About how sovrin works


Hi, I’ve been reading the whitepaper ‘How sovrin works’ and got a question.

In claims section, it says ‘claims are digitally signed’ by the issuers, however, in the figure, identity owner gets claims from 3rd parties with their verification keys. From what I know, when you digitally sign something to prove that you issued it, you sign it with your private key(signing key in this case) so I got confused.
Also, what does the sovrin do with claim key exactly? Is the claim signed with claim key or the issuer’s private key?

In disclosure section, identity owner selects the attributes that he/she wants to share with other party, and sends it to the party with different verification key that he/she already shared with the corresponding party. What I understood about the verification was that it represents the owner’s identity at the issuer, thus it quite doesn’t make sense to me that the identity owner creates another verification key to send the disclosure.
Also about the master secret key, does it used over and over again to create different disclosures? Is it just used to create a disclosure?

If anyone can explain those, I would appreciate it.


I’ll try to answer your two questions in two sections below.

1- Issuers sign claims using their private claim key that pertains to a particular schema. The public key and claim definition are on the ledger. When an identity owner presents a proof, she must reveal which public keys can verify her claims. Since those keys are on the ledger, the issuer doesn’t need to be contacted.

2- The master secret key is a commitment to a value that the issuer signs. Its a blinded or hidden attribute. Its never revealed to any issuers. When a proof is presented to a relying party, this value is treated like a hidden attribute as well. Since the owner is the only identity that knows this value, she is also the only one that can present a valid proof from the claims. Any listening party would see different values for each proof even though the values remain the same. That’s how zero-knowledge proofs work. So the master secret key is used over and over again to create different disclosures, but the value is never revealed to any party.

I hope this helps.