Selective Disclosure

Selective Disclosure is the data-minimization principle made cryptographic: prove the one fact that is asked for, and nothing else. Instead of handing over an entire credential, a holder discloses only the individual claims a verifier requires — confirming they are over a threshold age, hold a license, or live in a jurisdiction — while the remaining attributes stay concealed but still provably authentic under the issuer's original signature.

How it is achieved

There are two dominant families of technique. Salted-hash schemes like SD-JWT have the issuer replace each disclosable claim with a digest of a salted value; the holder later reveals only the cleartext claims and salts they choose, and the verifier recomputes the digests. Zero-knowledge schemes like BBS+ and AnonCreds go further, letting the holder prove possession of a signature over hidden messages — and even prove predicates such as "older than 18" without revealing the underlying value at all.

Why sovereign users care

Every extra attribute you reveal is a correlation handle someone else can keep. Selective disclosure is the same instinct that drives coin control and address hygiene in Bitcoin: surface area is liability. It directly supports fungibility of identity — two interactions that disclose only minimal, distinct facts are far harder to stitch into a single profile. The strongest schemes also deliver unlinkability, so even repeated presentations of the same credential resist correlation.

Selective disclosure is the engine inside every privacy-preserving verifiable presentation.