Guardian is a policy engine that links together tokenized digital environmental assets like carbon offsets, emissions, & RECs (Renewable Energy Certificates) to the physical reporting, identity, and documentary data that substantiates their creation.

Guardian uses the W3C standards of Decentralized Identifiers (DIDs), Verifiable Credentials (VCs) and Verifiable Presentations (VPs) in order to capture digitally signed documents that are stored on the decentralized InterPlanetary File System (IPFS).

Guardian uses VCs & VPs for a variety of data types - particularly:

• Monitoring, Reporting & Verification (MRV) data capturing the actual carbon reduction, removals or renewable energy generation.

• The policies that digitize the methodology. In this context of carbon debits & credits, a methodology is a framework document that defines the rules governing the MRV and the criteria for minting tokens corresponding to that MRV.

The current Guardian model publishes MRV data as a VC and creates a corresponding VP a priori from that VC and stores the VP on IPFS. The VP (and the VC within) can be retrieved from IPFS at any time and are, by default, unencrypted.

While this default transparency enables easy validation of provenance chains - it may not be acceptable to all enterprises considering using Guardian to track emissions of their manufacturing processes. While a business may recognize the need to be fully transparent about the amount of CO2 emissions associated with their business processes, they may wish to keep some details of those processes less than fully public to protect associated intellectual property and confidentiality.

Separately, confidentiality may be required to protect an individual’s information. For instance, a homeowner that installed solar panels may not want their street address public, but recognize that the approximate location is important for assessing the credibility of energy production.

This sort of confidentiality can be challenging to reconcile with the desired transparency and composability and the fundamental choice of using a public Distributed Ledger Technology (DLT), like Hedera, to track the provenance of Environmental, Social, and Governance (ESG) assets.

This blog presents a model for selective disclosure based on Zero Knowledge cryptography for the Guardian that is expected to provide the necessary balance.

Zero Knowledge Proofs & Verifiable Credentials

Zero Knowledge Proofs (ZKP) refer to cryptographic mechanisms by which an actor is able to prove knowledge of some fact without needing to disclose that fact.

ZKP can potentially enable confidentiality in a less black/white manner than basic encryption.

Zero Knowledge proofs can be differentiated by whether they support

• Selective Disclosure, e.g. if a credential includes claims of both country & city, share only the country claim to a particular verifier. The trick of ZKP is that sharing only particular claims does not invalidate the signature originally calculated over all of the claims

• Predicates, e.g. if a credential includes a claim of precise latitude/longitude, prove the project is within a wider region.

When applied to Verifiable Credentials (VCs) for human subjects, ZKP typically manifests as

1. A VC is issued, signed with a ZK enabling signature scheme

2. The VC is stored by the subject in their wallet as a Holder.

3. Later, a Verifier asks the Subject for certain claims/predicates.

4. A Verifiable Presentation (VP) is created and shared with the Verifier that proves the Holder is the Subject, and has particular claims within the VC signed by a trusted Issuer, but does not disclose all claims in the VC itself.

If the Holder were to subsequently interact with a different Verifier, those two would perform the same steps #3-4 above , and the VP created would be unique to the second Verifier.

Selective Disclosure via BBS

BBS Signatures are a kind of multi-message digital signature. Normally a private key from a key pair (private and public key) is used to sign a message, however the signature is on the entire message and thus we cannot share only a piece of the message and prove its authenticity because doing so would not allow the signature to be verified. And without the signature being verified, the party to whom the message is sent has no way of knowing its authenticity.

Multi-message systems allow a message signed with a private key to be broken into smaller attributes to be shared and verified without necessarily divulging the originally signed object.

Consequently, when a VC contains multiple attributes , if the VC is signed with BBS then a VP can be created with only a subset of those attributes, and yet nevertheless a Verifier can validate the signature, and be confident that the VP is derived from an authentic VC issued by the original signer - even without seeing that VC.

By introducing BBS signatures (BBS+ Signatures 2020) to the Verifiable Credential documents generated by Guardian, Verifiable Presentations can be publicly published with selective properties, whilst maintaining the ability to respond to requests suitably authorized to reveal further information contained in the VC.

The model is represented in the diagram below:

As a pre-condition, a Guardian admin uses the UI (or APIs) to define selective disclosure rules for either a project or MRV data. They are able to stipulate that certain data (Claims C & G) should not be disclosed to the public, but instead shared only with requestors with specific roles or identity attributes.

The Guardian issues two VCs. The VCs contain both public attributes (A,B, E, F) and those deemed to be shared only with qualified entities such as an auditor (C,G). The public VP is derived from the VC carrying only the public attributes and published to IPFS. Somewhat separate from the Selective Disclosure flow, the VCs are also encrypted and sent to IPFS in support of future backup.

A Verifier, such as an auditor, upon viewing the public VP is made aware that there are additional other attributes not disclosed in the public VP that they may have the authorization to request. They compose a request for those other attributes, and include their own qualifications (itself a VC presented by a VP). The Guardian Presentation Exchange verifies the auditors qualifications, retrieves the relevant access control policy for the private attributes, and returns a new dynamic VP with the appropriate attributes if the access is approved.

Not shown is that the request & response can happen asynchronously via HCS and HFS (or IPFS) messaging to a known HCS topic.

Summary

Transparency is a fundamental tenet of DLTs; and is particularly critical for sustainability assets. A buyer of a token representing carbon reduction of green energy production must be able to assess the provenance chain for that token, and analyze the credibility of the participants & projects that caused the token to be minted; but not every party looking at the chain needs to see all the information. The Guardian’s Selective Disclosure mechanism uses Zero Knowledge Proofs to provide a middle ground where the full details can be made available to appropriate authorized actors, while still giving the public sufficient information to be confident of the authenticity of that chain.

We'd like to thank Tom Baumann for review and feedback for this piece and his leadership in the adoption of web3 technologies in the fight against climate change.