Dock implements BBS as the default signature algorithm in the Anonymous Credentials format

Technology standards are always changing, and it can be expensive for products to keep up. The rate of change is even faster for new technologies with emerging standards, such as the standards for verifiable credentials that are used to create reusable digital identities. Our customers don’t have to worry because our APIs hide the changes in the underlying credential standards. During the April 2024 Internet Identity Workshop, Kazue Sako from Waseda University provided an update on recent developments in BBS cryptography which serves as a good example of the complexity hidden by our products.

Dock’s Anonymous Credentials use an advanced cryptographic signature algorithm that was invented in 2004 and is known as BBS. BBS signatures support advanced privacy capabilities like unlinkable selective disclosure, while also being faster and smaller than other signature algorithms with similar capabilities. However, when BBS was originally proposed no one knew how to mathematically prove the security of the algorithm. Various modifications were made to BBS signatures to make it easier to prove their correctness, and in 2016 a version of the algorithm called BBS+ proved to be efficient enough to be widely used in verifiable credentials. We used BBS+ signatures when we first implemented our Anonymous Credentials format.

A paper published in 2023 includes a proof for the original BBS algorithm while also proposing some efficiency improvements compared to the BBS+ approach to verification of signatures with selective disclosure. Now that BBS signatures are known to be correct, we can use them instead of the BBS+ variant and benefit from the reduced computation requirements. The 2023 variant of BBS replaced BBS+ as the target of standardization at the IETF. We implemented support for BBS2023 last fall, and recently made it the default signature algorithm in the Anonymous Credentials format. This change is transparent to our customers who now use the best version of the algorithm when issuing new credentials while we also ensure that existing credentials remain verifiable.

As you follow our release notes and roadmap updates, you’ll see additional examples of how we track the evolution of identity technologies so that our customers don’t have to.