What is selective disclosure?

Short answer. Selective disclosure is a cryptographic technique that lets a credential holder reveal exactly the attributes a verifier needs, with cryptographic proof of authenticity, while keeping every other attribute private. A driver's license that proves you are over 21 without revealing your address or birth date is the canonical example.

The mechanism

The credential issuer signs a vector of attributes — for example, all the fields on an ID card. The holder later presents a derived signature that proves possession of the credential and reveals the selected attributes. The verifier cryptographically confirms that the issuer's signature was valid and that the disclosed attributes are accurate, without learning the values of the unselected ones.

Two common implementations

BBS+ signatures. A signature scheme designed for selective disclosure natively. Fast, well-supported, the default for W3C verifiable-credential implementations. SD-JWT. A JWT-based approach using salted hashes for each attribute; the holder reveals the salt-and-value for selected attributes, the verifier checks the hash. Less elegant than BBS+, simpler to deploy.

Predicate proofs (a relative)

A more powerful technique closely related to selective disclosure: instead of revealing an attribute, prove a predicate over it. "I am over 21" without revealing the birth date. "My salary is in the 70th percentile" without revealing the salary. Predicate proofs are typically built with zk-SNARKs or specialized range proofs.

Why this matters now

regulations (GDPR's data-minimization principle, the EU AI Act's purpose-limitation requirements, India's DPDPA consent rules) all push toward "reveal only what is necessary." Selective disclosure is the cryptographic mechanism that makes data minimization enforceable rather than aspirational.

Where Manav uses it

Every credential the user holds is presentable selectively. A hiring manager learns "Trust Score above 700" not the score. A regulator learns "agent acted under a verified human in EU" not the human. A healthcare provider learns "verified clinician" not the clinician's name. The protocol exposes both BBS+ and SNARK-based predicate proofs through the SDK.

Common objections

The two objections we hear most: (1) this is just OAuth re-skinned, and (2) we'll wait for the standard. On the first: OAuth scoped delegations between services; this layer scopes delegations from a verified human to an agent — different actor, different audit-trail shape. On the second: the standard is being shaped by the relying parties who integrate first. Waiting is a position.

Frequently asked questions

Is the answer the same for an enterprise and an individual? The shape is the same — a signed delegation, a verifier, an audit log — but the magnitude caps and approval flows differ. Enterprises layer multi-signature for high-stakes actions; individuals usually run with a single device-bound key. Both end up with the same regulator-grade chain.

What if the agent acts before I notice? That is what magnitude caps and time-to-live exist for. A correctly scoped delegation will refuse the action at the relying party before the human's attention is required. Revocation under 200 ms catches the residual cases.

How does this compose with what we already run? It sits next to existing IAM (Okta, Auth0, Entra), not over it. Login is still the IdP's job. Manav signs the human's delegation to the agent, which the relying party verifies in addition to the IdP session. Two layers, one audit trail, no rip-and-replace.

Where to start

Start with zk selective disclosure for the broader category map. Then read ssi without crypto headache for the implementation pattern. The two together compress a week of reading into thirty minutes; everything else on the site is depth on a specific layer.

Why selective disclosure scales where redaction does not

Redaction destroys information; selective disclosure transforms it. A redacted passport leaks edges — the redactor saw the value, the verifier saw a black bar, and a future leak of the unredacted file walks the entire chain back. A selective-disclosure proof never reveals the value at all. The verifier learns only the predicate that mattered: over 21, citizen of, employed at. The substrate that proves the predicate is mathematically incapable of leaking the underlying claim, which is why insurance underwriters and antitrust regulators are quietly converging on the technique. The cost is engineering complexity. The reward is that the same credential survives ten thousand verifications without ever leaking the data behind it. This is why every long-lived identity protocol — from passports to W-2s — will eventually be re-issued in selective-disclosure form.

Where to read more

For the cryptographic primitives, the BBS+ paper is the canonical reference; for the regulatory framing, the eIDAS 2 selective-disclosure provisions are the clearest current text; for the deployment shape, our developer documentation walks through a working integration in approximately three hundred lines. Selective disclosure is not a research artifact awaiting deployment. It is a deployment pattern with research foundations, and the gap between the two has effectively closed.

Disclose precisely. Anything more is a leak; anything less is a forgery.