-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider including bbsHeader
in base proof to simplify disclosure / derived proof implementations
#126
Comments
Hmm, when a holder receives the base proof they need to verify it and hence recompute/calculate |
I don't think we should assume every holder (their software) will verify the BBS signature upon receipt after receiving the VC from a trusted issuer over a trusted channel. It lowers the implementation burden and ability for wallets to get support if we don't have a hard requirement on that. There might be implementers that need to move quickly to support BBS presentation -- and may only opt to add additional local verification later. On top of this, if we were to advise implementers that they could cache, etc. -- it would still be simpler if the values were made available in the base proof eliminating the need for figuring out how / where to store the cached values (and these could be confirmed during verification if holder software wanted to do so). Finally, verification can also be performed by generating a proof and then running verification thereafter. Of course, this still means that the functions to do the checks are in the verification piece, but it keeps the disclosure implementation simpler whilst still enabling verification as desired. In short, I think the benefits outweigh the costs and we should include those two hashes (32 bytes each) in the base proof for easier, simpler / quicker implementations to be constructed. |
So, in conjunction with #125, I'd say the base proof would have these things:
|
This was my issue and it was addressed by #131, closing. |
If we include the
bbsHeader
in the base proof at a cost of 64 bytes (as it comprisesproofHash
of 32 bytes andmandatoryHash
of 32 bytes) then disclosure implementations do not need to reproduce these values themselves and can just include them in the BBS ProofGen call.Including this in the base proof (which is not retransmitted for presentation to verifiers) seems like it's probably worth the trade off of reduced complexity for derived proof implementers.
The text was updated successfully, but these errors were encountered: