Key Types & Algorithms

IDA supports multiple cryptographic key types to serve different use cases: authentication, signing credentials, encrypting communications, and enabling selective disclosure.

Supported Key Types

Ed25519

Ed25519 is the default and recommended key type for IDA. It provides fast, secure digital signatures based on the Twisted Edwards curve.

Properties

Key Generation (Go)

1
package main
2
3
import (
4
    "crypto/ed25519"
5
    "crypto/rand"
6
    "encoding/hex"
7
    "fmt"
8
)
9
10
func generateEd25519() {
11
    pub, priv, err := ed25519.GenerateKey(rand.Reader)
12
    if err != nil {
13
        panic(err)
14
    }
15
16
    fmt.Printf("Public key:  %s\n", hex.EncodeToString(pub))
17
    fmt.Printf("Private key: %s\n", hex.EncodeToString(priv.Seed()))
18
}

Key Generation (JavaScript)

1
import { generateKeyPair } from '@stablelib/ed25519';
2
import { encode as base58Encode } from 'bs58';
3
4
function generateEd25519() {
5
  const keyPair = generateKeyPair();
6
  const publicKeyMultibase = 'z' + base58Encode(
7
    Buffer.concat([Buffer.from([0xed, 0x01]), keyPair.publicKey])
8
  );
9
10
  return {
11
    type: 'Ed25519VerificationKey2020',
12
    publicKeyMultibase,
13
    privateKey: keyPair.secretKey,
14
  };
15
}

Signing and Verification

1
// Sign a message
2
message := []byte("Hello, IDA!")
3
signature := ed25519.Sign(privateKey, message)
4
5
// Verify the signature
6
valid := ed25519.Verify(publicKey, message, signature)
7
// valid == true

Usage in IDA

• DID Auth: Challenge-response authentication
• VC Proof: Ed25519Signature2020 proof suite
• IBCT Signing: EdDSA-signed compact JWTs for single-hop delegation

secp256k1

secp256k1 is the elliptic curve used natively by most blockchains (Ethereum, Bitcoin). IDA supports it for blockchain-native operations and compatibility.

Properties

Key Generation (Go)

1
import (
2
    "crypto/ecdsa"
3
    "crypto/elliptic"
4
    "crypto/rand"
5
    "github.com/ethereum/go-ethereum/crypto"
6
)
7
8
func generateSecp256k1() (*ecdsa.PrivateKey, error) {
9
    return crypto.GenerateKey()
10
}

Usage in IDA

• Blockchain transactions: Signing ADI blockchain transactions
• Ethereum compatibility: Interop with EVM-based systems
• Address derivation: Ethereum-style address from public key

X25519 (Key Agreement)

X25519 is a Diffie-Hellman function used for key agreement in DIDComm v2 encrypted messaging.

Properties

Key Agreement Flow

DIDComm Encryption

1
import { x25519 } from '@stablelib/x25519';
2
import { XChaCha20Poly1305 } from '@stablelib/xchacha20poly1305';
3
4
// Derive shared secret
5
const sharedSecret = x25519(senderPrivateKey, recipientPublicKey);
6
7
// Encrypt message
8
const aead = new XChaCha20Poly1305(sharedSecret);
9
const nonce = randomBytes(24);
10
const ciphertext = aead.seal(nonce, plaintext);

BBS+ Signatures

BBS+ is a pairing-based signature scheme on the BLS12-381 curve that enables selective disclosure of signed attributes without revealing the full credential.

Properties

How It Works

1. Issuance: Issuer signs all credential attributes as a single BBS+ signature
2. Derivation: Holder derives a proof that reveals only selected attributes
3. Verification: Verifier confirms the proof without learning hidden attributes

Selective Disclosure Example

1
import { BBS } from '@mattrglobal/bbs-signatures';
2
3
// Issuer: Sign all attributes
4
const messages = [
5
  "John Doe",      // attribute 0: name
6
  "30",            // attribute 1: age
7
  "123 Main St",   // attribute 2: address
8
  "999-00-1234"    // attribute 3: SSN
9
];
10
11
const signature = await BBS.sign({
12
  messages,
13
  publicKey: issuerBbsPublicKey,
14
  secretKey: issuerBbsSecretKey,
15
});
16
17
// Holder: Create proof revealing only age (index 1)
18
const proof = await BBS.createProof({
19
  signature,
20
  publicKey: issuerBbsPublicKey,
21
  messages,
22
  revealed: [1],  // only reveal attribute at index 1
23
  nonce: verifierNonce,
24
});
25
26
// Verifier: Verify the proof
27
const verified = await BBS.verifyProof({
28
  proof,
29
  publicKey: issuerBbsPublicKey,
30
  messages: ["30"],        // only the revealed attribute
31
  revealed: [1],
32
  messageCount: 4,         // total attributes in original VC
33
  nonce: verifierNonce,
34
});
35
// verified === true

ZK Predicate Proofs

BBS+ can be combined with ZK circuits to prove predicates:

Prove: age >= 21  (without revealing actual age)
Prove: salary >= $50,000  (without revealing exact salary)
Prove: country IN ["US", "CA", "UK"]  (without revealing which one)

Zero-Knowledge Identity (zkSync Airbender Compatible)

IDA implements a full ZK Identity system that enables privacy-preserving credential verification on the ADI blockchain. The system is compatible with zkSync Airbender’s proving system and zkEVM execution model.

ZK Proof Architecture

Proof Generation

The ZKP prover generates proofs using Pedersen-like commitments and Schnorr-like responses:

1. Predicate Evaluation: Validates that credential values satisfy all predicates (without revealing values)
2. Commitment Generation: For each predicate: C = H(attribute_value || blinding_factor || predicate)
3. Response Computation: For each predicate: R = H(C || nonce || challenge || blinding_factor)
4. Aggregation: Single proof hash: A = H(sorted_commitments || sorted_responses || nonce)
5. Signing: Ed25519 signature over A || challenge || proverDID

Supported Predicate Types

Proof Verification (4-Stage)

1. Structural Integrity: All required fields present (ID, type, prover DID, predicates, proof data, nonce)
2. Ed25519 Signature: Verify prover’s signature against public key resolved from DID document
3. Aggregate Consistency: Recompute aggregate hash from commitments/responses, compare with proof
4. Per-Predicate Check: Each predicate has matching commitment and response entries

On-Chain Anchoring

Proofs can be anchored on-chain via the ZKProofVerifier contract on ADI blockchain:

• Proof hashes are stored as bytes32 (Poseidon-friendly for Airbender circuits)
• submitProof() registers the proof hash with prover DID and credential reference
• isProofValid() returns validity status (exists and not revoked)
• verifyProofOnChain() marks verification timestamp and emits ProofVerified event

zkSync Airbender Compatibility

The ADI blockchain implements zkSync Airbender standards natively:

• zkEVM Execution: Contracts compile with standard Solidity 0.8.24 to zkEVM opcodes
• Poseidon Hashing: bytes32 proof hashes are compatible with Poseidon hash circuits used in Airbender validity proofs
• State Diff Compression: Proof registry state changes are compressed in zkSync’s state diff model
• Cross-Chain Verification: Proof existence on ADI can be verified on L1 via Airbender’s validity proof mechanism

ZK Identity Use Cases

• Age Verification: Prove age >= 18 without revealing birthdate or name
• KYC/AML: Prove jurisdictional compliance without storing passport data
• Proof of Humanity: Verify uniqueness without biometric exposure (Sybil resistance)
• Anonymous Governance: DAO members vote without revealing identity
• Selective Health Data: Share vaccination status without full medical record
• Financial Eligibility: Prove creditworthiness without exact score disclosure

Key Rotation

Key rotation is critical for long-lived DIDs. IDA supports seamless key rotation:

Key Rotation Request

$
curl -X POST http://localhost:8080/api/v1/dids/did:adi:3f7a.../keys/rotate \
>
  -H "Authorization: DIDAuth <signed-challenge>" \
>
  -d '{
>
    "newKeyType": "Ed25519VerificationKey2020",
>
    "purpose": ["authentication", "assertionMethod"],
>
    "revokeOldKey": false
>
  }'

Algorithm Comparison