A revocation registry is a tamper-evident, append-only data structure—often implemented as a cryptographic accumulator or a compressed bitstring—that allows an issuer to signal that a previously issued verifiable credential is no longer valid. Unlike traditional Certificate Revocation Lists (CRLs), modern privacy-preserving registries enable a holder to prove their credential has not been revoked without revealing which specific credential they possess, a critical feature for self-sovereign identity systems.
Glossary
Revocation Registry

What is a Revocation Registry?
A revocation registry is a cryptographically secure data structure that records the current validity status of verifiable credentials, enabling issuers to revoke access without compromising the privacy of the credential holder.
In the AnonCreds specification, the registry is typically a tails file and a cryptographic accumulator updated on a Verifiable Data Registry. For W3C Verifiable Credentials, the credentialStatus property links to a resource like a StatusList2021 bitstring. This mechanism ensures that verifiers can instantly check the revocation status during a verifiable presentation exchange without contacting the issuer directly, maintaining the decentralized architecture of the trust triangle.
Key Features of a Revocation Registry
A revocation registry is a cryptographically secure data structure that records the status of verifiable credentials without revealing the underlying data. These features define its operational integrity and privacy-preserving architecture.
Cryptographic Accumulators
A cryptographic accumulator aggregates a set of valid credential identifiers into a single fixed-size value, enabling efficient membership proofs. Unlike bitstring-based registries, accumulators support zero-knowledge proofs that a credential is not revoked without revealing which credential is being checked.
- RSA Accumulators: Use modular exponentiation to prove non-revocation with constant-size witnesses
- Elliptic Curve Accumulators: Provide shorter proofs and faster verification than RSA variants
- Dynamic Accumulators: Support adding and deleting values without recomputing the entire structure
This approach is fundamental to AnonCreds and privacy-preserving identity systems where correlation must be prevented.
Bitstring Status Lists
A bitstring status list encodes revocation states as a compressed sequence of bits, where each bit position corresponds to a specific credential index. This mechanism, standardized in the W3C Bitstring Status List v1.0, allows verifiers to check revocation status without contacting the issuer directly.
- Each credential is assigned an index within a bitstring of configurable size (typically 16KB to 256KB)
- A bit value of
1indicates revocation;0indicates validity - The bitstring is published at a publicly accessible URL and referenced in the credential's
credentialStatusproperty - Supports suspension and revocation as distinct states using multiple bitstrings
This approach is highly efficient for high-volume credential ecosystems where accumulator witness updates would be impractical.
Privacy-Preserving Status Checks
Revocation registries must enable status verification without creating correlatable identifiers that could link a credential holder's activities across different verifiers. Privacy-preserving mechanisms ensure that checking revocation does not leak metadata about the holder.
- Non-Correlation: Verifiers cannot link multiple status checks to the same credential or holder
- Unlinkable Presentations: Each presentation generates a fresh proof that does not reveal the credential's index in the registry
- Anonymous Revocation: Using zero-knowledge proofs, a holder can demonstrate non-revocation without disclosing which credential they hold
- Decentralized Hosting: Registries can be hosted on distributed ledgers or content-addressable networks to prevent tracking by a single infrastructure provider
These properties are essential for Self-Sovereign Identity systems operating under GDPR and similar privacy regulations.
Issuer-Controlled Update Authority
Only the credential issuer possesses the cryptographic authority to update the revocation status of credentials they have issued. This authority is enforced through digital signatures tied to the issuer's DID Document and its associated public keys.
- Signed Status Updates: Every modification to the registry is cryptographically signed by the issuer's private key
- Key Rotation Support: Issuers can rotate signing keys without invalidating existing credentials, provided the DID Document is updated
- Delegated Revocation: Some architectures allow the issuer to delegate revocation authority to a designated third party while maintaining audit trails
- Immutable Audit Logs: When anchored to a distributed ledger, every revocation event creates a tamper-evident, timestamped record
This ensures that no unauthorized party can revoke a credential, maintaining the integrity of the trust framework.
Verifier Local Caching Strategies
To reduce latency and external network dependencies, verifiers can maintain local caches of revocation registries. This is critical for offline-first scenarios and high-throughput verification systems.
- Delta Updates: Verifiers fetch only the changes since their last synchronization, minimizing bandwidth
- Time-to-Live (TTL): Cached registries include expiration metadata to ensure verifiers do not rely on stale revocation data
- Bloom Filters: Probabilistic data structures can provide fast, space-efficient pre-checks before querying the full registry
- Content-Addressable Storage: Registries stored on IPFS or similar networks allow verifiers to retrieve data from the nearest node
Caching strategies must balance freshness guarantees against performance requirements, especially in environments with intermittent connectivity.
Registry Governance and Trust Frameworks
The technical operation of a revocation registry is governed by a trust framework that defines the legal and operational rules for issuers, holders, and verifiers within an ecosystem.
- Accreditation: Only issuers certified by a Trust Registry are authorized to write to the revocation registry
- Service Level Agreements: Define uptime, latency, and data persistence requirements for registry infrastructure
- Jurisdictional Compliance: Registries must comply with data residency laws, often requiring geographically distributed hosting
- Ecosystem-Specific Schemas: Governance authorities define which credential types and revocation states are supported
Frameworks like the Trust over IP (ToIP) Foundation stack separate technical governance from business governance, ensuring that revocation registries operate within legally enforceable boundaries.
Revocation Methods Comparison
Comparative analysis of cryptographic revocation approaches for verifiable credentials, evaluating privacy, scalability, and computational trade-offs.
| Feature | Revocation Bitstring | Cryptographic Accumulator | Status List 2021 |
|---|---|---|---|
Underlying Mechanism | Compressed bit array with assigned credential indices | Merkle tree or RSA accumulator with witness proofs | Bitstring encoded as a compressed JWT claim set |
Privacy Preservation | Correlates revocation check to index position | Supports zero-knowledge non-revocation proofs | Correlates check to bit position within list |
Proof Size | < 1 KB | 1-3 KB (witness + accumulator) | < 500 bytes |
Verifier Complexity | O(1) bit lookup | O(log N) or O(1) witness verification | O(1) bit lookup |
Batch Revocation | |||
Offline Verification | |||
Ledger Dependency | Requires anchoring for integrity | Requires anchoring for accumulator state | Requires anchoring for list state |
Scalability (1M Credentials) | ~125 KB list size | ~32 bytes accumulator + per-credential witnesses | ~125 KB list size |
Frequently Asked Questions
A technical deep dive into the cryptographic data structures that manage the lifecycle and validity of verifiable credentials in sovereign identity systems.
A Revocation Registry is a cryptographically secure data structure, typically a bitstring or cryptographic accumulator, that records the current revocation status of Verifiable Credentials (VCs) without revealing the underlying credential data or the identity of the holder. It acts as a privacy-preserving alternative to Certificate Revocation Lists (CRLs) used in traditional PKI. When an issuer needs to revoke a credential, they update the registry by flipping a specific bit or updating a witness value. A verifier can then check the registry to confirm a credential has not been revoked, often using a zero-knowledge proof (ZKP) to do so without learning which specific credential is being checked. This mechanism is fundamental to Self-Sovereign Identity (SSI) ecosystems, ensuring that trust is maintained without creating a correlatable trail of credential usage.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Core components that interact with revocation registries to enable privacy-preserving credential lifecycle management.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us