Issue a ZKP-enabled JSON-LD Credential

Introduction

This guide will demonstrate how to create a ZKP-enabled credential.

Check out the video:

We use the Privacy Enhanced Mode for embedded Youtube videos.

Prerequisites

You need access to the MATTR Platform APIs. If you’re experiencing any difficulties, contact us.

In order to create a credential, you will need the following information:

  • Subject DID
  • Credential type
  • JSON-LD claim names as defined by schema.org
  • Claim values

Create a DID

In order to create a ZKP-enabled credential you first need to create an Issuer DID with a bls12381g2 key type, which supports BBS+ signatures for issuing ZKP-enabled credentials.

Request

Set the keyType in the options to bls12381g2 in order to create a DID with a BLS key type.

{
"method": "key"
"options": {
"keyType": "bls12381g2"
}
}

Response

  • The resulting DID resides in the did attribute.
  • did:key DIDs will always have a registrationStatus of COMPLETED as they are not stored in any external registry such as a ledger and are instantly available to be used and resolved
{
"did": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v",
"registrationStatus": "COMPLETED",
"localMetadata": {
"keys": [
{
"didDocumentKeyId": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v",
"kmsKeyId": "25voPUCTSWXcDLCZNfZeTWuNaDcM3KgQZqwkvuY1s2GNGJ3tJ3UubY8uFR4X8Ykhdb2xTnXkGffugi9rHsM4A3J5FRPCyoAh4ZrdcCWUSEj29pGahY1cUA7uR1ns52JeZBQc"
}
],
"registered": 1600918030673,
"initialDidDocument": {
"@context": "https://w3.org/ns/did/v1",
"id": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v",
"publicKey": [
{
"id": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v",
"type": "Bls12381G2Key2020",
"controller": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v",
"publicKeyBase58": "25voPUCTSWXcDLCZNfZeTWuNaDcM3KgQZqwkvuY1s2GNGJ3tJ3UubY8uFR4X8Ykhdb2xTnXkGffugi9rHsM4A3J5FRPCyoAh4ZrdcCWUSEj29pGahY1cUA7uR1ns52JeZBQc"
}
],
"authentication": [
"did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v"
],
"assertionMethod": [
"did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v"
],
"capabilityDelegation": [
"did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v"
],
"capabilityInvocation": [
"did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v"
]
}
}
}

Create a credential

Create a credential by making an API request as follows:

Request

POST https://tenant.platform.mattr.global/v1/credentials
{
"issuer": {
"id": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v",
"name": "tenant"
},
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://schema.org"
],
"subjectId": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi",
"type": [
"VerifiableCredential",
"Course"
],
"claims": {
"givenName": "Chris",
"familyName": "Shin",
"educationalCredentialAwarded": "Certificate Name"
},
"persist": false,
"revocable": true
}

The issuer.id contains the DID of the issuer, as created in the previous step.

When the issuer DID has the “keyType”:“bls12381g2”, the platform will automatically detect this capability and issue a ZKP-enabled BBS+ credential.

The @context must include the reference to the W3C credential definition "https://www.w3.org/2018/credentials/v1" and this example will use a common data vocab https://schema.org which is referenced in the claims field.

The subjectId defines the DID of the subject. The issued credential attests claims about the subject.

type is an array of credential types that must start with VerifiableCredential. It indicates what sort of information a credential holds.

Response

{
"id": "ab42adbc-1139-47f0-9256-3bf5a01fcc7e",
"credential": {
"type": [
"VerifiableCredential",
"Course"
],
"issuer": {
"id": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v",
"name": "tenant"
},
"issuanceDate": "2020-09-24T19:16:33.222Z",
"credentialSubject": {
"id": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi",
"givenName": "Chris",
"familyName": "Shin",
"educationalCredentialAwarded": "Certificate Name"
},
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://w3c-ccg.github.io/ldp-bbs2020/context/v1",
"https://schema.org",
"https://w3id.org/vc-revocation-list-2020/v1"
],
"credentialStatus": {
"id": "https://tenant.platform.mattr.global/v1/revocation-lists/dd7ceeaa-a5e0-4ab3-a70c-b7237500c605#0",
"type": "RevocationList2020Status",
"revocationListIndex": "0",
"revocationListCredential": "https://tenant.platform.mattr.global/v1/revocation-lists/dd7ceeaa-a5e0-4ab3-a70c-b7237500c605"
},
"proof": {
"type": "BbsBlsSignature2020",
"created": "2020-11-24T19:16:33Z",
"proofPurpose": "assertionMethod",
"proofValue": "pVJlfG/Ra9h8WbwqthNsT4lY9Xx5eVxZR6j0GY3yoDNzJq1CuF+nWKgcie3LpAn3UQpzkiODY46kt/WWaqGzyKyX4k5KRsBuSU9pSAL5Y99QFhnrm8t2MeKuZ1NL++ZO1+IelYtNjl6OmajHdphDUA==",
"verificationMethod": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v"
}
},
"credentialStatus": {
"id": "https://product-team.platform.staging.mattrlabs.io/v1/revocation-lists/dd7ceeaa-a5e0-4ab3-a70c-b7237500c605#0",
"type": "RevocationList2020Status",
"revocationListIndex": "0",
"revocationListCredential": "https://product-team.platform.staging.mattrlabs.io/v1/revocation-lists/dd7ceeaa-a5e0-4ab3-a70c-b7237500c605"
},
"issuanceDate": "2020-09-24T19:16:33.222Z"
}

The returned credential attribute contains the VerifiableCredential object.

Because this is a ZKP-enabled credential it contains a BBS+ signature, which enables selective disclosure as defined by the proof type of BbsBlsSignature2020. For more information on this signature suite, check out the specification at the W3C CCG.