Verifiable Credentials

Verifiable Credentials are a W3C standard for cryptographically signed, tamper-evident digital attestations that enable an issuer to make claims about a subject, which the subject can present to a verifier without contacting the issuer—enabling portable, privacy-preserving digital proofs.

Definition

Verifiable Credentials (VCs) are a W3C standard (reaching v2.0 Recommendation in 2024) for expressing credentials in a digital format that is cryptographically verifiable, tamper-evident, and privacy-respecting. A verifiable credential is a set of claims made by an issuer about a subject, digitally signed by the issuer, and held by the subject (the holder). The holder can present the credential to any verifier, who can cryptographically confirm the issuer’s signature without needing to contact the issuer.

The model has three roles: the issuer (who creates and signs the credential), the holder (the subject who stores it), and the verifier (who checks the credential’s validity). A university issues a diploma credential; the graduate holds it in their digital wallet; an employer verifies it instantly. No phone call to the registrar. No PDF that anyone can fabricate. A cryptographic proof that the university, identified by its Decentralized Identifier (DID), attested that this person completed this degree.

Why It Matters

The global credential verification market was estimated at $150 billion annually in 2024, encompassing education verification, employment history checks, professional licensing, identity proofing, and background screening. The average enterprise background check takes 5-7 business days. Academic credential verification averages 15-20 business days across international institutions. These processes are slow because they depend on institution-to-institution communication—each verifier must contact each issuer independently.

Verifiable credentials collapse this to milliseconds. The cryptographic signature on the credential is the verification. No round-trip to the issuer. No intermediary database. No API call to a third-party verification service that now accumulates a database of who is checking whose credentials (itself a privacy risk).

The privacy advantage is equally transformative. Current verification processes require over-sharing by default: to prove you graduated, you share your full transcript. To prove you are over 21, you show an ID containing your full name, address, date of birth, and photo. Verifiable credentials support selective disclosure: you prove only the specific claim needed. Using zero-knowledge proofs, a VC can prove “the holder is over 21” without revealing the birthdate, or “the holder has a valid medical license” without revealing the license number.

How It Works

The verifiable credentials ecosystem operates through a standard data model:

Credential issuance: The issuer creates a JSON-LD document containing the claims (e.g., “name”: “Alice”, “degree”: “MS Computer Science”, “institution”: “ETH Zurich”), signs it with their private key (linked to their DID), and delivers it to the holder.
Credential storage: The holder stores the credential in a digital identity wallet—a client-side application that manages credentials locally on the user’s device. No central credential database is required.
Verifiable Presentation: When a verifier requests proof, the holder creates a Verifiable Presentation—a wrapper around one or more credentials, signed by the holder’s own DID. The presentation can include full credentials or selective disclosures.
Verification: The verifier checks the issuer’s signature (resolving the issuer’s DID to obtain their public key), confirms the credential has not been revoked (via a status registry or revocation list), and validates the holder’s signature on the presentation.
Revocation: Issuers can revoke credentials by updating a public revocation registry. Verifiers check this registry during verification. Modern revocation methods (like StatusList2021) use bitstring compression to support millions of credentials with minimal storage.

The entire flow is decentralized. The holder controls which credentials to present, to whom, and with what level of disclosure. The issuer does not learn when or where the credential is used. The verifier does not need to contact the issuer.

Stealth Cloud Relevance

Verifiable credentials align directly with Stealth Cloud’s zero-identity authentication model. Today, Ghost Chat uses Sign-In with Ethereum to authenticate users by wallet signature. This proves control of a wallet address—but a wallet address alone carries no attributes. It is an identity with zero claims attached.

Verifiable credentials add the attribute layer without adding the identity exposure. A user could present a VC proving they hold a paid subscription (issued by a payment processor) without revealing their payment details. They could prove they are located in a GDPR-compliant jurisdiction without revealing their country. They could prove they are an authorized member of an enterprise team without revealing their name or role.

This is the infrastructure that enables Stealth Cloud’s future access control model: role-based, claim-based, and attribute-based authorization—all verified cryptographically, all without identity disclosure. The user proves what they are without proving who they are. Combined with PII stripping and end-to-end encryption, verifiable credentials complete the picture: anonymous authentication, anonymous data, anonymous infrastructure.

The Stealth Cloud Perspective

Verifiable credentials are the mechanism that separates proof from exposure—demonstrating what matters without revealing what does not. Stealth Cloud intends to build a world where you access services based on verifiable claims, not surrendered secrets.