5B/ JSON Eb Proofs (JWP’s) What, Why and How

From IIW

Session Topic/Title: JSON Web Proofs (JWP)


Session Convener: David Waite (DW), Michael B. Jones

Notes-taker(s): Michael B. Jones

Tags / links to resources / technology discussed, related to this session:


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

DW explained the representation format

  • Payloads separated by ~ characters
  • Claims ordered based on issuer metadata


Two kinds of use cases

  • Ongoing relationship with issuer
  • No ongoing relationship with issuer


There are two kinds of JWPs

  • Single use JWPs, which enable correlation if used multiple times
    • Can use standard cryptography, such as ECDSA signatures with P-256
  • Multiple use JWPs
    • Use pairing-friendly curves to prevent correlation with multipe uses


Question about differences between "proofs" and "signatures" Brent Zundel said that a signature is a kind of proof but some proofs are not signatures

  • You can prove knowledge of the signature itself
  • For instance CL proofs


Tobias Looker described receiving something in an issued form and adding a presentation header

  • JWPs issued to the holder are augmented with a presentation header for presentation to a verifier


The same issuer and signature algorithm are used for all payloads

  • Attendees said that anoncreds can be used to combine multiple tokens from different issuers


Examples in the spec

  • Single-use JWT using ECDSA with P-256
  • BBS signatures


GitHub Shortcut https://jwp.tools


Three specifications


Tobias discussed link secrets

  • He said their usefulness depends upon what you're trying to solve


Standards Status

  • Currently in DIF Crypto WG
  • Plan to take it to the IETF this year
    • Will probably need a new working group


A goal is clear separation of the security and application layers