Revocation
The credential revocation mechanism enables invalidation of issued documents. This allows immediate revocation of diplomas for students who left without graduating or identity documents of employees who left the company.
Revocation Mechanism
The platform uses a Cryptographic Accumulator-based revocation mechanism. This method enables verification of revocation status while preserving privacy.
Revocation Registry
| Component | Description |
|---|---|
| Registry Definition | Revocation registry definition |
| Registry Entry | Current accumulator value |
| Tails File | Required for non-revocation proof |
| Max Credentials | Maximum credentials per registry |
Tails Server
Tails Server hosts the Tails files required for revocation verification. Holder and Verifier need these files to create and verify non-revocation proofs.
Revocation Flow
Post-Revocation Verification
| Status | Result |
|---|---|
| Active Credential | Non-revocation proof succeeds |
| Revoked | Non-revocation proof fails |
| Before Revocation Date | May be valid for past date |
When a credential is revoked, the Holder can still see the credential in their wallet but any verification attempt will fail.
Verifier can request a non-revocation proof for a specific date. This way, the question "Was this credential valid on January 15, 2024?" can be answered.