Selective Disclosure: Selective Attribute Disclosure

EUDI Wallet feature allowing users to share only specific attributes (like age or nationality) without revealing full identity document. For example, proving you are over 18 without showing your birthdate or full ID.

Selective disclosure is not simply hiding fields from a form. It is a cryptographic mechanism that allows a user to prove specific claims from a signed credential without revealing the other claims, while still allowing the verifier to confirm that the disclosed claims are authentic and have not been tampered with.

The process works in three phases. During credential issuance, the issuer (for example, the PID Provider) creates a credential containing multiple claims (name, date of birth, address, nationality, etc.). Instead of signing a single monolithic document, the issuer structures the credential so that individual claims can be independently disclosed. In the SD-JWT format used by the EUDI Wallet, each disclosable claim is hashed and the hash is included in the signed JWT payload, while the actual claim values are stored as separate "disclosures" outside the signed portion.

During credential presentation, the wallet user decides which claims to reveal. The wallet creates a presentation containing the signed JWT (with all the hashes), plus only the disclosures for the claims the user wants to share. Claims the user wants to keep private are simply omitted: their disclosures are not included in the presentation.

During verification, the relying party receives the presentation. It verifies the issuer's signature on the JWT, confirming the credential is authentic. For each disclosed claim, it computes the hash and checks that it matches the corresponding hash in the signed JWT. This proves that the disclosed claim is exactly what the issuer originally included in the credential, with no modifications. The hashes of undisclosed claims remain in the JWT, but without the corresponding disclosures, the verifier cannot determine what those hidden claims contain.

SD-JWT (Selective Disclosure JSON Web Token) is the specific implementation of selective disclosure chosen by the Architecture Reference Framework (ARF) for the EUDI Wallet's primary credential format. Understanding its structure helps explain why it is both secure and practical.

An SD-JWT credential consists of three parts. The issuer-signed JWT contains the credential metadata (issuer, subject, issuance date, expiry) and a set of hash digests (_sd array) representing the disclosable claims. The hashes use SHA-256 with random salt values to prevent brute-force guessing of claim values. The entire JWT is signed by the issuer's private key.

The disclosures are Base64url-encoded JSON arrays, each containing a random salt, the claim name, and the claim value. For example, a disclosure for a date of birth might look like: ["dC1jMGRe...", "birthdate", "1990-05-15"]. The salt ensures that even if two people have the same date of birth, their disclosures produce different hashes, preventing correlation attacks.

The key binding JWT (optional but required in the EUDI Wallet) is a separate JWT signed by the holder's private key, proving that the person presenting the credential actually possesses the corresponding private key stored in the wallet's secure hardware. This prevents credential replay, where someone intercepts a presentation and tries to use it elsewhere.

Selective disclosure becomes most meaningful when you consider real-world scenarios where sharing full identity data is unnecessary and potentially harmful.

Age verification at a bar or online shop: A citizen wants to prove they are over 18 to buy alcohol. With a physical ID card, they must show their full name, exact date of birth, address, photo, and ID number. With the EUDI Wallet, they share only the derived attribute "age_over_18: true." The bartender or online shop gets cryptographic proof that a government-issued PID confirms the person is over 18, without learning anything else about them. No name, no address, no exact birthday.

Renting a car abroad: A citizen wants to rent a car in Spain using their EUDI Wallet. The car rental company needs to verify their driving licence (to confirm they can drive the requested vehicle category) and their name (for the rental agreement). Using selective disclosure, the citizen shares their name and driving licence categories from their mobile driving licence credential, but does not reveal their home address, date of birth, or licence number. The rental company gets exactly the information it needs and nothing more.

Accessing age-restricted online content: A website requires age verification to comply with regulations. Instead of the user uploading a photo of their ID (which exposes all personal data and creates a copy the website might misuse or lose in a data breach), the user shares only the "age_over_18" attribute from their EUDI Wallet. The website never sees the user's name, and the PID Provider (government) never learns which website the user is visiting.

Opening a bank account: For KYC purposes, a bank needs the citizen's full name, date of birth, nationality, and address. The citizen shares these specific PID attributes but does not share their government ID number (unless required by national law) or their photo. The bank gets exactly the data required for regulatory compliance.

Selective disclosure is the technical implementation of a broader principle: privacy by design. This concept, originally developed by Ann Cavoukian and now enshrined in GDPR Article 25, requires that data protection be built into systems from the outset, not bolted on as an afterthought.

In the context of the EUDI Wallet, privacy by design manifests in several interconnected principles. Data minimization means that only the minimum amount of personal data necessary for a specific purpose should be collected. Selective disclosure is the mechanism that makes this technically enforceable. Purpose limitation means data should only be used for the purpose it was collected for. The wallet's consent mechanism, where users see exactly why data is being requested, supports this principle. User control means the individual should be in control of their own data. The wallet places the user at the center, requiring their explicit consent for every data sharing event.

The eIDAS 2.0 regulation makes selective disclosure a legal requirement, not just a nice-to-have feature. Article 5a requires that the wallet enable users to "selectively disclose" their attributes. This means any wallet implementation that does not support selective disclosure cannot be certified and cannot be offered to citizens. It is a non-negotiable requirement.

To appreciate selective disclosure, it helps to understand what happens without it, as is the case with most current digital identity systems.

Full presentation (current approach): When you show your physical ID card or passport, or when you upload a scan of your ID for online verification, you share everything on the document: full name, date of birth, place of birth, address, photo, document number, machine-readable zone data, and often security features that contain encoded personal data. The receiving party gets far more information than they actually need for the transaction at hand.

Selective presentation (EUDI Wallet approach): With selective disclosure, the receiving party gets only the specific attributes relevant to the transaction. The cryptographic proof guarantees that these attributes are authentic (signed by the issuer) and current (not expired or revoked), providing the same level of trust as seeing the full document, but without the privacy cost.

The difference is profound. In the full presentation model, every identity verification creates a complete copy of your personal data at the receiving party, any of which could be leaked in a data breach. In the selective disclosure model, the receiving party holds only the minimum data they need, significantly reducing the impact of any potential data breach and limiting the ability to profile individuals across multiple services.

Selective disclosure as implemented in SD-JWT represents a practical balance between privacy and implementation complexity. However, the broader cryptographic environment offers even more powerful privacy-preserving techniques.

Zero-knowledge proofs (ZKPs): ZKPs allow a prover to demonstrate that a statement is true without revealing any information beyond the truth of the statement itself. In the identity context, a ZKP could prove "this person is over 18" without revealing even that the proof comes from a specific credential or a specific issuer. This provides stronger unlinkability than SD-JWT, where the verifier still sees the issuer's signature and can potentially correlate presentations.

BBS+ signatures: BBS+ is a cryptographic signature scheme that natively supports both selective disclosure and unlinkable presentations. With BBS+ signatures, a holder can derive a proof from a signed credential that reveals only selected attributes, and different proofs derived from the same credential are cryptographically unlinkable. This is considered by many researchers to be the ideal solution for privacy-preserving digital identity.

The current EUDI Wallet ARF does not mandate ZKPs or BBS+ signatures, primarily because these technologies are still maturing and lack the widespread implementation and standardization of JWT-based approaches. However, the ARF architecture is designed to accommodate additional credential formats in the future, and there is active research and standardization work (particularly at IETF and W3C) on integrating these advanced privacy techniques. Future versions of the EUDI Wallet may adopt ZKP-based credentials as the technology matures.

• •Prove age over 18 without showing birthdate
• •Prove nationality without showing address
• •Prove driving licence category without revealing licence number
• •Prove university degree without revealing grades or student ID