BBS deriveProof modifies credentialSubject of the src document

[anvabr]

Problem description

Please see the test code here.

It appears that BBS deriveProof changes credentialSubject in the vc-document substituting the source field for their @id from context? The output VC looks like this:

{
    "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://w3id.org/security/suites/bls12381-2020/v1"
    ],
    "id": "urn:uuid:d07a261f-1959-44d8-a73f-ad1a743e7794",
    "type": "VerifiableCredential",
    "credentialSubject": {
        "id": "urn:uuid:b68f27f5-e75c-465a-b494-0e049bc91207",
        "type": "https://w3id.org/traceability/#undefinedTerm#c6f68dcd-d02d-4eb4-8787-66a57a4ce00f",
        "https://www.schema.org/text": [
            {
                "type": "http://www.w3.org/2001/XMLSchema#integer",
                "@value": "1"
            },
            {
                "type": "http://www.w3.org/2001/XMLSchema#integer",
                "@value": "2"
            }
        ]
    },
    "issuanceDate": "2023-01-19T10:06:19.367Z",
    "issuer": "did:hedera:testnet:Gc5Vs4eQ8EvdPodjTz64AqoSX2JQcCsgvDntTgrsgZ1f_0.0.49251262",
    "proof": {
        "type": "BbsBlsSignatureProof2020",
        "created": "2023-01-19T10:46:38Z",
        "nonce": "CO+Z6dO6bYpLBArWrli947ZOOpk5O1SZAuFf4CI/nv/MHyIgaw1lc+JUFuEYxUAWzX8=",
        "proofPurpose": "assertionMethod",
        "proofValue": "AAsH/4rrQwwJ4hII9sxhi/kp4KfXQVVuwYdaQZCh4tziAvuleFvku5IZ/6DzZmeakkwT+KKIRFjzE690vMElUVwAQZKZelHvAXp2Yvp4iNeyX6zpPHCJD/GZ92hq+GwsgdmPwoxZFKngoqEei2LFy934r5/MYawp8oTiC/Gxtb1hymnXd0BxuSPazxTibVtDqkcovwAAAHS2Y8MKpnPWNZOpBca+kgnpoYQxx3Yg/W7lV5rSIs6bZT4DX0W9Tm6GiyQnY8TkLQ8AAAACU69uqyKvHb+Vbc1l/nMetJoQvmjR0FSvLRmJ4NeYLlNSKFCmGsaeFKwJnuiapLD+4UKv5IwFiekJ0r0vHNXYmJDagO0gazyXHcKCmzIcSmEEobu+fiWuiAIxlMpy8KXj+ZZ8GwHioRGxh/UgHX/5+QAAAAJWZ3wSliUMiJYQXnsG6IdsGeUubn2mHADTIVeNxYQMwjTRO6cs2Y/CYhZaXhbl3x2ThmiAu8VMrxplw9Ja/86c",
        "verificationMethod": "did:hedera:testnet:Gc5Vs4eQ8EvdPodjTz64AqoSX2JQcCsgvDntTgrsgZ1f_0.0.49251262#did-root-key1"
    }
}

Steps

Please see the test here

[tplooker]

Hi, i'm struggling to follow this test case, it appears the input document you have signed is malformed e.g some of the terms in the document are undefined (no term expansion possible) and there is a @context entry inside the credentialSubject?. The link to the steps appear to just reference this repo also?

[anvabr]

The link to the steps appear to just reference this repo also?

Apologies for this @tplooker, now corrected. There is an end-to-end runnable testcase in this repo that demonstrates the issue. For context, the original set of issues we raised with the transmute libraries team are here:

• IMPORTANT: Tampered with VC documents still pass validation transmute-industries/verifiable-data#229
• IMPORTANT: BBS signatures don't work transmute-industries/verifiable-data#230
• derivedProofs on BBS signatures don't work transmute-industries/verifiable-data#231

The test demonstrating these are here. As a point of interest, please see in the comment in the 230 by @ipbyrne referring to w3c/vc-di-bbs#62 and stating they are planning to deprecate support for BBS.

there is a @context entry inside the credentialSubject

We have tried various options here, moving context from the credentialSubject in to the VC context resolved the problem with name mapping, but the collision of names still seems to occur because of their '@id' in the '@context'

[tplooker]

@anvabr, looking at your test cases, the field you are checking for in the credentialSubject field1 is not defined in the context for the document OR the reveal document which is why it is not deriving the proof correctly or setting this fields value to NULL.

[anvabr]

@tplooker thank you for your comments, we are experimenting with the formatting and may have found a work around.