PSDP Talk to us
Talk to us
Privacy-preserving credential rail · EU digital identity

Prove age_over_18. Reveal nothing else. Stay auditable.

PSDP is a reference implementation of privacy-preserving selective disclosure for the EU Digital Identity Wallet: a holder proves a predicate such as age_over_18; the relying party gets the answer — not a name, date of birth, or document. Receipts, not claims: every number on this site resolves to a claims ledger with source artifacts, surfaced on the evidence page.

Run the live demo → Talk to us
Receipts

Numbers with artifacts

Self-run, reproducible results. Each figure footnotes to the evidence page, where its source artifact and run date are listed.

319/332 OIDF conformance test modules passed, 0 failed (11 warnings, 2 skipped) Tested against the official OpenID Foundation conformance suite (local run, reproducible), across OID4VCI, OID4VP and OpenID Federation test plans — not an OpenID Foundation certification. See evidence →
22 Credential types issued and stored against the walt.id wallet stack 43 issuer configurations, SD-JWT VC and ISO mdoc formats, end to end over live OID4VCI. See evidence →
15/33 Protocol theorems discharged, machine-checked 33 theorems tracked: 15 discharged, 18 partial. We publish the split — partial means exactly that. Theorem status →
How it works

One rail: wallet in, predicate out

A holder proves a predicate — age_over_18 — from a standards-based credential (OID4VCI / OID4VP, SD-JWT VC, ISO mdoc). The relying party gets the answer, an audit receipt, and a per-relying-party nullifier instead of an identity.

The wallet holds the credential and sends a predicate proof; the verifier learns only true or false plus a receipt Wallet holds full credential proof Predicate proof age_over_18 — nothing else verify Verifier boolean + receipt
The verifier checks the proof; the credential never leaves the wallet.

1 · Hold

A credential is issued into the holder’s wallet over OID4VCI, as SD-JWT VC or ISO mdoc — the same formats we have issued and stored end-to-end against the walt.id wallet stack.

2 · Prove

The wallet answers a verifier’s OID4VP request with a selective-disclosure predicate proof: the claim that matters, not the document behind it.

3 · Verify

The verifier checks the proof and receives a boolean, an audit receipt, and a per-relying-party nullifier — designed and machine-checked for unlinkability properties, with the discharged/partial split published.

Data minimisation Designed for unlinkability Auditability

Start here

Two ways to start

Product

Age verification without identity

Confirm age_over_18 without collecting a date of birth, name, or document. Identifier-hiding and nullifier-unlinkability theorems are discharged in the formal model; verifier-view unlinkability remains partial — and we say so.

See how it works →
 Services

De-risk your conformance

We drive the official OpenID Foundation conformance suite against your issuer, verifier, or wallet before you pay a certification body — the same suite we run on our own stack (local run, reproducible).

See the services →
The claims gate

The honesty is the product

Every factual statement on this site resolves to a claims ledger with source artifacts — and the register of what we refuse to claim is published next to it.

What we prove

  • Tested against the official OpenID Foundation conformance suite (local run, reproducible): 319 of 332 test modules passed, 0 failed (11 warnings, 2 skipped). Self-run evidence — not an OpenID Foundation certification.
  • Protocol model machine-checked in the Tamarin prover (Dolev-Yao adversary): 36 lemmas verified — 32 trace properties + 4 observational-equivalence proofs.
  • Austria’s vck library (A-SIT — the engine behind the ID-Austria Valera wallet) presented an SD-JWT PID to the PSDP verifier over OID4VP 1.0 Final; PSDP verified the issuer signature and the Key-Binding JWT and accepted (2026-06-08, reproducible harness).
  • Hybrid post-quantum key establishment (X25519 + ML-KEM-768) and hybrid issuer signatures (ES256/EdDSA + ML-DSA-65, FIPS 204) are implemented in the reference stack. The zero-knowledge layer is classical Groth16/BN254.

What we never claim

  • A published OpenID Foundation certification. We are not listed on openid.net/certification; every result here is a self-run of the official suite.
  • eIDAS legal status. PKI and trust-list work is interop evidence — not legal recognition, not a qualified or notified status.
  • Post-quantum zero knowledge. The live ZK layer is classical Groth16/BN254; a transparent PQ-STARK backend is on the roadmap — not yet live, not yet formally sound.
  • “Production-ready.” PSDP is a reference implementation; production hardening is in progress.
  • Any number that does not resolve to a dated, reproducible artifact.

Full register — including the claims we refuse to make — on the evidence page →

Live demos · no signup

Don’t take our word for it. Click it.

A running reference deployment: issue a credential, present an age predicate, and inspect the receipt yourself. Demo paths are labeled as demos — and in production mode (PSDP_PRODUCTION=1) the verifier refuses mock proofs outright.

Open the demos →
Contact

Start with a 30-minute gap scan

Engineering to engineering — bring your deployment or your roadmap, leave with a concrete read on where you stand.

Contact →