Open rghiorghisor opened 3 months ago
Hi, @OR13. Would you be able to advise here, please?
I don't recommend using any form of data integrity proofs.
I recommend ES256 mandatory, EdDSAEd25519 optional, for JWT, SD-JWT, and COSE.
Thank you for the input @OR13! What would be the concerns in using embedded proofs? Me, myself I don't have a bias towards or against any of embedded or enveloping proofs. The embedded ones seem a little bit more natural, but that's neither here or there.
The C2PA specification denotes which cryptographic primitives are allowed at their level. There is the question whether CAWG needs to be a superset/subset/equivalent to their requirements to simplify things for implementors. https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_cryptography. At this time, the C2PA list is a superset of this list. However, it should be noted that the C2PA specification states, "Ed25519 instance only. No other EdDSA instances are allowed." Therefore, there could potentially be a divergence in the future.
Are there any cryptographic suites recommendations? And if not should there be?
Both VC issuers and VC verifies need to be able to implement the crypto algorithms correctly, and making recommendations might help. In order to clarify this, I've added more details below about cryptographic suites and a pending implementation question regarding alternatives, that is "How/What canonicalization algorithm to be used?"
W3C Verifiable Credentials and proofs
The W3C Verifiable Credentials specification does not concern itself with details about the implementation of proofs but makes references to the specifications that do so:
What are Cryptographic Suites?
According to the above 3. "Cryptographic Suites" section of Verifiable Credential Data Integrity 1.0, a cryptographic suite is the entity that specifies how proofs can be created and verified by implementers, and knowing the suite's name must be enough for developers to initiate the creation or verification process.
In the 1.1 "How it works" section of the same specification, the following workflows are depicted for proof creation and validation respectively
Therefor, besides many more, a cryptographic suites's specification needs to answer at least the following questions:
Alternatives
A cryptographic suite specifies 3 algorithms. If the Hashing (digest algorithm) and Proof Verification (signature algorithm) are standard, the Transformation (JSON/JSON-LD canonicalization algorithm) is somewhat on shaky ground.
Example
Let's compare these two:
The question on which one to use stems from the transformation algorithm they use and how will this be received by W3C Verifiable Credentials verifiers.
From their specifications, the following algorithms must be used:
As it can be seen above, the only difference is the canonicalization algorithm, i.e the algorithm that handles the normalization of the JSON document to look the same for all involved entities (signer and verifier). A small analysis of both of them:
Please also note, that the challenges that come with choosing the cryptographic suite concern both VC issuers, but also any verifier that needs to validate VCs, thus adoption must also be considered.
The 5.10 "Canonicalization Method Security" section of Verifiable Credential Data Integrity 1.0 is vague about the choice:
Conclusion & Questions
The following questions need answering:
Additional notes