7J/ BBS +

From IIW

'Session Topic/Title: BBS+ Signatures '

Session Convener: Vasileios Kalos

Notes-taker(s): Vasileios Kalos

Tags / links to resources / technology discussed, related to this session:

Link to presentation: https://docs.google.com/presentation/d/1hSRragNccMmmUnSorpQOnNsRBI5VLTB3/edit?usp=sharing&ouid=114694734233211540431&rtpof=true&sd=true

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

BBS+ is a digital signature cryptographic scheme that supports several unique properties. Notably, the scheme supports signing multiple messages whilst producing a single, constant size, digital signature. The possessor of a signature is also able to derive proofs that selectively disclose subsets of the originally signed set of messages, whilst preserving the verifiable authenticity and integrity of the revealed messages. Furthermore, these derived proofs are said to be zero-knowledge in nature as they do not reveal any information about the underlying signature or messages chosen to not be disclosed; instead, they only reveal a proof of knowledge of the undisclosed signature.

BBS+ are based on the work of D. Boneh, X. Boyen, and H. Shacham, titled: “Short Group Signatures” of 2004. Later they were re-visited by Man Ho Au, Willy Susilo and Yi Mu on their work titled: “Constant-Size Dynamic k-TAA” of 2006 and they were visited again by J. Camenisch, M. Drijvers and A. Lehmann on their work: “Anonymous attestation using the strong diffie hellman assumption revisited” of 2016 (this is the version that the draft specification mainly uses). The signature scheme is currently under standardization on the applied crypto working group in the Decentralized Identity Foundation.

BBS+ draft spec on DIF: https://github.com/decentralized-identity/bbs-signature