Skip to content

Bitcoin accepted at checkout  |  Ships from Laval, QC, Canada  |  Expert support since 2016

BBS+ Signature

Digital Sovereignty

Definition

BBS+ signature is a multi-message signature scheme prized in decentralized identity because it delivers three strong privacy properties at once: selective disclosure, zero-knowledge proof of knowledge, and unlinkability. An issuer signs an ordered array of messages — the individual claims of a credential, such as name, birthdate, and licence class — with a single constant-size signature. The holder can then derive a fresh proof that reveals only a chosen sub-array of those messages while keeping the rest hidden, and the verifier can still confirm the issuer's signature covers everything. No other widely standardized scheme packages all three properties this cleanly, which is why BBS+ keeps appearing at the core of privacy-preserving credential systems.

How the privacy works

BBS proofs are zero-knowledge proofs of knowledge of a BBS signature. The holder proves to a verifier that they possess a valid issuer signature over the credential without ever showing the signature itself. Because a new, randomized proof is generated for each presentation, two showings of the same credential are not correlatable by the signature value — the unlinkability property that salted-hash schemes like SD-JWT fundamentally lack, since an SD-JWT presents the same issuer signature every time. With BBS+, the only correlation handles left are the claims the holder chooses to reveal. The IETF CFRG is standardizing the BBS signature scheme, and the W3C has published a Data Integrity BBS cryptosuite for use with Verifiable Credentials, so the scheme is moving from research into deployable standards.

What it costs

The privacy is not free. BBS+ relies on pairing-friendly elliptic curves rather than the plain hashing and ECDSA/Schnorr signatures most systems already ship, so verifier tooling is more specialized and the math is heavier than validating a conventional signature. Proof generation is fast enough for interactive use on ordinary hardware, but library support is thinner than for mainstream schemes, and hardware-backed key storage for pairing curves lags behind. Teams choosing between SD-JWT's simplicity and BBS+'s unlinkability are making a real engineering trade, not picking between equivalent options.

Why sovereign users should care

Unlinkability is to identity what address rotation is to Bitcoin: it denies observers a persistent correlation handle. A credential signed with BBS+ can be presented to a hundred different verifiers, each time revealing a different minimal slice, and none of them can collude to rebuild a single tracking profile from the cryptography alone. Compare that to the dominant pattern of logging in with the same email or federated identity everywhere — every presentation identical, every verifier able to join the dots. For someone who runs their own node, holds their own keys, and treats self-custody as the default posture, BBS+ extends the same principle to credentials: prove the minimum, reveal nothing reusable, keep the linking power in your own hands.

Where it fits in the ecosystem

BBS+ is the cryptographic backbone of the most privacy-preserving forms of selective disclosure and is being adopted as a signature option inside AnonCreds v2, the credential format that grew out of the Hyperledger identity stack. The pattern to remember: salted-hash schemes give you selective disclosure alone; BBS+ gives you selective disclosure plus unlinkability, at the cost of newer cryptography. When a credential will be shown repeatedly to parties who might compare notes, that second property is the one that matters.

In Simple Terms

BBS+ signature is a multi-message signature scheme prized in decentralized identity because it delivers three strong privacy properties at once: selective disclosure, zero-knowledge proof of…

Explore the Full Glossary

Browse all Bitcoin mining terms from A to Z. Whether you are a beginner or expert, deepen your understanding of the mining ecosystem.

Mining Glossary

ASIC Miner Database

Compare 500+ miners with real-time profitability data, home mining scores, and detailed specs.

Compare Miners