SD-JWT

SD-JWT (Selective Disclosure for JWTs) is the IETF specification that retrofits privacy onto the ubiquitous JSON Web Token. Standard JWTs are all-or-nothing: present the token and every claim inside it is visible. SD-JWT changes that by letting the issuer mark individual claims as selectively disclosable, so the holder later chooses which ones to reveal to each verifier — without breaking the issuer's signature.

The salted-hash mechanism

For each disclosable claim, the issuer does not embed the cleartext. Instead it creates a Disclosure — a base64url-encoded JSON array containing a random salt, the claim name, and the claim value — and places only a digest of that Disclosure into the signed payload. The holder receives the JWT plus the full set of Disclosures. At presentation time the holder forwards only the Disclosures they wish to reveal; the verifier hashes each one and matches it against the digests in the signed token. The salt ensures the hash function is second-preimage resistant, and implementations must support SHA-256.

Why it matters

SD-JWT is deliberately lightweight — it reuses existing JOSE/JWT tooling rather than demanding exotic cryptography, which is why the EU's eIDAS 2 and EUDI Wallet efforts adopted SD-JWT VCs alongside ISO mdoc. The trade-off versus zero-knowledge approaches is linkability: because the same Disclosure values are reused across presentations, repeated showings of one credential can be correlated, where schemes like BBS+ avoid that.

SD-JWT is one concrete implementation of selective disclosure and a common payload inside a verifiable presentation.