Master Thesis project proposal

“Designing and implementing an ECDSA-based Zero-Knowledge Credential Architecture for Yivi as EUDI Wallet”

Context and motivation

Background

Yivi is a privacy-preserving digital identity platform that has successfully launched production deployments using IRMA/Idemix protocols based on zero-knowledge proof (ZKP) schemes. With the introduction of the EU Digital Identity (EUDI) Wallet regulation (eIDAS 2.0), Yivi aims to evolve into a compliant EUDI wallet while maintaining its strong privacy guarantees and crypto-agile architecture.

The EUDI ecosystem increasingly standardises on:

• Verifiable Credentials (e.g. W3C VC, SD-JWT-VC, ISO 18013-5 mDL/MDOC)

• Presentation and issuance protocols such as OpenID4VCI and OpenID4VP

• Selective disclosure and zero-knowledge techniques, analysed in detail in ETSI TR 119 476, including BBS+, CL signatures and other privacy-enhancing cryptographic mechanisms.

Yivi wants to leverage these developments while preserving its core privacy values: minimum disclosure, unlinkability, and user-controlled identity.

Strategic challenge

Today, many credentials in practice are signed using ECDSA keys (for example JWT-based credentials, SD-JWT-VC, mDL/MDOC. At the same time, privacy-preserving credential systems often rely on different cryptographic primitives (e.g. CL, BBS+ on BLS12-381).

Yivi faces a strategic challenge:

• How to evolve towards an EUDI-compliant wallet that: Reuses existing and widely deployed ECDSA key material,

• Supports zero-knowledge proofs and selective disclosure,

• Remains interoperable with OpenID4VCI / OpenID4VP and standard verifiers,

• And preserves Yivi’s strong privacy guarantees and crypto-agility.

The ECDSA-based ZKP opportunity

Recent work such as Google’s Longfellow project (“Anonymous credentials from ECDSA”) and new proposals around BBS# indicate that it is possible to:

• Build anonymous credential schemes on top of existing ECDSA-signed credentials,

• Provide selective disclosure and unlinkable presentations,

• Minimise changes to issuer infrastructure,

• And potentially integrate with standard protocols such as OpenID4VCI and OpenID4VP.

This opens the possibility for Yivi to design a next-generation ZKP layer that:

• Uses ECDSA keys as the fundamental trust anchor,

• Compares and possibly combines Longfellow-style constructions with BBS+/BBS#-based approaches,

• And is grounded in the requirements and recommendations of ETSI TR 119 476.

Research objectives

Primary objective

Design and prototype an ECDSA-based zero-knowledge credential architecture for Yivi that:

• Provides selective disclosure and unlinkable presentations based on ECDSA keys,

• Is aligned with the cryptographic and privacy requirements from ETSI TR 119 476,

• Supports interoperability with OpenID4VCI and OpenID4VP,

• And can be integrated into Yivi’s roadmap towards an EUDI-compliant wallet.

Specific research questions

RQ1: Requirements analysis based on ETSI TR 119 476 How can the privacy, security and interoperability requirements from ETSI TR 119 476 for selective disclosure and ZKP-based credentials be translated into concrete requirements for a Yivi ECDSA-ZKP architecture, in particular regarding:

• Unlinkability across presentations

• Minimal disclosure and predicate proofs

• Revocation and status verification

• Crypto-agility and (future) post-quantum considerations

RQ2: ECDSA-based ZKP design options (Longfellow vs BBS#/BBS+) What are the design trade-offs between:

• Longfellow / “Anonymous credentials from ECDSA” Using existing ECDSA-signed credentials (JWT / SD-JWT-VC / MDOC) as the base

• Generating zero-knowledge proofs over attributes derived from these credentials

• BBS+/BBS#-based credentials anchored in ECDSA trust Mapping Yivi (and EUDI) credential structures to BBS+/BBS# signatures

• Exploring how ECDSA-based PKI and BBS#/BBS+-based ZKP can be combined or bridged

RQ3: Yivi architecture integration

How can an ECDSA-based ZKP scheme (Longfellow, BBS#, or a hybrid) be integrated into Yivi’s architecture while:

• Maintaining backward compatibility with existing IRMA/Idemix credentials where needed

• Supporting multiple credential formats (e.g. SD-JWT-VC, MDOC, IRMA) within Yivi

• Preserving Yivi’s privacy-first design, including unlinkability and minimal disclosure

• Allowing for crypto-agile evolution as standards mature

RQ4: Interoperability with OpenID4VCI and OpenID4VP

How can the proposed ECDSA-ZKP architecture:

• Represent credentials and proofs in W3C VC formats (e.g. JWT/SD-JWT-VC or Data Integrity profiles)

• Be transported using OpenID4VCI for issuance and OpenID4VP for presentations

• Interoperate with verifiers that: Support advanced ZKP-proof types, and

• Only support “classic” JWT/SD-JWT verification (graceful degradation / dual-path designs)

RQ5: Evaluation and recommendations

To what extent does the proposed architecture:

• Meet the ETSI TR 119 476 criteria for privacy-preserving credentials,

• Achieve practical performance for mobile wallets and verifiers,

• Provide a realistic migration path for Yivi towards EUDI-compliant, ECDSA-based ZKP credentials?

What recommendations can be made to Yivi for:

• Short-term experimentation (e.g. Longfellow-style wrapping of existing credentials), and

• Long-term architecture choices (e.g. adoption of BBS# or hybrid designs)?

Student profile

We are looking for a motivated university-level student in Computer Science, Cyber Security or a closely related discipline. You have a strong affinity with cryptography, digital identity, and privacy-preserving technologies, and you are eager to apply academic knowledge to a real-world, high-impact use case. You work independently, think analytically, and are comfortable exploring complex technical concepts.

Thesis benefits

• Professional supervision from specialists in cryptography, identity management, and EUDI Wallet technologies

• Regular feedback and technical sparring sessions throughout the thesis process

• Access to technical documentation, development environments, and research materials relevant to the assignment

• A monthly thesis compensation of €500 (based on a 40-hour commitment; exceptions possible)

• Flexible working arrangements, including hybrid work options

• Opportunities to publish or present your research within the organization

• Real-world impact: your work may directly contribute to the integration of Yivi as an EUDI Wallet

References

Academic

• Anonymous credentials from ECDSA https://eprint.iacr.org/2024/2010

• Privacy-Preserving Credentials: Camenisch et al https://eprint.iacr.org/2014/468.pdf

• ETSI TR 119 476 - Electronic Signatures and Trust Infrastructures (ESI); Analysis of selective disclosure and zero-knowledge proofs applied to Electronic Attestation of Attributes https://www.etsi.org/deliver/etsi_tr/119400_119499/119476/01.02.01_60/tr_ 119476v010201p.pdf

• BBS# and eIDAS 2.0 https://csrc.nist.gov/csrc/media/presentations/2024/wpec2024-3b3/images-media/wpec2024-3b3-slides-antoine-jacques--BBS-sharp-eIDAS2.pdf

Other

• What is Yivi https://docs.yivi.app/what-is-yivi

• IRMAGO https://github.com/privacybydesign/irmago

• EUDI Wallet ARF: EU Commission - Regulatory framework https://eudi.dev/2.5.0/architecture-and-reference-framework-main/

Contact

Primary contact person

Dibran Mulder, CTO Caesar Groep & Yivi

+31 (0)6 39 30 61 18

[email protected]

Address:

Janssoniuslaan 80

3528 AJ Utrecht

Websites:

https://yivi.app

https://caesar.nl