Pre-Readings: Verifiable Secrets

It is important to note that proofs / secrets are just cryptographic signatures. If a malicious party gets the signature, the signature will still be valid. Thus, it is important to protect against replay attacks.

With BitBadges secrets, we aim to leverage our authentication flow (Sign In with BitBadges) to be used in conjunction with proof verification. The authentication flow natively has protective measures against replay attacks, time windows for verification, and more. For a credential / secret to be valid, the holder must present a) proof of the credential AND b) proof of address ownership via Blockin.

πŸ–±οΈpageSign In with BitBadges

Note that secrets are stored by BitBadges. For a user to generate a proof for secrets stored in their account, they have two options.

with BitBadges

If you are implementing Sign In with BitBadges (this is a popup window that redirects the user to BitBadges and passes the important sign-in details back to the site) or Authentication QR codes, you can pass the expectSecretsPresentations variable to the URL query request for your sign-in. This lets the user know that they should attach proofs to their request. You will receive the proofs back in secretsPresentations.

You can also attach the onlyProofs variable to not require any signature from the user (just proofs).


Self-implementations are tricky because a presentation has to be generated by the user, and you (the verifier) cannot do this for them. You really only have a couple options. This is why we recommend utilizing secret presentations in combination with SIWBB.

  1. Users can navigate to their saved secrets and copy/paste the generated proof and provide it manually. Or, they can use

  2. Implement your own solutions. Secrets are just signatures, so you may be able to store / host / verify them yourselves.


With self-implementations, you may also choose to extend presentations with additional logic, such as wrapping a zero-knowledge proof around the presentation of standard signatures (Bitcoin, Eth, Solana, Cosmos) to only selectively disclose what you want to like we do with BBS+.

Last updated