Verifying VCs

The VC verification process also typically involves three actors:

1. Holder: The individual presenting the VC (user within the SSI ecosystem).

2. Verifier: An entity requiring proof of certain attributes from the holder (e.g., service provider, website).

3. Issuer (Optional): In some cases, the verifier might need to interact with the issuer of the VC for additional validation.

Breakdown of the VC verification process:

1. Presentation Request: The verifier specifies the attributes they need to verify from the holder's VC (e.g., proof of age over 21).

2. VC Presentation: The holder selects the appropriate VC from their wallet and presents it to the verifier. afj facilitates secure communication during this exchange.

3. ZK Proof with AnonCreds:

   • The holder, using AnonCreds techniques, generates a ZKP that proves possession of the requested attributes (e.g., being over 21) without revealing the actual values.

   • Hyperledger Indy's cryptography ensures the validity of the ZKP, guaranteeing it wasn't tampered with.

4. VC Verification with AnonCreds:

   • The verifier utilizes the VC and the received ZKP to verify the authenticity and validity of the presented credential.

   • AnonCreds allow verification without learning the specific attribute values, protecting user privacy.

5. (Optional) Issuer Verification: In some cases, the verifier might need to connect with the issuer (using afj) to confirm the legitimacy of the VC schema and the issuer's identity.

Security Standards and Best Practices:

Our solution adheres to several security standards and best practices to ensure the integrity and privacy of the VC verification process:

• Digital Signature Verification: All VCs are cryptographically signed by the issuer, allowing the verifier to confirm their authenticity using standard cryptographic techniques.

• DIDComm for Secure Communication: afj leverages DIDComm protocols for secure and encrypted communication between actors during VC presentation and verification.

• Revocation Checking (Optional): The solution can optionally integrate with revocation registries to verify that the presented VC hasn't been revoked by the issuer.

• Minimum Disclosure Principle: The verifier should only request the minimum attributes necessary for the specific interaction, minimizing the data disclosed by the holder.

Advantages of our VC Verification:

• Enhanced User Privacy: ZKPs with AnonCreds empower users to prove they meet specific criteria without revealing the underlying data. This protects user privacy while enabling verifiers to conduct necessary checks.

• Improved Security: Hyperledger Indy's cryptography ensures the authenticity and integrity of VCs and ZKPs, preventing fraud or manipulation attempts.

• Efficient Verification: ZKPs allow for efficient verification without requiring the verifier to access the entire VC content, reducing processing overhead.

Overall, by using ZKPs, AnonCreds and our SSI infrastructure, we foster a secure and privacy-preserving approach to VC verification. Users retain control over their data, verifiers can efficiently confirm user attributes and the overall ecosystem benefits from strong security standards & best practices.