Closed msporny closed 11 months ago
@Wind4Greg wrote:
I would be happy to contribute text as this moves forward.
Yes, please. Your analysis is spot on and I agree that we'll need to refactor the way this is presented to be more readable (and the way you suggest makes sense to me). This stuff was originally authored to build up from the basic functions to the final/complete ones... but yes, going top-down instead of bottom-up might be easier.
Your summary of how it works is also good, we should highlight that. I struggled with where to put that information because it's fairly general to just about any suite that takes this approach (BBS being the other one that could benefit from the low level functions). Yes, it would be good to point out that this is a fairly boring / straightforward approach vs. a Merkle-based approach (which we should also support in time as it has a different set of advantages).
skolemize is a term of art in the RDF community (not that that is an excuse, we should pick more accessible terminology if possible):
In any case, thanks for the review and for volunteering to make it better. We'll need that help to make the algorithm more accessible.
Went through the functionality again trying to extract the key mechanisms with a bit of a cryptographic/security bias. This could lead to informative overview text that would also help in cryptographic review. The first four groupings of mechanisms could also apply to BBS.
The HMAC key should be unique per signature and is included as part of the signature, i.e., is not kept private.
Note: It is not kept private from the holder, but it is kept private from the verifier, such that the verifier could not use it to brute-force attempt to reproduce the original order (with this being feasible when the possible elided (not disclosed) values is a small enough set).
Thanks Dave. I missed that important item!
Normative, multiple reviews, changes requested and made, no objections, merging.
This PR adds the ecdsa-sd-2023 cryptosuite to the ECDSA Cryptosuites specification. This cryptographic suite was introduced to the W3C CCG and VCWG here:
https://lists.w3.org/Archives/Public/public-credentials/2023May/0104.html
A presentation providing a background on the cryptosuite is available here:
https://docs.google.com/presentation/d/1d-04kIWhPuNscsAyUuRH3pduqrNerhigCWahKe6SNos/edit#
A complete open source implementation, with complete API documentation, exists here (with more implementations on the way):
https://github.com/digitalbazaar/ecdsa-sd-2023-cryptosuite
This PR is raised as a result of stated support by W3C Members in this group, three global standards organizations (two of whom are members of the VCWG), and a number of implementers: https://lists.w3.org/Archives/Public/public-vc-wg/2023Jul/0015.html
The cryptosuite is marked as "at risk" and may be removed from the specification if there are not enough implementations demonstrated during the Candidate Recommendation phase or if there is consensus to remove it from the specification for technical reasons before the Recommendation phase.
Preview | Diff