Inferensys

Glossary

BBS+ Signature

A short, pairing-based digital signature scheme that supports selective disclosure, allowing a prover to reveal only specific attributes from a signed credential while maintaining cryptographic integrity.
Knowledge engineer constructing knowledge base on laptop, document hierarchy visible, casual office setup.
SELECTIVE DISCLOSURE CRYPTOGRAPHY

What is BBS+ Signature?

A BBS+ signature is a pairing-based digital signature scheme that supports selective disclosure, enabling a prover to reveal only specific attributes from a signed credential while maintaining cryptographic integrity and unlinkability.

A BBS+ signature is a short, multi-message digital signature scheme built on bilinear pairings over elliptic curves. Unlike standard signatures that require full message disclosure for verification, BBS+ allows a holder to derive a zero-knowledge proof that reveals only a subset of signed attributes. The verifier confirms the signature's validity and the disclosed attributes' authenticity without learning the hidden data, making it foundational for privacy-preserving verifiable credentials.

The scheme's core innovation is its ability to generate unlinkable proofs—each presentation of the same credential produces a cryptographically distinct proof, preventing correlation across different verifiers. BBS+ signatures are standardized by the W3C and IETF for use with Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs), enabling selective disclosure of claims such as age verification without revealing birthdate, or proof of accreditation without exposing the issuing institution's full signature chain.

SELECTIVE DISCLOSURE CRYPTOGRAPHY

Key Features of BBS+ Signatures

BBS+ is a pairing-based digital signature scheme that enables a prover to reveal only specific attributes from a signed credential while maintaining cryptographic integrity and zero-knowledge properties.

01

Selective Disclosure

The defining capability of BBS+ signatures. A holder of a signed credential can derive a proof that reveals only a subset of attributes while hiding the rest. For example, from a digital driver's license, a prover can disclose only age >= 21 without revealing their name, address, or exact birthdate. The verifier receives cryptographic assurance that the revealed attributes were part of the original signed credential without ever seeing the hidden fields.

02

Multi-Message Signing

BBS+ signs a vector of messages (attributes) simultaneously within a single, compact signature. This is fundamentally different from signing each attribute individually. The scheme produces a signature of constant size regardless of the number of messages signed, making it highly efficient for credentials with many claims. A single BBS+ signature can cover dozens of attributes—name, address, credentials, permissions—while remaining only a few hundred bytes.

03

Unlinkable Proof Presentations

Each derived proof is cryptographically unlinkable to other proofs from the same credential. Even if a verifier colludes with the original issuer, they cannot correlate two separate presentations. This prevents tracking and surveillance. A user can prove their professional certification to multiple employers, and none can determine it is the same credential being presented, preserving privacy across sessions.

04

Zero-Knowledge Predicate Proofs

BBS+ supports proofs about attributes without revealing the attributes themselves. A prover can demonstrate predicates such as:

  • age > 18 (range proof)
  • expiry_date > today (comparison)
  • country_of_origin NOT IN sanctioned_list (set membership) The verifier learns only the truth of the predicate, not the underlying value. This is achieved through efficient zero-knowledge proof techniques integrated into the signature scheme.
05

Constant-Size Proofs

A BBS+ proof is constant in size regardless of the number of revealed attributes. Whether disclosing 1 attribute or 50, the proof remains approximately the same length—typically a few hundred bytes. This is a significant advantage over schemes where proof size grows linearly with the number of disclosed attributes, making BBS+ ideal for bandwidth-constrained environments like mobile devices and IoT.

06

Pairing-Based Cryptography Foundation

BBS+ is built on bilinear pairings over elliptic curves, specifically the BLS12-381 curve. The security relies on the q-Strong Diffie-Hellman assumption. This mathematical foundation enables the scheme's unique combination of properties: multi-message signing, selective disclosure, and unlinkable proofs. The BLS12-381 curve provides approximately 128-bit security and is widely adopted in standards including W3C Verifiable Credentials and IETF drafts.

BBS+ SIGNATURE FAQ

Frequently Asked Questions

Explore the core concepts behind BBS+ signatures, a pairing-based cryptographic scheme enabling selective disclosure of signed attributes without compromising the underlying signature's integrity.

A BBS+ signature is a short, pairing-based digital signature scheme that supports selective disclosure, allowing a prover to reveal only specific attributes from a signed credential while maintaining cryptographic integrity. It operates over bilinear groups (pairing-friendly elliptic curves like BLS12-381), where a signer issues a signature on a vector of messages (attributes). The holder can then derive a zero-knowledge proof-of-knowledge of the signature, revealing only a subset of the signed messages. The verifier checks the proof against the signer's public key and the disclosed attributes, cryptographically confirming that the unrevealed attributes were validly signed without ever seeing them. This mechanism relies on the hardness of the q-Strong Diffie-Hellman assumption and the Discrete Logarithm problem in the group.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.