The credential request contains prover_did, while anoncreds does not use DIDs for credential issuance. As in the specification, the entropy is used to add randomness in credential signature generation, and receiving this value from prover does not add any direct security enhancements.
Supporting links:
If backward compatibility with Indy is not a requirement, we can add entropy generation with the issuer. This also eliminates the confusion of prover_did and entropy being used for the same purpose in signatures (to add randomness).
The current structure of a credential request is:
The credential request contains
prover_did
, while anoncreds does not use DIDs for credential issuance. As in the specification, the entropy is used to add randomness in credential signature generation, and receiving this value from prover does not add any direct security enhancements. Supporting links:Proposed solution
If backward compatibility with Indy is not a requirement, we can add entropy generation with the issuer. This also eliminates the confusion of
prover_did
andentropy
being used for the same purpose in signatures (to add randomness).