Skip to content
BaseID Docs

baseid-revocation

Credential revocation with two backends — a simple bitstring status list for basic use cases, and a cryptographic accumulator for privacy-preserving non-revocation proofs.

BitstringStatusList

Section titled “BitstringStatusList”

W3C-compatible bitstring revocation list. Each credential is assigned an index in the list.

use baseid_revocation::BitstringStatusList;


let mut sl = BitstringStatusList::new("urn:status:1", "revocation", 10_000);


// Revoke a credential
sl.set_status(42, true)?;
assert!(sl.get_status(42)?);


// Check available slots
let next = sl.next_index(); // Some(0)

Cryptographic Accumulator

Section titled “Cryptographic Accumulator”

Hash-based accumulator for privacy-preserving revocation. Holders can prove their credential has NOT been revoked without revealing which credential they hold.

use baseid_revocation::{Accumulator, NonRevocationWitness};


let mut acc = Accumulator::new();


// Generate witness for non-revoked credential
let witness = acc.witness(credential_index)?;


// Revoke a different credential
acc.revoke(other_index);


// Witness for non-revoked credential still works (after refresh)
let fresh_witness = acc.witness(credential_index)?;
assert!(acc.verify_witness(&fresh_witness));

Integration with BBS+

Section titled “Integration with BBS+”

The accumulator integrates with BBS+ predicates via PredicateType::NonRevoked:

let disclosure = DisclosureSelection::new()
    .reveal("name")
    .predicate("revocation", PredicateType::NonRevoked);

Key Types

Section titled “Key Types”
TypeDescription
BitstringStatusListSimple index-based revocation list
AccumulatorHash-based cryptographic accumulator
NonRevocationWitnessProof of non-membership in revoked set