base-64-url-nopad alphabet, according to the Multibase section in the [[VC-DATA-INTEGRITY]] specification, and then prepended with the base-64-url-nopad Multibase header (`u`). Any other encodings MUST NOT be allowed.

Developers are advised to prevent accidental publication of a representation of a secret key, and to not export the `secretKeyMultibase` property by default, when serializing key pairs as Multikey.

Proof Representations

This section details the proof representation formats that are defined by this specification.

DataIntegrityProof

A proof contains the attributes specified in the Proofs section of [[VC-DATA-INTEGRITY]] with the following restrictions.

The `type` property of the proof MUST be `DataIntegrityProof`.

The `cryptosuite` property of the proof MUST be `experimental-ml-dsa-2024`.

The value of the `proofValue` property of the proof MUST be an ML-DSA-44 signature produced according to using the algorithms specified in section [[[#algorithms]]], encoded according to [[FIPS-204]], then encoded using the base-64-url-nopad header and alphabet as described in the Multibase section of [[VC-DATA-INTEGRITY]]. 

{
  "@context": [
    {"myWebsite": "https://vocabulary.example/myWebsite"},
    "https://www.w3.org/ns/credentials/v2"
  ],
  "myWebsite": "https://hello.world.example/",
  "proof": {
    "type": "DataIntegrityProof",
    "cryptosuite": "experimental-mldsa44-2024",
    "created": "2024-04-24T23:36:38Z",
    "verificationMethod": "https://vc.example/issuers/5678#key-3",
    "proofPurpose": "assertionMethod",
    "proofValue": "uNfN/BvBY47LbvgK44078ZKLz7UgNDwOm09PJnn4jxNAVD6mKRG+Hl7VH/vE
                   gyRMrRK2FP+rnwsmo8B0XhRN/Z8kPeXxNR/ho2Y9GrTLoZCMPmIygVd1mLAs
                   z11lz7XEQQdgOMgjtl5HFylpGoC12urUBOeRrMF/eEC4qWrWttQeVs4oHrFf
                   IV44H6kuu5DvW86JxgfhRskbnc1gcRWyq3rS8o2Oie6p8otDgwzhOUvRRqok
                   Vq5j2fmZC6IJN2L6PCVOu7oory8GVGUm3j+rrKen5saA7sWjbD/ud0w0Yj+K
                   R2X4UGCiVSjKkZmnwt2XsMmastQZq+LtkPV6IhCRYbylEJpAiSFjbjjyR7ya
                   pRKJJdswcb9LFWGVai/fSd5uJd4cjPIcrj6EGtsUefp3nmiHE02tdk4M50v6
                   Fj2LbC1yXyOqGyDU8y1zACU4AAy4foFEeV6KFDDAQRxlL7CLqJ1NYvcXyi6Y
                   /8+3kfYQPjZMcDShhfpdEfsOGPuU3/7LJN8IFD/M8UOvY5u9Z2WdKKCFj2YS
                   um74Ux6KONy0gQtWzmIrvllQhoKSinGArrFlGdv+ni6ZQ/kY0/nBmVT/lhvq
                   Ib5M9NqO11BnN76DUgt5M8ji+tew6GqfIDXf3s32dQxopsCE2yv3x1mTs/M0
                   iDftpDBMHy5sGyBNmcU+2zbQ4uoN0+VIEGUJxmOKMsdsi3h3uLmEjryKKkGR
                   q186qQihvQl5CMBPJzkRFSA0LKMscuYltZ+f+u2lcw9tTRGK++MUpJijN6J+
                   NbBZtLsgOIjofeKY/jyNOBqpIjHrdMWg9jHsakPLMnbLaGvTiJ+8FzilUUZh
                   RkFF3fildZEZyNmDUdeSoN8xeQduj1sPopB8yLmIizi7gVFx7qzWMUi2J7Uw
                   ShP6GiLhlBPpDkM2zaX0lflPhp0gAypyZSgfBBCVDBsZ72wXf+ap+2TGHzOF
                   VTITTN7x7FBHf0WGoDMOUdKkdfPyQA+SZj9VbTsSknMwVccir/oeWCuaYqfH
                   aJWtqSLDdnsXiOS1sJVxmyTpZaye4uuJ36OtwcpLypVGnbbzvffwHoIUHqsY
                   jLxQVyG916n3WN7bchfdK5TVGBqpH7ZHD6iY64xP3Ujvs7G8pYKyoVkrHzAr
                   8nxd7mctJYr6ApJLpvtHj/PldaW3nJ3jwT3lUXTIL5WPePlZVE43r6bMIvX+
                   p4kDTIRu7+9DlB7cju0IpaJtAEmqDgUSvqEqSeHuSw5/Nu6OQKPlmukrKLdX
                   QYOsVve4MqJzNvU5QsElNzI+UK6MSJ6/3qekZXhAUfy2Yc2SyLXw3IaNyxi2
                   4BqMqwlpUzuuYWAFTC4NLG20IuKLKrtc4TR8VBROmx5nGDrlDMyLo6WcyDyD
                   8iCNgeGhWTrjk6gSlLu8R+qWHyyYCUTAdU/zGf1cztclJYH8wRL7ZuxySrx+
                   tc1BiRJswZvLyJS2u9QckZyKPQwvmJqnYPUFDhrC3DxQRRiWvD0iPQ0vHBEv
                   jSKWXg/Dw25A/nVM+A54Sw5/q3OsGMoT8OzzV90YFoPNNSlTT7Qcx75T1MQS
                   8dgRhd6swFzo1w4aq6Ye5orBnLOF719J8on/1GkWEbCiF08bLJ+5Cxa5MF9K
                   jwjouLu6kkNSHgZR8BfOI2iLxi0MGH4q53g/ukCKR3oqF1huOdQZxtWIGorc
                   Zp0UIWeRXKK68AlHVYtFtveYsWl8iDzEv2c+O3+uKEUt4kc022s0NGUfwKvU
                   ecBIfkivjq/9zZOwCbY0xC8wgJykTDtPUgAH9bWtk4A0LvsciScY3wjeB6RW
                   osW4kn1666N2Tc+V/hK6OYPJZQ8dl4qdS/ZTxH2piLAeX3d/ZA2AirQckcfc
                   ToZCudKnWRwbxXJX03i9gMVKhVECgyLiAsgMkLlp0Jhc/0MFtrTwns2L3aRx
                   EWwZiqu8YNi4S4zLvX9FCpTk00ReYhh0DrOUpL3tuQSiDcqeqSIAmlUT5sLp
                   aNSDH3qEZiOLPHhAKFEjbUndt6BgYnX1OmJQ5fn6Qb5BUcvngJJXXAS0Q0XP
                   e/Y1cBxhKyPQldwZlnh2VG6INob9auR05Q4w8SeZSzPxD6XeuGyDPj97H3BF
                   FmhpDGL6W66lffilwq4/nQo4wyjaVVwHUNdEShfDgYj+NI+dAizoWs1lV0Ym
                   8A4MTCWESQoMYndF+6Y7ABoOW3JoXAi/an6cpZCqVjwUaftEmZqI62xTnIcy
                   UGHv6ISog3HhLFQV8Hyx0Y9uAmoWH9DcgYidficv8eWQG87INKd4igV1Hrla
                   3AOxF7S3HsSnbscvHHX2PDEUEkceSpzbNq7EMjR7XQDTEh9aZifnK8oKaKEt
                   CaABI/ElOXHfULlObjX7GtgmKpPegjTUgrxrI+5pVJK3T9QUhvQRT8j783W1
                   z5/RSgVb1aCcl/7/wv3lAFWIDiW2Su+J9zvNYAKQCm/kwK8gGnMq8pp/1Hoj
                   B3X6Mt6Jf6MlyV/HYpPrpegXB8A+c5yv2HSNyf1iEeEPPRXRr/SKUx6+9rXi
                   /RUsMky0nUSibDyutcOmZg24guSsq4VFAiuARCbPaMy37rqrLLIJMOf82+Nk
                   qUtmzPh+Zpt+tOOwypRVVMs+SRAZfvKapEUaanXfBR/j7X4SRBz+b0zNthEB
                   eZsC4DGdBcvjct9A+bFvKTsRDUUxNb+OGWxTFh+E9cb1beYA6zoMK/Hfm2+r
                   UC2zA7NQtMEP09E7QUE18gCqf61JHDk7pb7Nk5qyOyBoZ5wTu20t1D5wJdaI
                   6fxtRIg8IfNgWUvGPaGFCwMNtuLKg3fu267DEYwOTvet6DAKV/Wf3AE4CKzx
                   wPfz/kpHyMywKMytjxelN0yuof1v7JlYzxXDFG1iU9BgVS266eY9/q2Kafbl
                   XNowD9FCuWjRSER6cMXe8TSS5duNGcahMLOAyLwLHwUs1kAB7UQKB+o/TiOl
                   wQzQmemiPko4ShJVSMUJTQy6pgL0FpY/f6AoJ6YGUAvK3cfkLjihvSGqoWW+
                   A14Cn/LzC0v4dJTlah/3+UJMlFrpfiBeQwMfCOSgCqZ2fTvx1eaRWmebQPgR
                   73oMg835Oh5cdLP3GVekoFGogUnOLPuJcURHItdmsw4j984hwy5l2ibvuBwP
                   35glcmKcBL+ALf+d+zeakV8xq5M2LJwrrZF597wPTfK0N3rgzfCOGh51nEPT
                   JvmIXzSgNHi8WnjUNxbJ/gUaqfgCjwaSeWnvPlhhHgrhfS0g"
  }
}

Algorithms

The following section describes multiple Data Integrity cryptographic suites that utilize the ML-DSA-44 signature algorithm.

Implementations SHOULD fetch and cache verification method information as early as possible when adding or verifying proofs. Parameters passed to functions in this section use information from the verification method — such as the public key size — to determine function parameters — such as the cryptographic hashing algorithm.

When the RDF Dataset Canonicalization Algorithm [[RDF-CANON]] is used with ML-DSA-44 algorithms, the cryptographic hashing function that is passed to the algorithm MUST be SHA-2 with 256 bits of output is utilized.

When the RDF Dataset Canonicalization Algorithm [[RDF-CANON]] is used, implementations of that algorithm will detect dataset poisoning by default, and abort processing upon detection.

Instantiate Cryptosuite

This algorithm is used to configure a cryptographic suite to be used by the Add Proof and Verify Proof functions in [[[VC-DATA-INTEGRITY]]]. The algorithm takes an options object ([=map=] |options|) as input and returns a [=data integrity cryptographic suite instance|cryptosuite instance=] ([=struct=] |cryptosuite|).

  1. Initialize |cryptosuite| to an empty [=struct=].
  2. If |options|.|type| does not equal `DataIntegrityProof`, return |cryptosuite|.
  3. If |options|.|cryptosuite| is `experimental-mldsa44-2024` then:
    1. Set |cryptosuite|.|createProof| to the algorithm in Section [[[#create-proof-experimental-mldsa44-2024]]].
    2. Set |cryptosuite|.|verifyProof| to the algorithm in Section [[[#proof-verification-experimental-mldsa44-2024]]].
  4. Return |cryptosuite|.

experimental-mldsa44-2024

The `experimental-mldsa44-2024` cryptographic suite takes an input document, canonicalizes the document using the Universal RDF Dataset Canonicalization Algorithm [[RDF-CANON]], and then cryptographically hashes and signs the output resulting in the production of a data integrity proof. The algorithms in this section also include the verification of such a data integrity proof.

Create Proof (experimental-mldsa44-2024)

The following algorithm specifies how to create a [=data integrity proof=] given an unsecured data document. Required inputs are an unsecured data document ([=map=] |unsecuredDocument|), and a set of proof options ([=map=] |options|). A [=data integrity proof=] ([=map=]), or an error, is produced as output.

  1. Let |proof| be a clone of the proof options, |options|.
  2. Let |proofConfig| be the result of running the algorithm in Section [[[#proof-configuration-experimental-mldsa44-2024]]] with |options| passed as a parameter.
  3. Let |transformedData| be the result of running the algorithm in Section with |unsecuredDocument|, |proofConfig|, and |options| passed as parameters.
  4. Let |hashData| be the result of running the algorithm in Section [[[#hashing-experimental-mldsa44-2024]]] with |transformedData| and |proofConfig| passed as a parameters.
  5. Let |proofBytes| be the result of running the algorithm in Section [[[#proof-serialization-experimental-mldsa44-2024]]] with |hashData| and |options| passed as parameters.
  6. Let |proof|.|proofValue| be a base58-btc-encoded Multibase value of the |proofBytes|.
  7. Return |proof| as the [=data integrity proof=].

Verify Proof (experimental-mldsa44-2024)

The following algorithm specifies how to verify a [=data integrity proof=] given an secured data document. Required inputs are an secured data document ([=map=] |securedDocument|). This algorithm returns a verification result, which is a [=struct=] whose [=struct/items=] are:

verified
`true` or `false`
verifiedDocument
Null, if [=verification result/verified=] is `false`; otherwise, an [=unsecured data document=]
  1. Let |unsecuredDocument| be a copy of |securedDocument| with the `proof` value removed.
  2. Let |proofConfig| be a copy of |securedDocument|.|proof| with `proofValue` removed.
  3. Let |proofBytes| be the Multibase decoded base58-btc value in |securedDocument|.|proof|.|proofValue|.
  4. Let |transformedData| be the result of running the algorithm in Section with |unsecuredDocument| and |proofConfig| passed as parameters.
  5. Let |hashData| be the result of running the algorithm in Section [[[#hashing-experimental-mldsa44-2024]]] with |transformedData| and |proofConfig| passed as a parameters.
  6. Let |verified:boolean| be the result of running the algorithm in Section [[[#proof-verification-experimental-mldsa44-2024]]] algorithm on |hashData|, |proofBytes|, and |proofConfig|.
  7. Return a [=verification result=] with [=struct/items=]:
    [=verified=]
    |verified|
    [=verifiedDocument=]
    |unsecuredDocument| if |verified| is `true`, otherwise Null

Transformation (experimental-mldsa44-2024)

The following algorithm specifies how to transform an unsecured input document into a transformed document that is ready to be provided as input to the hashing algorithm in Section [[[#hashing-experimental-mldsa44-2024]]].

Required inputs to this algorithm are an unsecured data document (|unsecuredDocument|) and transformation options (|options|). The transformation options MUST contain a type identifier for the cryptographic suite (|type|) and a cryptosuite identifier (|cryptosuite|). A transformed data document is produced as output. Whenever this algorithm encodes strings, it MUST use UTF-8 encoding.

  1. If |options|.|type| is not set to the string `DataIntegrityProof` and |options|.|cryptosuite| is not set to the string `experimental-mldsa44-2024` then a `PROOF_TRANSFORMATION_ERROR` MUST be raised.
  2. Let |canonicalDocument| be the result of applying the Universal RDF Dataset Canonicalization Algorithm [[RDF-CANON]] to the |unsecuredDocument|.
  3. Set |output| to the value of |canonicalDocument|.
  4. Return |canonicalDocument| as the transformed data document.

Hashing (experimental-mldsa44-2024)

The following algorithm specifies how to cryptographically hash a transformed data document and proof configuration into cryptographic hash data that is ready to be provided as input to the algorithms in Section [[[#proof-serialization-experimental-mldsa44-2024]]] or Section [[[#proof-verification-experimental-mldsa44-2024]]].

The required inputs to this algorithm are a transformed data document (|transformedDocument|) and canonical proof configuration (|canonicalProofConfig|). A single hash data value represented as series of bytes is produced as output.

  1. Let |transformedDocumentHash| be the result of applying the SHA-256 (SHA-2 with 256-bit output) cryptographic hashing algorithm [[RFC6234]] to the respective |transformedDocument|. Respective |transformedDocumentHash| will be exactly 32 bytes in size.
  2. Let |proofConfigHash| be the result of applying the SHA-256 (SHA-2 with 256-bit output) cryptographic hashing algorithm [[RFC6234]] to the |canonicalProofConfig|. Respective |proofConfigHash| will be exactly 32 bytes in size.
  3. Let |hashData| be the result of joining |proofConfigHash| (the first hash) with |transformedDocumentHash| (the second hash).
  4. Return |hashData| as the hash data.

Proof Configuration (experimental-mldsa44-2024)

The following algorithm specifies how to generate a proof configuration from a set of proof options that is used as input to the proof hashing algorithm.

The required inputs to this algorithm are proof options (|options|). The proof options MUST contain a type identifier for the cryptographic suite (|type|) and MUST contain a cryptosuite identifier (|cryptosuite|). A proof configuration object is produced as output.

  1. Let |proofConfig| be a clone of the |options| object.
  2. If |proofConfig|.|type| is not set to `DataIntegrityProof` and/or |proofConfig|.|cryptosuite| is not set to `experimental-mldsa44-2024`, an `INVALID_PROOF_CONFIGURATION` error MUST be raised.
  3. If |proofConfig|.|created| is set and if the value is not a valid [[XMLSCHEMA11-2]] datetime, an `INVALID_PROOF_DATETIME` error MUST be raised.
  4. Set |proofConfig|.|@context| to |unsecuredDocument|.|@context|.
  5. Let |canonicalProofConfig| be the result of applying the Universal RDF Dataset Canonicalization Algorithm [[RDF-CANON]] to the |proofConfig|.
  6. Return |canonicalProofConfig|.

Proof Serialization (experimental-mldsa44-2024)

The following algorithm specifies how to serialize a digital signature from a set of cryptographic hash data. This algorithm is designed to be used in conjunction with the algorithms defined in the Data Integrity [[VC-DATA-INTEGRITY]] specification, Section 4: Algorithms. Required inputs are cryptographic hash data (|hashData|) and proof options (|options|). The proof options MUST contain a type identifier for the cryptographic suite (|type|) and MAY contain a cryptosuite identifier (|cryptosuite|). A single digital proof value represented as series of bytes is produced as output.

  1. Let |privateKeyBytes| be the result of retrieving the private key bytes (or a signing interface enabling the use of the private key bytes) associated with the verification method identified by the |options|.|verificationMethod| value.
  2. Let |proofBytes| be the result of applying the ML-DSA-44 Signature Algorithm [[FIPS-204]], with |hashData| as the data to be signed using the private key specified by |privateKeyBytes|. |proofBytes| will be exactly 2420 bytes in size.
  3. Return |proofBytes| as the digital proof.

Proof Verification (experimental-mldsa44-2024)

The following algorithm specifies how to verify a digital signature from a set of cryptographic hash data. This algorithm is designed to be used in conjunction with the algorithms defined in the Data Integrity [[VC-DATA-INTEGRITY]] specification, Section 4: Algorithms. Required inputs are cryptographic hash data (|hashData|), a digital signature (|proofBytes|) and proof options (|options|). A verification result represented as a boolean value is produced as output.

  1. Let |publicKeyBytes| be the result of retrieving the public key bytes associated with the |options|.|verificationMethod| value as described in the Data Integrity [[VC-DATA-INTEGRITY]] specification, Section 4: Retrieve Verification Method.
  2. Let |verificationResult| be the result of applying the verification algorithm ML-DSA-44 Digital Signature Algorithm [[FIPS-204]], with |hashData| as the data to be verified against the |proofBytes| using the public key specified by |publicKeyBytes|.
  3. Return |verificationResult| as the verification result.

Security Considerations

Before reading this section, readers are urged to familiarize themselves with general security advice provided in the Security Considerations section of the Data Integrity specification.

The following section describes security considerations that developers implementing this specification should be aware of in order to avoid violating security assumptions.

Privacy Considerations

Before reading this section, readers are urged to familiarize themselves with general privacy advice provided in the Privacy Considerations section of the Data Integrity specification.

The following section describes privacy considerations that developers implementing this specification should be aware of in order to avoid violating privacy assumptions.

Revision History

This section contains the substantive changes that have been made to this specification over time.

TBD...