Papers
Topics
Authors
Recent
2000 character limit reached

Verifiable Credentials: Decentralized Identity

Updated 23 November 2025
  • Verifiable Credentials are tamper-evident, cryptographically-protected data objects defined by W3C, enabling decentralized identity with privacy-preserving proofs.
  • They leverage methods such as digital signatures, zero-knowledge selective disclosure, and cryptographic accumulators to guarantee security and minimal data exposure.
  • VCs support robust lifecycle operations including issuance, presentation, verification, and revocation, and are applied across IoT, finance, supply chains, and e-government.

A Verifiable Credential (VC) is a cryptographically-protected, tamper-evident data object used to convey structured claims about a subject, as defined and standardized by the W3C Verifiable Credentials Data Model. VCs are a foundational construct in decentralized and self-sovereign identity (SSI) architectures, providing a cryptographic basis for attesting to arbitrary properties of subjects—human, organizational, or machine—in a manner that is portable, privacy-respecting, and independently verifiable. The data model, cryptographic mechanisms, lifecycle workflows, and privacy-preserving properties of VCs have been explored across diverse domains including access control, IoT, digital product passports, decentralized finance, agentic AI, and large-scale e-government infrastructures (Spiliotopoulos et al., 2021, Lux et al., 2020, Hoops et al., 2024, Akram et al., 2 May 2025, Barclay et al., 2021, Garzon et al., 2023, Yuan, 10 Oct 2025, Huang et al., 25 May 2025, Herbke et al., 2024, Fotiou et al., 2021, Barclay et al., 2020, Perugini et al., 2024, Fedrecheski et al., 2020, García et al., 2024, Hoops et al., 28 Jan 2025, Fotiou et al., 2022, Xie et al., 19 Jan 2025, Flamini et al., 2024, Mazzocca et al., 2024, Buldini et al., 30 May 2025).

1. Formal Model and Data Structures

At its most general, a VC is a digital assertion by an Issuer (typically referenced by a decentralized identifier, or DID) about the claims of a Subject (also identified by a DID), optionally held by a Holder (often the Subject, but not necessarily). The canonical JSON-LD serialization includes:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

{
  "@context": ["https://www.w3.org/2018/credentials/v1", ...],
  "id": "urn:uuid:1234...",
  "type": ["VerifiableCredential", ...],
  "issuer": "did:example:issuer1234",
  "issuanceDate": "2024-06-20T12:00:00Z",
  "expirationDate": "2025-06-20T12:00:00Z",
  "credentialSubject": {
    "id": "did:key:holder5678",
    "attribute1": "value1",
    "attribute2": "value2",
    ...
  },
  "proof": {
    "type": "Ed25519Signature2018",
    "created": "2024-06-20T12:00:00Z",
    "proofPurpose": "assertionMethod",
    "verificationMethod": "did:example:issuer1234#key-1",
    "jws": "eyJhbGciOiJFZERTQSJ9…"
  }
}
The key fields—issuer (DID), credentialSubject (claims), and proof (signature or ZK proof)—form the mathematical core:

VC=(issuer,subject,claims,σissuer)\text{VC} = (\text{issuer}, \text{subject}, \text{claims}, \sigma_{\text{issuer}})

with σissuer=Signskissuer(H(claims∥subject∥expiry))\sigma_{\text{issuer}} = \mathrm{Sign}_{\text{sk}_\text{issuer}}(H(\text{claims} \parallel \text{subject} \parallel \text{expiry}) ) (Spiliotopoulos et al., 2021, Lux et al., 2020, Mazzocca et al., 2024).

The VC model is extensible to JWT form for integration into protocols such as OAuth 2.0, where the VC appears as a nested JWT vc claim signed with JWS (Akram et al., 2 May 2025, Fotiou et al., 2021, Hoops et al., 2024).

2. Cryptographic Foundations

The authenticity, integrity, and privacy-preserving features of VCs depend on advanced cryptographic constructions:

3. Credential Lifecycle Operations

The lifecycle comprises issuance, presentation, verification, and revocation:

  • Issuance:
  1. Holder generates or obtains a DID/keypair.
  2. Issuer verifies attributes (off-chain as policy dictates), constructs the credential, and cryptographically signs it.
  3. VC delivered off-chain to Holder’s wallet, who stores it for later use (Mazzocca et al., 2024, García et al., 2024, Herbke et al., 2024).
  1. Verifier resolves the Issuer's DID to obtain their public key.
  2. Signature or ZKP is cryptographically validated.
  3. Credential-specific attribute checks, as well as time validity and revocation status (via status lists, accumulators, or Merkle proofs), are enforced (Garzon et al., 2023, Hoops et al., 28 Jan 2025, Yuan, 10 Oct 2025).
  • Revocation:
    • Techniques include bitstring status lists, Merkle-tree or RSA-accumulator–based privacy-preserving revocation sets (e.g., CRSet), and on-chain or off-chain status registries (Hoops et al., 28 Jan 2025, Yuan, 10 Oct 2025, Spiliotopoulos et al., 2021). Proper mechanisms guarantee issuer activity and presentation unlinkability for revocation checks.

4. Privacy, Unlinkability, and Selective Disclosure

VC frameworks target advanced privacy-preserving data minimization. Key mechanisms:

5. Application Domains and Use Cases

VCs have been deployed or proposed in a diverse spectrum of scenarios:

Application Domain Typical Claims/VC Types Features Leveraged
Financial services/consumer care IncomeProof, RiskAssessment, Policy VCs ZK selective disclosure, revocation (Spiliotopoulos et al., 2021)
IoT and Smart Building Device identity, CapabilitiesCredential Owner-centric, JWT/ZKP, BBS+, access control (Fedrecheski et al., 2020, Fotiou et al., 2022)
Agentic AI/Multi-Agent Systems AgentCapability, Provenance, SecurityProfile ZKP, fine-grained ABAC, real-time revocation (Huang et al., 25 May 2025)
Supply chain/Product passports ProductComposition, LifecycleEvent VCs Self-sovereign product twins, chain-of-custody, selective disclosure (García et al., 2024)
Scientific Data/ML pipelines DatasetEthics, Bill-of-Materials Provenance, agent chain, auditability (Barclay et al., 2021, Barclay et al., 2020)
Large-scale authentication OIDC sign-in, TLS handshake (VC certificate) Standards compliance, hybrid/fallback modes (Hoops et al., 2024, Perugini et al., 2024)
Crowdsourced resource sharing DroneCapability, AccessToken-VCs JWT-VC binding, DPoP, scalable multi-tenancy (Akram et al., 2 May 2025, Fotiou et al., 2021)

Notably, performance measurements show VC implementations can maintain sub-millisecond cryptographic operation times, and are practical at scale (e.g., >1000 concurrent VP sessions or 60 000 blockchain tx/s) (Herbke et al., 2024, Lux et al., 2020, Hoops et al., 28 Jan 2025).

6. Limitations, Challenges, and Open Research Problems

Despite usability and security advances, significant challenges persist:

7. Best Practices and Future Directions

Research and deployment best practices include:

Future work is focused on quantum-safe credential architectures, universal revocation protocols, universal wallet and DID method interoperability, and practical region-specific governance models for globally federated credential trust (Yuan, 10 Oct 2025, Flamini et al., 2024, Xie et al., 19 Jan 2025, Mazzocca et al., 2024).

Verifiable Credentials have established themselves as the cryptographic backbone of decentralized digital identity, enabling integrity, authentication, privacy, and auditability at scale, with ongoing research driving their integration into critical application ecosystems across domains.

File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (20)
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.

Whiteboard

Topic to Video (Beta)

Follow Topic

Get notified by email when new papers are published related to Verifiable Credentials (VCs).

Add Bell Notification Streamline Icon: https://streamlinehq.com Sign Up to Follow Topic by Email