Guardian is a policy engine that links together tokenized digital environmental assets like carbon offsets, emissions, & RECs (Renewable Energy Certificates) to the physical reporting, identity, and documentary data that substantiates their creation.
Guardian uses the W3C standards of Decentralized Identifiers (DIDs), Verifiable Credentials (VCs) and Verifiable Presentations (VPs) in order to capture digitally signed documents that are stored on the decentralized InterPlanetary File System (IPFS).
Guardian uses VCs & VPs for a variety of data types - particularly:
Monitoring, Reporting & Verification (MRV) data capturing the actual carbon reduction, removals or renewable energy generation.
The policies that digitize the methodology. In this context of carbon debits & credits, a methodology is a framework document that defines the rules governing the MRV and the criteria for minting tokens corresponding to that MRV.
The current Guardian model publishes MRV data as a VC and creates a corresponding VP a priori from that VC and stores the VP on IPFS. The VP (and the VC within) can be retrieved from IPFS at any time and are, by default, unencrypted.
While this default transparency enables easy validation of provenance chains - it may not be acceptable to all enterprises considering using Guardian to track emissions of their manufacturing processes. While a business may recognize the need to be fully transparent about the amount of CO2 emissions associated with their business processes, they may wish to keep some details of those processes less than fully public to protect associated intellectual property and confidentiality.
Separately, confidentiality may be required to protect an individual’s information. For instance, a homeowner that installed solar panels may not want their street address public, but recognize that the approximate location is important for assessing the credibility of energy production.
This sort of confidentiality can be challenging to reconcile with the desired transparency and composability and the fundamental choice of using a public Distributed Ledger Technology (DLT), like Hedera, to track the provenance of Environmental, Social, and Governance (ESG) assets.
This blog presents a model for selective disclosure based on Zero Knowledge cryptography for the Guardian that is expected to provide the necessary balance.
Zero Knowledge Proofs & Verifiable Credentials
Zero Knowledge Proofs (ZKP) refer to cryptographic mechanisms by which an actor is able to prove knowledge of some fact without needing to disclose that fact.
ZKP can potentially enable confidentiality in a less black/white manner than basic encryption.
Zero Knowledge proofs can be differentiated by whether they support
Selective Disclosure, e.g. if a credential includes claims of both country & city, share only the country claim to a particular verifier. The trick of ZKP is that sharing only particular claims does not invalidate the signature originally calculated over all of the claims
Predicates, e.g. if a credential includes a claim of precise latitude/longitude, prove the project is within a wider region.
When applied to Verifiable Credentials (VCs) for human subjects, ZKP typically manifests as
A VC is issued, signed with a ZK enabling signature scheme
The VC is stored by the subject in their wallet as a Holder.
Later, a Verifier asks the Subject for certain claims/predicates.
A Verifiable Presentation (VP) is created and shared with the Verifier that proves the Holder is the Subject, and has particular claims within the VC signed by a trusted Issuer, but does not disclose all claims in the VC itself.
If the Holder were to subsequently interact with a different Verifier, those two would perform the same steps #3-4 above , and the VP created would be unique to the second Verifier.
Selective Disclosure via BBS
BBS Signatures are a kind of multi-message digital signature. Normally a private key from a key pair (private and public key) is used to sign a message, however the signature is on the entire message and thus we cannot share only a piece of the message and prove its authenticity because doing so would not allow the signature to be verified. And without the signature being verified, the party to whom the message is sent has no way of knowing its authenticity.
Multi-message systems allow a message signed with a private key to be broken into smaller attributes to be shared and verified without necessarily divulging the originally signed object.
Consequently, when a VC contains multiple attributes , if the VC is signed with BBS then a VP can be created with only a subset of those attributes, and yet nevertheless a Verifier can validate the signature, and be confident that the VP is derived from an authentic VC issued by the original signer - even without seeing that VC.
By introducing BBS signatures (BBS+ Signatures 2020) to the Verifiable Credential documents generated by Guardian, Verifiable Presentations can be publicly published with selective properties, whilst maintaining the ability to respond to requests suitably authorized to reveal further information contained in the VC.
The model is represented in the diagram below: