2026-05-28 –, Arena
Extending the definition of the hash algorithm defined in SD-JWT allows zero knowledge proofs to be used on properties. Here we show how sigma protocols with Pedersen commitments could be added with almost no (structural) modifications to RFC-9901.
While selective disclosure can enhance a user's privacy by only revealing necessary claims, there are use cases that need certain conditions on the properties to be true (e.g. claim-based binding, age verification, set inclusion).
With the default hash algorithm identifiers defined in RFC-9901 e.g. SHA-256, there is no easy way to do zero knowledge proofs and as such, the relevant claims must always be disclosed. In our extension of RFC-9901, we standardise how to provide commitments on attributes using them as an alternative family of "hash"-like functions. Further extensions in the key binding JWT propose a way to define sigma protocols to provide efficient zero knowledge proofs for linear conditions on attributes - especially equality and range proofs.
Using our proposal, we can achieve device binding for only claim-based bound credentials using the transitivity property and linking e.g. a diploma with an ID card, without revealing more information than necessary.
With this proposal in mind, we are looking for inputs on how to include further ZKP schemes (e.g. lattice-based/hash-based schemes), and how to generalise definitions of proof systems.
Patrick started his career as a mobile developer very early on, with a game for a Sony Ericson using Java2ME. He switched technologies a few times - Android, iOS, Windows Phone (the best platform ever!) - and decided to study physics. Thanks to a few courses in algebra (among other math courses) - and thanks to the work of some great researchers - he came up with a proposal for device binding of BBS signatures with ECDSA (zk-bridge). He is currently working on a variety of projects on cryptographic protocols. Patrick holds an MSc in Physics from ETH Zurich.
Chris is a Software Engineer at Ubique. Most of his time is spent on digital identity, security and mobile development, where he contributes to secure and seamless solutions that enhance user experience across a variety of digital products. Before entering the OAuth and OpenId rabbit hole, he has tinkered with Hyperledger Indy, RDMA and TEEs. Chris holds a Msc in Computer Science from ETH Zurich.