Verifiable credentials are a digital analogue of physical credentials. Their authenticity and integrity are protected by means of cryptographic techniques, and they can be presented to verifiers to reveal attributes or even predicates about the attributes included in the credential. One way to preserve privacy during presentation consists in selectively disclosing the attributes in a credential. In this paper we present the most widespread cryptographic mechanisms used to enable selective disclosure of attributes identifying two categories: the ones based on hiding commitments - e.g., mdl ISO/IEC 18013-5 - and the ones based on non-interactive zero-knowledge proofs - e.g., BBS signatures. We also include a description of the cryptographic primitives used to design such cryptographic mechanisms. We describe the design of the cryptographic mechanisms and compare them by performing an analysis on their standard maturity in terms of standardization, cryptographic agility and quantum safety, then we compare the features that they support with main focus on the unlinkability of presentations, the ability to create predicate proofs and support for threshold credential issuance. Finally we perform an experimental evaluation based on the Rust open source implementations that we have considered most relevant. In particular we evaluate the size of credentials and presentations built using different cryptographic mechanisms and the time needed to generate and verify them. We also highlight some trade-offs that must be considered in the instantiation of the cryptographic mechanisms.

翻译：可验证凭证是实体凭证的数字模拟。其真实性和完整性通过密码技术得到保护，可向验证者出示以揭示凭证中包含的属性甚至属性断言。在出示过程中保护隐私的一种方法是对凭证中的属性进行选择性披露。本文介绍了实现属性选择性披露的最广泛使用的密码机制，将其分为两类：基于隐藏承诺的机制（例如mdl ISO/IEC 18013-5）和基于非交互式零知识证明的机制（例如BBS签名）。我们还描述了用于设计此类密码机制的密码原语。阐述了密码机制的设计原理，并从标准化程度、密码敏捷性和量子安全性三个维度对标准成熟度进行分析比较；随后重点对比各项机制支持的特性，包括出示信息的不可链接性、断言证明的生成能力以及对阈值凭证签发的支持。最后，我们基于所认为最具相关性的Rust开源实现进行了实验评估。具体评估了使用不同密码机制构建的凭证及出示信息的数据规模、生成与验证所需时间，并指出了实例化密码机制时需权衡的关键因素。