Research on BBS+ Signature scheme

[Vishwas1]

• https://www.youtube.com/watch?v=hXxQqQLBVZ8&t=2s
• https://www.youtube.com/watch?v=AVnCVzW0rkI
• https://www.youtube.com/results?search_query=bbs+signature
• https://w3c-ccg.github.io/ldp-bbs2020/
• https://academy.affinidi.com/deciphering-bbs-signatures-e853bbf437bf
• https://docs.modernising.opg.service.justice.gov.uk/research-development/articles/verifiable-credentials-bbs/
• https://opensourcelibs.com/lib/bbs-signatures
• https://www.lfph.io/wp-content/uploads/2021/02/Verifiable-Credentials-Flavors-Explained.pdf
• https://docs.modernising.opg.service.justice.gov.uk/research-development/articles/verifiable-credentials-bbs/

[Vishwas1]

Traditional Digital Signatures

Traditional digital signatures look a bit like this. You have a message and a keypair (private and public key) which you use to produce a digital signature on the data. By having the message, public key, and the signature; verifiers are able to evaluate whether the signature is valid or not,

BBS+ or Multi messsage signature

Multi-message digital signature schemes (like BBS+), on the other hand, are able to sign an array of messages, rather than a single message over which the entire digital signature is applied.

In the context of verifiable credentials, each message corresponds to a claim in the credential.

In addition to the simple ability to sign and verify a set of messages, multi-message digital signatures have the added capability of being able to derive a proof of the digital signature.

In the context of verifiable credentials, the entity deriving the proof is the credential subject or holder. This process allows you to select which messages you wish to disclose in the proof and which messages you want to keep hidden.

The derived proof indicates to the verifier that you know all of the messages that have been signed, but that you are only electing to disclose a subset of these messages.

The verifier, or the entity with which you’re sharing the data, is only able to see the messages or credential claims which you have selectively disclosed to them. They are still able to verify the integrity of the messages being signed, as well as establish the authenticity of the issuer that originally signed the messages. This provides a number of privacy guarantees to the data subject because relying parties are only evaluating the proof of the signature rather than the signature itself.