AnonCreds (Anonymous Credentials) is a privacy-preserving credential format that utilizes Camenisch-Lysyanskaya (CL) signatures to enable a holder to prove claims about their attributes without revealing a persistent, correlatable identifier. Unlike simple signed JSON, AnonCreds supports selective disclosure and zero-knowledge proofs (ZKPs) , allowing a verifier to confirm specific attributes—such as being over 18—without learning the holder's exact birthdate or name.
Glossary
AnonCreds (Anonymous Credentials)

What is AnonCreds (Anonymous Credentials)?
A technical definition of the AnonCreds format, its underlying cryptographic mechanisms, and its role in enabling unlinkable selective disclosure within sovereign identity systems.
The format achieves unlinkability by generating a unique, one-time presentation proof for every verification event, preventing colluding verifiers from correlating a user's activity. Integrated with revocation registries and Decentralized Identifiers (DIDs) , AnonCreds forms a critical component of Self-Sovereign Identity (SSI) architectures, ensuring high-assurance credentials remain cryptographically sound while maximizing user privacy.
Key Features of AnonCreds
AnonCreds implements a sophisticated cryptographic framework that enables verifiable credentials with mathematically provable privacy guarantees, fundamentally separating the act of proving from the act of identifying.
Selective Disclosure with Predicate Proofs
Holders can reveal only the minimum necessary information from a credential while keeping all other attributes hidden. Beyond simple attribute revelation, AnonCreds supports predicate proofs—cryptographic demonstrations that an attribute satisfies a condition (greater than, less than, within range) without disclosing the actual value.
- Attribute disclosure: Reveal only
expiry_datewhile hidingnameandaddress - Zero-knowledge predicates: Prove
age > 21without revealing exact birthdate - Interval proofs: Demonstrate a value falls within a specific range
- Set membership: Prove an attribute belongs to an allowed set without identifying which element
Non-Correlatable Presentations
Every presentation generated from an AnonCred credential uses a freshly generated proof with a unique cryptographic nonce. This ensures that even if the same credential is presented to the same verifier multiple times, the presentations cannot be linked together. This property is known as multi-show unlinkability.
- Unique proofs per presentation: Each interaction produces cryptographically distinct evidence
- No common identifier: Unlike X.509 certificates, no serial number or fingerprint is exposed
- Verifier unlinkability: Two verifiers cannot collude to correlate a user's activity
- Protection against tracking: Prevents the creation of a behavioral profile across service providers
Schema-Based Credential Definition
AnonCreds credentials are defined through a schema that specifies the list of attribute names and their types. An issuer then publishes a credential definition on a Verifiable Data Registry, which includes the cryptographic public key material and revocation registry reference. This layered architecture separates data modeling from cryptographic instantiation.
- Schema: Declares attribute names (e.g.,
given_name,family_name,date_of_birth) - Credential Definition: Binds the schema to the issuer's public CL signing key
- Verifiable Data Registry: Stores schemas, credential definitions, and revocation registries immutably
- Versioning: Schemas can be versioned to support credential evolution without breaking existing holders
Privacy-Preserving Revocation
AnonCreds implements revocation using cryptographic accumulators rather than public certificate revocation lists. A holder proves their credential has not been revoked by demonstrating membership in the accumulator without revealing which specific credential they hold. This preserves unlinkability even during revocation checks.
- Accumulator-based: Uses dynamic accumulators that support efficient membership and non-membership proofs
- No correlation: Revocation check does not expose a unique credential identifier
- Revocation Registry: An append-only data structure published to the Verifiable Data Registry
- Witness updates: Holders periodically update their witness to reflect the latest accumulator state
Link Secret Binding
Every AnonCred credential is cryptographically bound to a link secret—a blinding factor known only to the holder. This secret is embedded in the credential during issuance via a blind signing protocol and is proven during presentation without being revealed. The link secret prevents credential sharing and enables proving that multiple credentials belong to the same holder without identifying them.
- Anti-sharing mechanism: Makes credential transfer practically infeasible
- Cross-credential binding: Prove ownership of multiple credentials simultaneously
- Blind issuance: Issuer signs attributes without learning the link secret value
- Holder binding: Ensures only the original recipient can use the credential
Frequently Asked Questions
Technical answers to the most common questions about AnonCreds, the privacy-preserving credential format that enables selective disclosure and zero-knowledge proofs without revealing correlatable identifiers.
AnonCreds (Anonymous Credentials) is a privacy-preserving verifiable credential format that utilizes Camenisch-Lysyanskaya (CL) signatures to enable selective disclosure and zero-knowledge proofs without revealing a correlatable identifier. Unlike W3C Verifiable Credentials that typically bind to a DID, AnonCreds uses a link secret—a blinding factor known only to the holder—to bind the credential to the holder's wallet. When presenting, the holder generates a zero-knowledge proof demonstrating possession of a validly signed credential and knowledge of the link secret, without revealing the credential's signature value or any undisclosed attributes. This cryptographic construction ensures that even the issuer cannot correlate a presentation back to the original issuance event, providing unlinkability across multiple presentations.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Core concepts and cryptographic primitives that form the technical foundation for AnonCreds and privacy-preserving verifiable credential systems.
BBS+ Signatures
A pairing-based, multi-message digital signature scheme that enables selective disclosure and zero-knowledge proofs. Unlike Camenisch-Lysyanskaya signatures used in AnonCreds v1, BBS+ allows a holder to derive a single proof that hides specific signed attributes while proving possession of others. This scheme is the cryptographic backbone of the W3C Verifiable Credential Data Integrity suite and is being integrated into AnonCreds v2 for broader interoperability.
Selective Disclosure
The ability of a credential holder to reveal only specific attributes from a verifiable credential to a verifier. In AnonCreds, this is achieved through zero-knowledge proofs that cryptographically prove a subset of claims (e.g., 'age > 21') without exposing the raw data (e.g., exact birthdate). This minimizes unnecessary data exposure and is a core requirement of GDPR data minimization principles.
Revocation Registry
A cryptographically secure data structure that records the revocation status of verifiable credentials without revealing underlying data. AnonCreds uses cryptographic accumulators to allow a holder to generate a non-revocation proof demonstrating their credential has not been revoked, without the verifier needing to scan a list or contact the issuer. This preserves unlinkability even during status checks.
Verifiable Presentation
A signed aggregation of one or more verifiable credentials, assembled by a holder to share specific claims with a verifier. AnonCreds presentations are constructed using zero-knowledge proofs that combine multiple credentials into a single, tamper-proof proof. The verifier learns only what the holder explicitly discloses, with no correlatable identifier linking presentations across different sessions.
Zero-Knowledge Proof (ZKP)
A cryptographic method allowing one party to prove to another that a statement is true without revealing any information beyond the validity of the statement itself. AnonCreds leverages ZKPs to enable predicate proofs (e.g., 'credit score > 700') and attribute hiding while maintaining cryptographic verifiability. This is the mechanism that prevents verifiers and issuers from colluding to correlate user activity.
Decentralized Identifier (DID)
A globally unique persistent identifier that does not require a centralized registration authority. AnonCreds are typically bound to a DID as the subject identifier, but the credential's schema and revocation registry are also anchored to DIDs on a Verifiable Data Registry. This decoupling from traditional PKI enables portable, self-sovereign identity architectures.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us