Selective Disclosure and Unlinkability, or Disassociability are privacy and consent oriented features of digital credential formats.
In order to support these features, claims need to be structured or transformed so that cryptographic envelopes can be applied. Digital credential formats make tradeoffs between size and compute, and also issuance vs presentation.
This document is meant to give a general sense of these trade offs. The implementations under test here have not been optimized for performance and are implemented in javascript.
In order to compare approaches, we need to generate examples that can be tested via both Data Integrity Proofs and Selective Disclosure JSON Web Tokens.
We accomplish this by iteratively extending the internationalization examples in the W3C Verifiable Credentials Specification.
Data Integrity Proofs and SD-JWT take different approaches to disclosure, which impact performance and security. These implementation details impact performance, but are not necessarily required by the specifications. Data Integrity Proofs require mandatory to disclose fields to be marked with JSON Pointer. SD-JWTs require optional to disclose fields to be marked with YAML tags.
We then average the execution time of issuance, and compare growth of issuance time for the credential formats to the number of names.
See these examples generated for the length 5, to understand the approach taken:
As a general rule, both approaches performance degrades as the size of the input grows.
Data Integrity Proofs take a strict validation approach at the time of issuance by performing addition syntax and semantics checks to ensure RDF compatibility.
SD-JWT treats the claimset as a JSON object, and does not apply any semantic or syntax checks beyond the basics required to ensure valid JSON.
It's important to note that in the case verification succeeds, the verifier learns the same information, assuming that JSON-LD contexts are immutable.