In a verifier-local approach [25, 33], the revocation list is a collection of revoked credential identifiers. For each transaction, the verifier checks whether the presentation matches with any of the identifiers on the list. The checks are designed in a way that if the presentation token comes from a credential that is not revoked, nothing will be revealed. …show more content…
A cryptographic primitive called accumulator [15, 28, 38] is useful in this setting. An accumulator “combines” a set of values into a constat-sized element. For each value accumulated, there exists a witness to testify the fact that the value has been accumulated. Accumulators can be used to support revocation as follows: a user proves, in zero-knowledge, that his credential has been (resp. has not been) accumulated in the accumulator representing the “whitelist” (resp. blacklist). We have designed an accumulator in [5] to support revocation of credentials of the