What zero-knowledge proof algorithm is used in Sovrin

I understand that a ZKP algorithm is used for generating proofs in Sovrin and I’m wondering what approach has been used.



Symon, excellent question. The overall ZKP architecture that Jason, Dmitry, and team have been following is based on the IDEMix architecture from Jan Camenisch at IBM Research. However Jason and Dmitry have innovated on top of that, particularly in the area of revocation.

I’ll have to leave the details to them to share (I don’t even play a cryptographer on TV ;-). Also, Jason may be offline for a spell after several weeks of travel. But I’m hoping another member of the Evernym dev team can step in with some details.


Our zero-knowledge proofs are part of the Idemix protocol , where they are used to prove the possession of Camenisch-Lysyanskaya credentials. We also use zero-knowledge proofs in the revocation protocol, which is based on cryptographic accumulators.


Is this still the case as implemented in the Indy codebase?

Yes it is still the case. CL signatures for attribute proofs and CKS signatures for non-revocation proofs.

1 Like

Please tell me if I understood well - indy-anoncreds project is your implementation of idemix protocol and it is based on https://github.com/JHUISI/charm implementation? Does all features of IBM Idemix library are implemented (for example all predicates used in proving some knowledge without disclosing attributes - range proofs etc.)?

1 Like