### Credential Definition Example (JSON Snippet) Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md An example JSON snippet illustrating the structure of a Credential Definition, showing placeholder values for cryptographic integers. ```json { "link_secret": "521...922", "name": "410...200", "uuid": "226...757" }, "rctxt": "774...977", "s": "750..893", "z": "632...005" } ``` -------------------------------- ### Revocation Status List Object Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md An example of a published Revocation Status List object, detailing its structure and fields. ```json { "revRegDefId": "4xE68b6S5VRFrKMMG1U95M:4:4xE68b6S5VRFrKMMG1U95M:3:CL:59232:default:CL_ACCUM:4ae1cc6c-f6bd-486c-8057-88f2ce74e960", "revocationList": [0, 1, 1, 0], "currentAccumulator": "21 124C594B6B20E41B681E92B2C43FD165EA9E68BC3C9D63A82C8893124983CAE94 21 124C5341937827427B0A3A32113BD5E64FB7AB39BD3E5ABDD7970874501CA4897 6 5438CB6F442E2F807812FD9DC0C39AFF4A86B1E6766DBB5359E86A4D70401B0F 4 39D1CA5C4716FFC4FE0853C4FF7F081DFD8DF8D2C2CA79705211680AC77BF3A1 6 70504A5493F89C97C225B68310811A41AD9CD889301F238E93C95AD085E84191 4 39582252194D756D5D86D0EED02BF1B95CE12AED2FA5CD3C53260747D891993C", "timestamp": 1669640864487 } ``` -------------------------------- ### Tails File Generation Steps Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Provides a step-by-step guide for generating a tail point for an attribute at a specific index. This includes converting the index to bytes, creating a finite field element, modular exponentiation, and multiplying by the G2 generator. ```APIDOC 1. Create and open the tails file. 2. Convert index into an array of bytes(u8) using little endian ordering. 3. Create an element belonging to the finite field group from the u8 array. 4. Calculate pow by doing modular exponentiation of revocation private key(gamma) with the finite field element previously calculated. 5. Multiply pow by g_dash, which is the generator of elliptic curve group G2, and this should be the required point on the curve. 6. Convert this tail point to an array of bytes(u8), and put them into the file as a slice buffer. 7. Repeat for all the attributes from index $1$ to $L$, by calculating ([γ], [γ^2], [γ^3], ...[γ^L], [γ], [γ^{L+2}], [γ^{L+3}], ..., [γ^{2L}]). Note that Instead of inserting [γ^{L+1}] in the sequence, insert the value [γ] (the first value in the sequence) in its place, and then continue with [γ^{L+2}] and on to [γ^{2L}]. [γ^{L+1}] is not used by holders generating the Non-Revocation Proof and a dummy value is inserted in its place. 8. Close the file buffer. ``` -------------------------------- ### Predicates Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_presentation_create_presentation.md Provides an example of the structure for predicates requested in a presentation, including the sub-proof index. ```json { "predicates": { "consent_attrs": { "sub_proof_index": 1 } } } ``` -------------------------------- ### AnonCreds Setup Sequence Diagram Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Visualizes the sequence of operations for setting up AnonCreds, including publishing schemas, creating credential definitions, and managing revocation registries. ```mermaid sequenceDiagram autonumber participant L as Verifiable
Data Registry participant SP as Schema Publisher participant I as Issuer participant H as Holder Note over L, H: Schema Publisher: Publish Schema SP ->> L: Publish Schema (Schema) L ->> I: Schema ID,
Schema Transaction ID Note over L, H: Issuer: Create, Store and Publish CredDef I ->> I: create_and_store_credential_def
(Schema, tag, support_revocation) Note right of I: store public /
private keys and
correctness proof I ->> L: Publish CredDef (CredDef) Note over L, H: Issuer: Create, Store and Publish Revocation Registry (Optional) I ->> I: create_and_store_revoc_reg (intCredDef) Note right of I: get keys Note right of I: store revoc_reg_def,
revoc_reg_accum,
priv_key,
tails_generator I ->> L: Publish RevReg
(revoc_reg_id,
revoc_reg_def_json,
revoc_reg_entry_json) Note over L, H: Holder: Create and Store Link Secret H ->> H: anoncreds_prover_create_link_secret H ->> H: store link secret rect rgb(191, 223, 255) Note left of H: 💡The "Verifier" role is
omitted in this
diagram, since
it is not required
for the setup end ``` -------------------------------- ### Anoncreds Aggregated Proof Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_presentation_create_presentation.md An example of the 'aggregated_proof' structure, demonstrating the 'c_hash' and 'c_list' fields with sample base10 string values. ```json { "aggregated_proof": { "c_hash": "81763443376178433216866153835042672285397553441148068557996780431098922863180", "c_list": [ [ 2, 122, 246, 66, 85, 35, 17, 213, 1 ], [ 1, 162, 117, 246, 95, 154, 129, 32 ] ] } } ``` -------------------------------- ### Multi-Credential Presentation Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_presentation_create_presentation.md An example JSON structure for a multi-credential presentation, illustrating the data format for a presentation without revocation. ```json [[insert: ./data/MutiCredentialPresentation.json ]] ``` -------------------------------- ### Rust Implementation Reference Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md A link to the Rust implementation of the Anoncreds credential definition generation process. ```Rust https://github.com/hyperledger/anoncreds-clsignatures-rs/blob/32398a67a4bdacf327c12eb4ecf5234857cc0a24/src/issuer.rs#L61 ``` -------------------------------- ### Holder Create and Store Link Secret (JavaScript Example) Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Illustrates a conceptual JavaScript approach to generating a link secret, emphasizing the need for a cryptographically secure random number generator. This secret is crucial for binding credentials to a holder and enabling zero-knowledge proofs. ```javascript function createLinkSecret() { // In a real implementation, use a secure random number generator like crypto.randomUUID() return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) { var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8); return v.toString(16); }); } ``` -------------------------------- ### Holder Create and Store Link Secret (Rust Example) Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Demonstrates how a Holder can generate a link secret using the uuid crate's new_v4() method, ensuring sufficient randomness for credential binding and presentation proofs. This secret is stored locally and used for all subsequent credential interactions. ```rust use uuid::Uuid; fn create_link_secret() -> String { Uuid::new_v4().to_string() } ``` -------------------------------- ### Restrictions Example JSON Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_presentation_create_request.md An example illustrating the structure of the `restrictions` field, showing how multiple conditions can be combined using AND and OR logic. ```json { "restrictions": [ { "issuer_did": "", "schema_id": "id" }, { "cred_def_id" : "", "attr::color::marker": "1", "attr::color::value" : "red" } ] } ``` -------------------------------- ### AnonCreds Revocation Status List Creation Parameters Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Defines the input parameters required for creating an initial Revocation Status List object. ```APIDOC CreateInitialRevocationStatusList: Inputs: revRegId: string - The ID of the Revocation Registry for which the initial Revocation Status List is to be generated. - Used to find the associated Private Revocation Registry. revocationList: array - A bit array of length `maxCredNum` indicating the initial revocation status of credentials. - `1` indicates initially revoked, `0` indicates initially unrevoked. Process: 1. Collect information from the Private Revocation Registry: - `revocDefType`: Type of revocation registry (e.g., 'CL_ACCUM'). - `maxCredNum`: Capacity of the Revocation Registry. - `tailsArray`: Contents of the TAILS_FILE. - `privateKey`: Accumulator private key. 2. Calculate the cryptographic accumulator value based on the collected information and the `revocationList`. 3. Generate the Revocation Status List object with `revRegDefId`, `revocationList`, `currentAccumulator`, and `timestamp`. Outputs: - A published Revocation Status List object. ``` -------------------------------- ### Example AnonCreds W3C Presentation with Revocation Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/w3c_representation.md A complete example of a W3C AnonCreds presentation that includes a revocable credential, demonstrating the integration of credential subject and proof structures. ```json [[insert: ./data/W3CPresentationWithRevocation.json ]] ``` -------------------------------- ### Example AnonCreds W3C Credential Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/w3c_representation.md Provides an example of an AnonCreds credential formatted according to W3C Verifiable Credentials standards. This includes the structure for context, types, credential subject, and credential schema. ```json { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" ], "id": "http://example.gov.uk/credentials/1872", "type": [ "VerifiableCredential", "AnonCredsCredential" ], "credentialSubject": { "firstName": "Alice", "lastName": "Jones", "age": "18" }, "credentialSchema": { "type": "AnonCredsDefinition", "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:fabername:0.1.0" } } ``` -------------------------------- ### Restrictions Logic Explanation Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_presentation_create_request.md Explains the logical interpretation of the example `restrictions` JSON, demonstrating how AND and OR operations are applied to the conditions. ```text The attributes must come from a source verifiable credential such that: issuer_did = AND schema_id = OR cred_def_id = AND the credential must contain an attribute name "color" AND the credential must contain an attribute name "color" with the attribute value "red" ``` -------------------------------- ### AnonCreds W3C Presentation Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/w3c_representation.md Illustrates the structure of a W3C Verifiable Presentation when used with AnonCreds, including necessary context and type information. ```json [[insert: ./data/W3CPresentation.json ]] ``` -------------------------------- ### Local Specification Rendering with Spec-Up Source: https://github.com/hyperledger/anoncreds-spec/blob/main/EditingTheSpec.md Instructions for rendering the AnonCreds specification locally using Spec-Up. This involves installing Node.js and npm, running npm install, and then using npm run edit for live updates or npm run render for a single generation. ```shell npm install npm run edit npm run render ``` -------------------------------- ### AnonCreds W3C Presentation Type Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/w3c_representation.md Demonstrates the `type` property for an AnonCreds W3C presentation, specifying both the general VerifiablePresentation and the AnonCredsPresentation types. ```json { "type": [ "VerifiablePresentation", "AnonCredsPresentation" ] } ``` -------------------------------- ### Tails File Format Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Describes the structure of a Tails File, including the initial version bytes and the arrangement of G2 curve points. ```APIDOC - First two bytes are version number(currently 0u8 2u8) - A list of the points, one per credential in the Revocation Registry. Each point is a collection of three integers implemented as points in 3 dimensions as per ECP2. Each point is 3x4 = 12 bytes long. Thus the total size of a Tails File is 2 + 12*Size of the Revocation Registry + 6 (the L+1 entry). ``` -------------------------------- ### AnonCreds W3C Revocable Credential Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/w3c_representation.md Provides an example of a complete W3C Verifiable Credential that incorporates AnonCreds-specific revocation information. ```json [[insert: ./data/W3CCredentialWithRevocation.json ]] ``` -------------------------------- ### Tails File Generation Formula Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md This snippet illustrates the mathematical formula used to generate points for the Tails File. It involves calculating tail[index] as g_dash multiplied by gamma raised to the power of the index. ```rust tail[index] = g_dash * (gamma ** index) ``` -------------------------------- ### Anoncreds Credential Definition Generation Process Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Describes the cryptographic steps for generating a Credential Definition and its private key, including prime number generation, modular exponentiation, and the structure of public and private keys. ```APIDOC Process: 1. Build credential schema. 2. Build non-credential schema with 'master_secret' attribute. 3. Generate primes p', q' such that p = 2p'+1 and q = 2q'+1 are primes. 4. Compute n = pq. 5. Compute random x_z, x_R_i in the range of safe primes. 6. Compute random quadratic residue S mod n. 7. Compute Z = S^x_z (mod n) and R_i = S^x_R_i (mod n). Public Key (P_k): (n, S, Z, {R_i}) Private Key (s_k): (p, q) ``` -------------------------------- ### Python Implementation Example for Attribute Encoding Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_issuance.md Provides a Python code example demonstrating the attribute encoding rules specified in the AnonCreds standard. This implementation is based on the Hyperledger Aries Cloud Agent Python. ```Python from aries_cloudagent.messaging.util import canonicalization_rules # Example usage: attribute_value = "1234" encoded_value = canonicalization_rules.encode_attribute(attribute_value) print(f"Encoded value for '{attribute_value}': {encoded_value}") attribute_value_str = "hello" encoded_value_str = canonicalization_rules.encode_attribute(attribute_value_str) print(f"Encoded value for '{attribute_value_str}': {encoded_value_str}") attribute_value_none = None encoded_value_none = canonicalization_rules.encode_attribute(attribute_value_none) print(f"Encoded value for '{attribute_value_none}': {encoded_value_none}") ``` -------------------------------- ### Identifiers Example (Non-Revocable) Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_presentation_create_presentation.md Demonstrates the structure of identifiers for a non-revocable source credential, including schema ID and credential definition ID. ```json { "identifiers": [ { "schema_id": "CsQY9MGeD3CQP4EyuVFo5m:2:MYCO Biomarker:0.0.3", "cred_def_id": "CsQY9MGeD3CQP4EyuVFo5m:3:CL:14951:MYCO_Biomarker" } ] } ``` -------------------------------- ### AnonCreds W3C Presentation Context Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/w3c_representation.md Shows the `@context` property for an AnonCreds W3C presentation, including the standard W3C context and the specific AnonCreds context URI. ```json { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" ] } ``` -------------------------------- ### Private Credential Definition Format Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md The internal structure of a Private Credential Definition, containing the private keys necessary for the issuer. ```JSON { "p_key": { "p": "123...782", "q": "234...456" }, "r_key": null } ``` -------------------------------- ### Tails File Hashing Process Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Details the process for hashing the Tails File using SHA256. It involves appending the tails file version and all G2 curve points to a hasher. ```APIDOC 1. Append the tails file version and all the bytes of G2 curve points one by one into a hasher. 2. Compute the hash digest using SHA256 hashing algorithm. ``` -------------------------------- ### Revocation Registry Definition Object Generation Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Outlines the generation of the Revocation Registry object and the associated Private Revocation Registry, which is securely stored by the issuer. ```APIDOC In addition to generating the Revocation Registry object, a Private Revocation Registry object is generated and securely stored by the issuer. Data model and definition of the items in the Private Revocation Registry: TODO: Fill in the details about the Revocation Registry Definition ``` -------------------------------- ### Spec-Up Configuration Reference Source: https://github.com/hyperledger/anoncreds-spec/blob/main/EditingTheSpec.md This entry details the configuration and usage of Spec-Up, a tool used for rendering markdown specifications. It includes prerequisites, installation, and commands for local development and rendering. ```APIDOC Spec-Up Usage: Prerequisites: - Node.js - npm Installation: npm install Commands: npm run edit: Renders the document with live updates. npm run render: Generates the specification file once. Note: Full guidance is available in the Spec-Up repository. ``` -------------------------------- ### Schema Object Fields Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Details the fields within a JSON schema object for AnonCreds. Explains the purpose and constraints for 'issuerId', 'name', 'version', and 'attrNames'. ```APIDOC Schema Object Fields: - issuerId: The [[ref: Issuer Identifier]] of the schema. MUST adhere to [Issuer Identifiers](#issuer-identifiers) rules. - name (string): The name of the schema. - version (string): The schema version as a documentation string that it's not validated. The format is up to each implementor or publisher. For example, Indy uses [Semantic Versioning](https://semver.org). - attrNames (str[]): An array of strings with each string being the name of an attribute of the schema. ``` -------------------------------- ### Credential Definition Components Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Outlines the essential components of a Credential Definition in AnonCreds. This includes the issuer's DID, a link to the base Schema, and cryptographic key pairs for signing attributes. It also mentions information required for credential revocation if enabled. ```APIDOC Credential Definition Components: - Issuer DID: The DID used to publish the Credential Definition. - Schema Link: A reference to the [[ref: Schema]] upon which the Credential Definition is based. - Key Pairs: Public/private key pairs for each attribute (claim) in the credential, used for signing. - Revocation Information: Data necessary for enabling credential revocation (if applicable). ``` -------------------------------- ### RevRegEntry Data Structure Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_revocation.md An example of the data contained within a RevRegEntry object, detailing revocation definitions, accumulator values, and lists of issued/revoked credential indices. ```json { "data": { "revocDefType": "CL_ACCUM", "revocRegDefId": "4xE68b6S5VRFrKMMG1U95M:4:4xE68b6S5VRFrKMMG1U95M:3:CL:59232:default:CL_ACCUM:4ae1cc6c-f6bd-486c-8057-88f2ce74e960", "value": { "accum": "21 116...567", "prevAccum": "21 128...C3B", "issued": [ ], "revoked": [ 172 ] } } } ``` -------------------------------- ### AnonCreds Credential Status Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/w3c_representation.md Demonstrates the structure of the `credentialStatus` property for AnonCreds credentials, indicating revocability and referencing the revocation registry ID. ```json { "credentialStatus": { "type": "AnonCredsCredentialStatusList2023", "id": "did:sov:NcYxiDXkpYi6ov5FcYDi1e:4:NcYxiDXkpYi6ov5FcYDi1e:3:CL:NcYxiDXkpYi6ov5FcYDi1e:2:gvt:1.0:tag:CL_ACCUM:TAG_1" } } ``` -------------------------------- ### Credential Definition with Revocation Enabled Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md This JSON structure represents a Credential Definition that supports revocation. It includes issuer information, schema details, and the 'value' object containing 'primary' public key components and 'revocation' specific components. ```json { "issuerId": "did:indy:sovrin:F72i3Y3Q4i466efjYJYCHM", "schemaId": "did:indy:sovrin:F72i3Y3Q4i466efjYJYCHM/anoncreds/v0/SCHEMA/state_license/4.2.0", "type": "CL", "tag": "latest", "value": { "primary": {...}, "revocation": { "g": "1 154...813 1 11C...D0D 2 095..8A8", "g_dash": "1 1F0...3B5 1 229...41D 1 04B...F7D 1 061...8B7 2 095...8A8", "h": "1 131...0DD 1 0D5...66E 2 095...8A8", "h0": "1 1AF...246 1 127...361 2 095...8A8", "h1": "1 242...F14 1 1AC...2FF 2 095...8A8", "h2": "1 072...7A1 1 09E...622 2 095...8A8", "h_cap": "1 196...C53 1 238...38B 1 196...C7E 1 198...D31 2 095...8A8 1 000...000", "htilde": "1 1D5...797 1 034...232 2 095...8A8", "pk": "1 0E7...A88 1 007...4B8 2 095...8A8", "u": "1 18E...44B 1 018...F71 1 0D8...2C2 1 003...4CF 2 095...8A8 1 000...000", "y": "1 068...F6B 1 16C...F7E 1 01F...68A 1 1E3...9F9 2 095...8A8 1 000...000" } } } ``` -------------------------------- ### Credential Definition Format Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md The public structure of a Credential Definition, intended for publication on a Verifiable Data Registry (VDR). Includes issuer ID, schema ID, type, tag, and public key values. ```JSON { "issuerId": "did:indy:sovrin:SGrjRL82Y9ZZbzhUDXokvQ", "schemaId": "did:indy:sovrin:SGrjRL82Y9ZZbzhUDXokvQ/anoncreds/v0/SCHEMA/MemberPass/1.0", "type": "CL", "tag": "latest", "value": { "primary": { "n": "779...397", "r": { "birthdate": "294...298", "birthlocation": "533...284", "citizenship": "894...102", "expiry_date": "650...011", "facephoto": "870...274", "firstname": "656...226" } } } } ``` -------------------------------- ### Revealed Attribute Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_presentation_create_presentation.md Demonstrates the structure of revealed attributes, including their raw and encoded values. It highlights the importance of the verifier understanding the raw-to-encoded algorithm used by the issuer. ```json { "revealed_attrs": { "consent_attrs": { "sub_proof_index": 1, "values": { "claim_name": { "raw": "205b1ea0-7848-48d4-b52b-339122d84f62", "encoded": "46414468020333259158238797309781111434265856695713363124410805958145233348633" } } } } } ``` -------------------------------- ### Schema JSON Structure Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Defines the structure of a schema used in AnonCreds. It includes the issuer's ID, schema name, version, and a list of attribute names that will be included in credentials of this type. The 'issuerId' must follow specific identifier rules, 'name' and 'version' are descriptive strings, and 'attrNames' is an array of attribute names. ```json { "issuerId": "https://example.org/issuers/74acabe2-0edc-415e-ad3d-c259bac04c15", "name": "Example schema", "version": "0.0.1", "attrNames": ["name", "age", "vmax"] } ``` -------------------------------- ### Self-Attested Attributes Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_presentation_create_presentation.md Illustrates the structure for self-attested attributes, where the holder provides data attested only by themselves, not by an issuer. ```json { "self_attested_attrs": { "consent_attrs": "I agree to share my data with the verifier" } } ``` -------------------------------- ### Unrevealed Attributes Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_presentation_create_presentation.md Shows the format for unrevealed attributes, which are attributes requested by the verifier but not disclosed by the holder, along with their sub-proof index. ```json { "unrevealed_attrs": { "consent_attrs": { "sub_proof_index": 1 } } } ``` -------------------------------- ### AnonCreds W3C Credential Subject Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/w3c_representation.md Demonstrates the `credentialSubject` property for AnonCreds W3C credentials, showing claims about a single subject as key-value pairs with raw attribute values. ```json { ... "credentialSubject": { "firstName": "Alice", "lastName": "Jones", "age": "18" } ... } ``` -------------------------------- ### Private Revocation Keys Structure Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Defines the JSON structure for private revocation keys when revocation is enabled in a credential definition. Includes the `p_key` (omitted details) and `r_key` components. ```json { "p_key": { "p": "123...782", "q": "234...456" }, "r_key": { "x": "332...566", "sk": "992...237" } } ``` -------------------------------- ### Revocation Registry Definition Object Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md The data model for a Revocation Registry Definition Object, including issuer ID, revocation definition type, credential definition ID, tag, and associated values like public keys, maximum credential number, tails location, and tails hash. ```json { "issuerId": "did:web:example.org", "revocDefType": "CL_ACCUM", "credDefId": "Gs6cQcvrtWoZKsbBhD3dQJ:3:CL:140384:mctc", "tag": "MyCustomCredentialDefinition", "value": { "publicKeys": { "accumKey": { "z": "1 0BB...386" } }, "maxCredNum": 666, "tailsLocation": "https://my.revocations.tails/tailsfile.txt", "tailsHash": "91zvq2cFmBZmHCcLqFyzv7bfehHH5rMhdAG5wTjqy2PE" } } ``` -------------------------------- ### AnonCreds API Philosophy Source: https://github.com/hyperledger/anoncreds-spec/wiki/WG-2022-10-03 This section outlines the guiding principles for the AnonCreds API, focusing on how AnonCreds Methods support both deltas and full state storage for Revocation Registries (RevReg). It also touches upon the general philosophy for all AnonCreds Objects including Schema, Credential Definition, and RevReg (Def, Entry). ```APIDOC AnonCredsAPI: RevRegStorage: description: Supports both deltas and full state storage for Revocation Registries. supported_states: [delta, full_state] ObjectConsistency: description: Ensures consistency across all AnonCreds Objects (Schema, Credential Definition, RevReg Def, RevReg Entry). principles: [consistency, ledger_agnostic] DataModelUpdates: description: Updates to AnonCreds data models for consistency and ledger agnosticism. examples: - snake_case vs. camel_case consistency - 'ref' item in CredDef object ``` -------------------------------- ### Anoncreds Revocation Key Types Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Describes the types and purpose of fields within the revocation private key (`r_key`) and the related secret value `gamma` used by the issuer. ```APIDOC CredentialRevocationPrivateKey: sk: Integer modulo q (used for revocation) x: Integer modulo q (used for revocation public key generation) RevocationKeyPrivate (Issuer's internal secret): gamma: Secret value used to construct the accumulator (separate from CredentialRevocationPrivateKey) ``` -------------------------------- ### Credential Definition Structure Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Describes the structure of a Credential Definition object used in AnonCreds. It includes fields like issuerId, schemaId, type, tag, and a value object containing primary and revocation data. ```APIDOC Credential Definition: issuerId: The [[ref: Issuer Identifier]] of the credential definition. MUST adhere to [Issuer Identifiers](#issuer-identifiers) rules. schemaId: (string) The identifier of the [[ref: Schema]] on which the [[ref: Credential Definition]] is based. The format of the identifier is dependent on the [[ref: AnonCreds Objects Method]] used in publishing the [[ref: Schema]]. type: (string) The signature type of the [[ref: Credential Definition]]. For this version of AnonCreds the value is always `CL`. tag: (string) The tag value passed in by the [[ref: Issuer]] to an AnonCred’s [[ref: Credential Definition]] create and store implementation. value: (object) an Ursa native object with the `primary` and `revocation` fields. primary: n: A safe RSA-2048 number. A large semiprime number such that `n = p.q`, where `p` and `q` are safe primes. A safe prime `p` is a prime number such that `p = 2p'+ 1`, where `p'` is also a prime. Note: `p` and `q` are the private key for the public CL-RSA key this [[ref: Credential Definition]] represents. r: An object that defines a CL-RSA public key fragment for each attribute in the credential. Each fragment is a large number generated by computing `s^{xri}` where `xri` is a randomly selected integer between 2 and `p'q'-1`. master_secret: (also known as [[ref: link secret]], but kept as master_secret for backwards compatibility) is the name of an attribute that can be found in each [[ref: Credential Definition]]. The associated private key is used for signing a blinded value given by the [[ref: Holder]] to the [[ref: Issuer]] during credential issuance, binding the credential to the [[ref: Holder]]. (other attributes): The rest of the attributes in the list are those defined in the [[ref: Schema]]. The attribute names are normalized (lower case, spaces removed) and listed in the [[ref: Credential Definition]] in alphabetical order. rctxt: Equal to `s^(xrctxt)`, where `xrctxt` is a randomly selected integer between `2` and `p'q'-1`. (This is believed to be used for the commitment scheme, allowing entities to blindly contribute values to credentials.) s: A randomly selected quadratic residue of `n`. This makes up part of the CL-RSA public key, independent of the message blocks being signed. z: Equal to `s^(xz)`, where `xz` is a randomly selected integer between `2` and `p'q'-1`. This makes up part of the CL-RSA public key, independent of the message blocks being signed. revocation: (Details for revocation data would typically be here, but are not provided in the source text.) ``` -------------------------------- ### AnonCreds W3C Credential Schema Example Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/w3c_representation.md Presents the `credentialSchema` property for AnonCreds W3C credentials, specifying the 'AnonCredsDefinition' type and providing URIs for the credential definition and schema. ```json { ... "credentialSchema": { "type": "AnonCredsDefinition", "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:fabername:0.1.0" } ... } ``` -------------------------------- ### Presentation Request with Non-Revoked Interval Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_presentation_create_request.md An example of a complete AnonCreds presentation request that includes a 'non_revoked' object to specify a non-revocation interval for a credential. ```json { "nonce":"168240505120030101", "name":"Proof of Education", "version":"1.0", "requested_attributes":{ "0_degree_uuid":{ "names":[ "name", "date", "degree" ], "restrictions":[ { "schema_name":"degree schema" } ] }, "0_self_attested_thing_uuid":{ "name":"self_attested_thing" }, "non_revoked": { "from": 1673885735, "to": 1673885735, } }, "requested_predicates":{ "0_age_GE_uuid":{ "name":"birthdate_dateint", "p_type":"<=", "p_value":20030101, "restrictions":[ { "schema_name":"degree schema" } ] } } } ``` -------------------------------- ### AnonCreds API Philosophy and Styles Source: https://github.com/hyperledger/anoncreds-spec/wiki/WG-2022-10-24 This section details the philosophy behind the AnonCreds API and its stylistic conventions. It is intended to guide developers in understanding and implementing the API. ```APIDOC AnonCreds API Philosophy: - Focus on abstract data objects for processing. - Transition from implementation-specific calls (e.g., `indy_prover_...`) to data object interactions. - Support for W3C VC Data Model format. API Styles: - Formalize abstract API for writing/reading published objects. - Define Credential Definition Generation (including private cred defs). - Specify Revocation data elements and their definitions. ``` -------------------------------- ### AnonCreds Revocation Object Components Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_setup.md Describes the components within the 'revocation' object of an AnonCreds Credential Definition, which are essential for managing credential revocation status. Each component is an elliptic curve point with specific mathematical properties. ```APIDOC RevocationObject: g: Generator for the elliptic curve group G1. g_dash: Generator for the elliptic curve group G2. h: Elliptic curve point selected uniformly at random from G1. h0: Elliptic curve point selected uniformly at random from G1. h1: Elliptic curve point selected uniformly at random from G1. h2: Elliptic curve point selected uniformly at random from G1. h_cap: Elliptic curve point selected uniformly at random from G2. htilde: Elliptic curve point selected uniformly at random from G1. pk: Public key in G1, computed as g^sk, where sk is the issuer's secret revocation key. u: Elliptic curve point selected uniformly at random from G2. y: Elliptic curve point in G2, computed as h_cap^x, where x is from the issuer's secret revocation key. ``` -------------------------------- ### AnonCreds API Philosophy and Styles Source: https://github.com/hyperledger/anoncreds-spec/wiki/WG-2022-10-10 This section is intended to cover the philosophy behind the AnonCreds API and discuss preferred styles for its implementation. It will guide developers on how to interact with and contribute to AnonCreds. ```APIDOC AnonCreds API Philosophy: - Focus on interoperability and adherence to W3C standards. - Prioritize security and privacy by design. - Maintain a clear and consistent interface for issuers, holders, and verifiers. AnonCreds API Styles: - Use clear and descriptive naming conventions for functions and parameters. - Document all methods, parameters, return values, and potential errors. - Provide examples for common use cases. ``` -------------------------------- ### AnonCreds Specification - Pseudo-code Walkthrough Guidance Source: https://github.com/hyperledger/anoncreds-spec/wiki/WG-2022-05-02 Guidance on providing pseudo-code walkthroughs for AnonCreds functionalities, including linking to source academic papers and highlighting implementation-specific decisions. ```APIDOC Pseudo-code Walkthroughs: - Provide a pseudo-code walkthrough for key functionalities. - Include links to relevant source academic papers. - Clearly indicate specific decisions made in AnonCreds that are left to implementation in academic papers. - Examples: 'generate creddef', 'verify proof'. ``` -------------------------------- ### AnonCreds Project Migration Checklist Source: https://github.com/hyperledger/anoncreds-spec/wiki/WG-2022-10-31 This snippet references a checklist for establishing the AnonCreds project within Hyperledger. It outlines key tasks such as moving repositories, updating references, and creating project-specific pages. ```markdown [Checklist](https://wiki.hyperledger.org/display/CA/Hyperledger+AnonCreds+New+Project+Checklist) ``` -------------------------------- ### Revocation Mechanisms Discussion Source: https://github.com/hyperledger/anoncreds-spec/wiki/WG-2022-09-05 Links to resources discussing revocation mechanisms for AnonCreds, including zk-SAM. ```markdown https://docs.google.com/presentation/d/10dGC-qKU7XT2WRd_wTxK82u0FmvjJrfdXwFEiWGauE4/edit?usp=sharing ``` -------------------------------- ### AnonCreds To-Dos and Next Steps Source: https://github.com/hyperledger/anoncreds-spec/wiki/WG-2022-08-01 List of remaining tasks for the AnonCreds specification, including credential definition generation, revocation data, and security considerations. ```APIDOC Remaining Tasks: - Cred Def Generation + PRIVATE_CRED_DEF (non-revocation and revocation). - Revocation data elements definition. - Security and Privacy: First cut by @hkny. - Normative/Non-normative references: Collect and compile by @ale-linux. ``` -------------------------------- ### AnonCreds Presentation Data Flow Diagram Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_presentation_overview.md Sequence diagram illustrating the steps involved in the AnonCreds presentation data flow, from request creation to verification. ```mermaid sequenceDiagram autonumber participant L as Verifiable
Data Registry participant SP as Schema Publisher participant I as Issuer participant H as Holder participant V as Verifier Note over L, V: AnonCreds Presentation Data Flow V->>V: Create presentation request V->>H: Send presentation request H->>H: Select credentials to satisfy the presentation request H->>L: If necessary: Request revocation entries L->>H: Return revocation entries H->>H: Generate presentation H->>V: Send presentation V->>L: Request credential definitions, revocation entries L->>V: Return credential definitions, revocation entries V->>V: Verify presentation ``` -------------------------------- ### AnonCreds Specification Action Items Source: https://github.com/hyperledger/anoncreds-spec/wiki/WG-2022-10-03 This section lists outstanding tasks and action items for the AnonCreds specification, including reviewing issuing and presentation sections, formalizing the abstract API, defining credential definition generation, and collecting references. ```APIDOC AnonCredsActionItems: todos: - Review Issuing and Presentation sections to exclude Legacy Indy impacts. - Formalize the Abstract API for writing/reading published objects. - Cred Def Generation + PRIVATE_CRED_DEF (non-revocation, plus revocation). - Revocation data elements definition. - Normative/Non-normative references collection. references_to_collect: - Documents mentioned under action items. - Previous meeting notes. assigned_tasks: - '@ale-linux to do a first cut of normative/non-normative references.' ``` -------------------------------- ### Credential Selection Logic Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_presentation_create_presentation.md Explains the logic for selecting credentials when multiple source credentials satisfy the presentation request's restrictions. ```APIDOC Credential Selection: - If multiple credentials satisfy `restrictions`, the holder software may: - Select one by default (e.g., most recently issued, non-revoked). - Invoke a user interface for manual selection. ``` -------------------------------- ### AnonCreds Presentation Data Flow Source: https://github.com/hyperledger/anoncreds-spec/blob/main/spec/data_flow_presentation_create_presentation.md Outlines the steps involved in the AnonCreds Presentation Data Flow, specifically focusing on the holder's role in collecting information and creating a verifiable presentation. ```APIDOC Presentation Data Flow Steps: 1. Holder receives Presentation Request from Verifier. 2. Holder collects required information to create a Verifiable Presentation. 3. Holder satisfies each attribute and predicate in the Presentation Request with a source credential. 4. Holder may use the same source credential for multiple attributes/predicates. 5. Holder may share multiple claims from a source credential if specified by `names`. 6. If no `restrictions` are specified, Holder may use self-attested attributes. 7. If credentials are revocable, Holder must provide Non-Revocation Proofs (NRPs). ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.