Master Thesis Project | ECDSA Zero-Knowledge Credentials in Yivi’s EUDI Wallet

Master Thesis Project | ECDSA Zero‑Knowledge Credentials in Yivi’s EUDI Wallet Join to apply for the

Master Thesis Project | ECDSA Zero‑Knowledge Credentials in Yivi’s EUDI Wallet

role at

Yivi App .

Project Overview Designing and implementing an ECDSA‑based Zero‑Knowledge Credential Architecture for Yivi as an EUDI Wallet.

Context and Motivation Yivi is a privacy‑preserving digital identity platform that has successfully launched production deployments using IRMA/Idemix protocols based on zero‑knowledge proof (ZKP) schemes. With the introduction of the EU Digital Identity (EUDI) Wallet regulation (eIDAS 2.0), Yivi aims to evolve into a compliant EUDI wallet while maintaining its strong privacy guarantees and crypto‑agile architecture.

The EUDI ecosystem increasingly standardises on:

Verifiable Credentials (e.g. W3C VC, SD‑JWT‑VC, ISO 18013‑5 mDL/MDOC)

Presentation and issuance protocols such as OpenID4VCI and OpenID4VP

Selectively disclosure and zero‑knowledge techniques analysed in detail in ETSI TR 119 476, including BBS+, CL signatures and other privacy‑enhancing cryptographic mechanisms.

Yivi wants to leverage these developments while preserving its core privacy values: minimum disclosure, unlinkability, and user‑controlled identity.

Strategic Challenge Today, many credentials in practice are signed using ECDSA keys (for example JWT‑based credentials, SD‑JWT‑VC, mDL/MDOC). At the same time, privacy‑preserving credential systems often rely on different cryptographic primitives (e.g. CL, BBS+ on BLS12‑381).

Yivi faces a strategic challenge:

How to evolve towards an EUDI‑compliant wallet that reuses existing and widely deployed ECDSA key material

Supports zero‑knowledge proofs and selective disclosure

Remains interoperable with OpenID4VCI / OpenID4VP and standard verifiers

And preserves Yivi’s strong privacy guarantees and crypto‑agility.

The ECDSA‑based ZKP Opportunity Recent work such as Google’s Longfellow project (“Anonymous credentials from ECDSA”) and new proposals around BBS# indicate that it is possible to:

Build anonymous credential schemes on top of existing ECDSA‑signed credentials

Provide selective disclosure and unlinkable presentations

Minimise changes to issuer infrastructure

Potentially integrate with standard protocols such as OpenID4VCI and OpenID4VP.

This opens the possibility for Yivi to design a next‑generation ZKP layer that:

Uses ECDSA keys as the fundamental trust anchor

Compares and possibly combines Longfellow‑style constructions with BBS+/BBS#‑based approaches

Is grounded in the requirements and recommendations of ETSI TR 119 476.

Research Objectives Primary Objective Design and prototype an ECDSA‑based zero‑knowledge credential architecture for Yivi that:

Provides selective disclosure and unlinkable presentations based on ECDSA keys

Is aligned with the cryptographic and privacy requirements from ETSI TR 119 476

Supports interoperability with OpenID4VCI and OpenID4VP

Can be integrated into Yivi’s roadmap towards an EUDI‑compliant wallet.

Specific Research Questions

RQ1:

Requirements analysis based on ETSI TR 119 476 – How can the privacy, security and interoperability requirements from ETSI TR 119 476 for selective disclosure and ZKP‑based credentials be translated into concrete requirements for a Yivi ECDSA‑ZKP architecture, in particular regarding:

Unlinkability across presentations

Minimal disclosure and predicate proofs

Revocation and status verification

Crypto‑agility and (future) post‑quantum considerations

RQ2:

ECDSA‑based ZKP design options (Longfellow vs BBS#/BBS+) – What are the design trade‑offs between:

Longfellow / “Anonymous credentials from ECDSA” using existing ECDSA‑signed credentials (JWT / SD‑JWT‑VC / MDOC) as the base

Generating zero‑knowledge proofs over attributes derived from these credentials

BBS+/BBS#‑based credentials anchored in ECDSA trust mapping Yivi (and EUDI) credential structures to BBS+/BBS# signatures

Exploring how ECDSA‑based PKI and BBS#/BBS+-based ZKP can be combined or bridged

RQ3:

Yivi architecture integration – How can an ECDSA‑based ZKP scheme (Longfellow, BBS#, or a hybrid) be integrated into Yivi’s architecture while:

Maintaining backward compatibility with existing IRMA/Idemix credentials where needed

Supporting multiple credential formats (e.g. SD‑JWT‑VC, MDOC, IRMA) within Yivi

Preserving Yivi’s privacy‑first design, including unlinkability and minimal disclosure

Allowing for crypto‑agile evolution as standards mature

RQ4:

Interoperability with OpenID4VCI and OpenID4VP – How can the proposed ECDSA‑ZKP architecture:

Represent credentials and proofs in W3C VC formats (e.g. JWT/SD‑JWT‑VC or Data Integrity profiles)

Be transported using OpenID4VCI for issuance and OpenID4VP for presentations

Interoperate with verifiers that support advanced ZKP‑proof types

Only support “classic” JWT/SD‑JWT verification (graceful degradation / dual‑path designs)

RQ5:

Evaluation and recommendations – To what extent does the proposed architecture:

Meet the ETSI TR 119 476 criteria for privacy‑preserving credentials

Achieve practical performance for mobile wallets and verifiers

Provide a realistic migration path for Yivi towards EUDI‑compliant, ECDSA‑based ZKP credentials?

What recommendations can be made to Yivi for:

Short‑term experimentation (e.g. Longfellow‑style wrapping of existing credentials)

Long‑term architecture choices (e.g. adoption of BBS# or hybrid designs)

Student Profile We are looking for a motivated university‑level student in Computer Science, Cyber Security or a closely related discipline. You have a strong affinity with cryptography, digital identity, and privacy‑preserving technologies, and you are eager to apply academic knowledge to a real‑world, high‑impact use case. You work independently, think analytically, and are comfortable exploring complex technical concepts.

Thesis Benefits

Professional supervision from specialists in cryptography, identity management, and EUDI Wallet technologies

Regular feedback and technical sparring sessions throughout the thesis process

Access to technical documentation, development environments, and research materials relevant to the assignment

A monthly thesis compensation of €500 (based on a 40‑hour commitment; exceptions possible)

Flexible working arrangements, including hybrid work options

Opportunities to publish or present your research within the organization

Real‑world impact: your work may directly contribute to the integration of Yivi as an EUDI Wallet

References Academic

Anonymous credentials from ECDSA: https://eprint.iacr.org/2024/2010

Privacy‑Preserving Credentials – Camenisch et al: https://eprint.iacr.org/2014/468.pdf

ETSI TR 119 476 – Electronic Signatures and Trust Infrastructures: https://www.etsi.org/deliver/etsi_tr/119400_119499/119476/01.02.01_60/tr_119476v010201p.pdf

BBS# and eIDAS 2.0: https://csrc.nist.gov/csrc/media/presentations/2024/wpec2024-3b3/images-media/wpec2024-3b3-slides-antoine-jacques--BBS-sharp-eIDAS2.pdf

Other

What is Yivi: https://docs.yivi.app/what-is-yivi

IRMAGO: https://github.com/privacybydesign/irmago

EUDI Wallet ARF – EU Commission: https://eudi.dev/2.5.0/architecture-and-reference-framework-main/

Contact Primary Contact Person

Dibran Mulder, CTO Caesar Groep & Yivi

+31 (0)6 39 30 61 18

d.mulder@caesar.nl

Address:

Janssoniuslaan 80 3528 AJ Utrecht

Websites:

https://yivi.app

https://caesar.nl

Seniority Level Not Applicable

Employment Type Full-time

Job Function Information Technology

Industries IT Services and IT Consulting

#J-18808-Ljbffr