zkRevoke: Configurable Untraceability for Verifiable Credentials using ZKPs

Authors: Praveensankar Manimaran (University of Oslo, Norway), Mayank Raikwar (University of Oslo, Norway), Thiago Garrett (University of Oslo, Norway), Arlindo F. da Conceição (Federal University of São Paulo, Brazil), Leander Jehl (University of Stavanger, Norway), Roman Vitenberg (University of Oslo, Norway)

Volume: 2026
Issue: 3
Pages: 360–377
DOI: https://doi.org/10.56553/popets-2026-0086

Download PDF

Abstract: Systems managing Verifiable Credentials are becoming increasingly popular. Unfortunately, their support for revoking previously issued credentials allows verifiers to effectively monitor the validity of the credentials, which is sensitive information. While the issue started to gain recognition, no adequate solution has been proposed so far. In this work, we propose a novel framework for time-limited continuous verification. The holder is able to individually configure the verification period when sharing information with the verifier, and the system guarantees proven untraceability of the revocation status after the verification period expires. Differently from existing systems, the implementation adopts a more scalable blacklist approach where tokens corresponding to revoked credentials are stored in the registry. The approach employs ZK proofs that allow holders to prove non-membership in the blacklist. In addition to theoretically proving security, we evaluate the approach analytically and experimentally and show that it significantly improves bandwidth consumption on the holder while being on par with state-of-the-art solutions with respect to the other performance metrics.

Keywords: Verifiable Credential, Revocation, Privacy

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.