Multi-Signature Verifiable Credentials and Conditional Proofs

Rebal and Jack from the Tonomy Foundation

Tonomy Foundation

Agenda

1. What we have done
2. Why is this important
3. Conditional Proofs W3C spec
1. Antelope DID and other DID methods
4. Decision to use did-jwt library
5. did-jwt changes
• Nested JWTs
• New did-jwt recursive architecture
6. Implementation characteristics
7. What’s next

Tonomy Foundation

What we have done

Implemented support of W3C CCG Conditional Proof standard

into the DIF did-jwt, did-jwt-vc and did-resolver libraries

​

Supports smart signatures

• Multisignature (1 of N, M of N, M of weighted N)
• Delegated signatures
• Relationships
• Combinations of the above

Tonomy Foundation

Why is this important

Verifiable Credentials now support

• Multisignature (1 of N, M of N, M of weighted N)
• Delegated signatures
• Relationships
• Combinations of the above

What can this be used for?

• MFA
• Multi-device support
• Multi-party signatures
• multiple people approve a document
• Multiple people approve a new board member based on their shares/assets
• Delegated authorizations
• A person in a company/DAO authorizes a document on behalf of the company
• People authorize a document on behalf of several companies

Tonomy Foundation

Decision to use did-jwt library

https://github.com/Tonomy-Foundation/Antelope-SSI-Toolkit/issues/17#issuecomment-1263319391

Tonomy Foundation

Conditional Proofs W3C spec

https://github.com/w3c-ccg/verifiable-conditions

Implementations:

• antelope-did-resolver
• did-jwt

Tonomy Foundation

Tonomy Foundation

Tonomy Foundation

Tonomy Foundation

Nested JWTs

Tonomy Foundation

did-jwt architecture change

Tonomy Foundation

Implementation characteristics

• using did-jwt
• DID, VC and JWT standard compliant
• Can be used for JSON-LD proofs as well with the JWS proof
• Smart Signatures (https://youtu.be/E9sbWKbfyJU?t=452)
• Composable using recursive conditions (part of the standard)
• Inspectable
• Provable
• Deterministic
• Bounded by limiting recursion or time bounding
• Efficient?

Tonomy Foundation

What’s next

did-jwt(-vc)(-resolver)

• Run unit tests�https://github.com/Tonomy-Foundation/Antelope-SSI-Toolkit/blob/master/test/did-jwt-vc.test.ts
• Review changes to upstream�https://github.com/Tonomy-Foundation/did-resolver/pull/4/files (Verification Method type)�https://github.com/Tonomy-Foundation/did-jwt/pull/6/files (architecture)�https://github.com/Tonomy-Foundation/did-jwt-vc/pull/4/files (createVerifiableCredentialJwt())
• Move unit tests to did-jwt(-vc) repositories
• How to represent the Conditional Proof DID method? Currently we use Antelope DID resolver
• Merge to upstream DIF repos
• Add signature asynchronously

Conditional proof

• CCG to update name and merge PR�https://github.com/w3c-ccg/verifiable-conditions
• Further adoption: JSON-LD library and DID-comm

Tonomy Foundation