baseid-bbs
BBS+ signatures enable privacy-preserving credential presentation — a holder can selectively reveal specific claims from a credential while keeping others hidden, and different presentations of the same credential cannot be correlated by colluding verifiers.
Key Features
Section titled “Key Features”- Unlinkable selective disclosure — reveal only the claims needed, keep the rest hidden
- Zero-knowledge predicates — prove “age > 18” without revealing the actual age
- Constant-size signatures — one 80-byte BBS+ signature covers any number of claims
- Derived proofs — each presentation produces unique proof bytes (unlinkable)
- IETF-aligned — implements draft-irtf-cfrg-bbs-signatures using BLS12-381
Quick Start
Section titled “Quick Start”use baseid_bbs::{BbsKeyPair, BbsLifecycle};use baseid_core::claims::{ClaimSet, DisclosureSelection, PredicateType};use baseid_core::lifecycle::*;use serde_json::json;
// Generate BBS+ key pair (BLS12-381 G2)let key_pair = BbsKeyPair::generate()?;let lifecycle = BbsLifecycle::new(key_pair);
// Issue a credential with multiple claimslet mut claims = ClaimSet::new();claims.insert("", "given_name", json!("Alice"));claims.insert("", "family_name", json!("Smith"));claims.insert("", "age", json!(25));claims.insert("", "nationality", json!("Canadian"));
let issued = lifecycle.issue( "did:key:issuer", Some("did:key:holder"), &claims, &IssuanceOptions::default(),)?;
// Present with selective disclosurelet disclosure = DisclosureSelection::new() .reveal("given_name") // Verifier sees: "Alice" .reveal("family_name") // Verifier sees: "Smith" .predicate("age", PredicateType::GreaterThan(json!(18))) // Proves age > 18 .hide("nationality"); // Hidden from verifier
let presented = lifecycle.present( &issued.data, &disclosure, &PresentationOptions::default(),)?;
assert!(presented.unlinkable); // Presentations cannot be correlated
// Verify the derived prooflet outcome = baseid_bbs::verify_derived_proof(&presented.data)?;assert!(outcome.valid);assert!(outcome.unlinkable);How It Works
Section titled “How It Works”Credential Issuance
Section titled “Credential Issuance”Each claim in the credential becomes a separate BBS+ “message”. The issuer signs all messages together with a single constant-size signature. The holder receives the signed credential.
Selective Disclosure
Section titled “Selective Disclosure”When presenting, the holder creates a derived proof that:
- Proves they possess a valid signature over all messages
- Reveals only the messages (claims) they choose
- Produces unique proof bytes each time (unlinkable)
The verifier learns only the disclosed claims — they cannot determine the values of hidden claims, and cannot correlate presentations from the same credential.
Predicates
Section titled “Predicates”For claims marked with ClaimDisclosure::Predicate, the holder can prove properties about hidden values:
| Predicate | Example | What Verifier Learns |
|---|---|---|
GreaterThan(18) | age > 18 | The age is over 18 (not the actual age) |
LessThan("2008-03-01") | born before date | Under a certain age |
InSet(["CA", "US"]) | nationality ∈ set | Nationality is one of CA or US |
NonRevoked | not revoked | Credential hasn’t been revoked |
Key Types
Section titled “Key Types”| Type | Description |
|---|---|
BbsKeyPair | BLS12-381 G2 key pair for BBS+ signing |
BbsCredential | Signed credential with ordered claim messages |
BbsDerivedProof | Zero-knowledge proof with disclosed claims |
BbsLifecycle | Implements CredentialIssuer, CredentialVerifier, CredentialPresenter |
BbsClaim | Individual claim (namespace, name, value) |
Credential Format
Section titled “Credential Format”BBS+ credentials use CredentialFormat::Bbs and SignatureAlgorithm::BbsPlus with KeyType::Bls12381G2.
Related Crates
Section titled “Related Crates”baseid-revocation— Privacy-preserving revocation (accumulators)baseid-core— Lifecycle traits, claim types, predicatesbaseid-crypto— ZK proof traits (MultiMessageSigner,ProofDeriver,ProofVerifier)