Revocation Using Nonce excels at scalability and privacy by making status checks a simple, stateless operation. Each credential is issued with a unique, sequential nonce, and a holder proves validity by revealing the latest one. This approach, used by protocols like Iden3 and Sismo, avoids on-chain lookups, resulting in near-instant verification and zero gas fees for the verifier. For example, a system issuing 10,000 credentials can manage revocation with a single on-chain transaction to update a counter, making it ideal for high-throughput applications.
LABS
Comparisons
Revocation Using Nonce vs Revocation Using Blocklist
A technical comparison of two primary credential revocation strategies, analyzing trade-offs in state management, privacy, and operational overhead for decentralized identity systems like Verifiable Credentials and Soulbound Tokens.
Chainscore © 2026
introduction
THE ANALYSIS
Introduction: The Core Problem of Revocation in Decentralized Identity
A technical breakdown of the two dominant paradigms for managing credential status in decentralized identity systems.
Revocation Using Blocklist takes a different approach by maintaining an on-chain registry (like a smart contract or a verifiable data registry) of revoked credential identifiers. This strategy, central to W3C Verifiable Credentials and implementations like Veramo, provides strong, real-time guarantees and global consistency. However, this results in the trade-off of requiring an on-chain read (and potentially a write) for every verification, incurring gas costs and introducing latency dependent on the underlying chain's performance, such as Ethereum's ~12-second block time.
The key trade-off: If your priority is low-cost, high-volume verification with user privacy (e.g., token-gated websites, frequent attestations), choose the Nonce-based approach. If you prioritize absolute, tamper-evident revocation guarantees and regulatory compliance (e.g., KYC credentials, high-value licenses) where the cost of an on-chain check is acceptable, choose the Blocklist method.
tldr-summary
Revocation Methods Compared
TL;DR: Key Differentiators at a Glance
A high-level comparison of two primary credential revocation paradigms, highlighting their architectural trade-offs and ideal use cases.
01
Nonce-Based Revocation
Pro: Stateless & Scalable
- No global registry to maintain or query.
- Gas costs are predictable and low, as only the issuer updates a single on-chain nonce.
- Ideal for high-volume, low-latency scenarios like event tickets or session keys where checking a centralized list is a bottleneck.
02
Nonce-Based Revocation
Con: Issuer-Dependent & Coarse
- Requires trust in the issuer's endpoint to provide the current valid nonce.
- Revocation is all-or-nothing; you cannot revoke a single credential without invalidating all others in the same batch (shared nonce).
- Poor fit for credentials requiring individual, granular revocation like employee badges or compromised wallet attestations.
03
Blocklist-Based Revocation
Pro: Granular & Verifiable
- Enables per-credential revocation by adding its unique identifier (e.g., credential hash) to an on-chain registry.
- State is decentralized and independently verifiable by any verifier without contacting the issuer.
- Ideal for high-value, long-lived credentials like KYC attestations or professional licenses where selective revocation is critical.
04
Blocklist-Based Revocation
Con: Stateful & Costly
- Requires on-chain storage and updates, leading to higher and less predictable gas fees for the issuer.
- Verifier overhead increases with list size, requiring efficient data structures (like Merkle trees in Ethereum Attestation Service or Verax) to manage cost.
- Poor fit for mass-market applications where minimizing verifier cost and complexity is the top priority.
REVOCATION MECHANISMS
Head-to-Head Feature Comparison
Direct comparison of on-chain credential revocation strategies for decentralized identity (DID) and Verifiable Credentials (VCs).
| Metric / Feature | Revocation Using Nonce | Revocation Using Blocklist |
|---|---|---|
On-Chain Gas Cost (per update) | < $0.01 | $0.50 - $5.00 |
Revocation Check Complexity | O(1) - Check nonce | O(n) - Check list membership |
Privacy Leakage | None - Only nonce revealed | High - Revoked IDs are public |
Requires Centralized List Manager | ||
Supports Selective Disclosure | ||
Ideal Use Case | High-frequency, privacy-first credentials | Regulatory compliance, known bad actors |
EIP Standard Reference | EIP-5539 (Revocation Registry) | ERC-780 (Claim Registry patterns) |
pros-cons-a
TECHNICAL COMPARISON
Revocation Using Nonce vs. Blocklist
Key architectural trade-offs for managing credential revocation in decentralized identity systems like Verifiable Credentials (VCs) and W3C DID standards.
01
Nonce: On-Chain Simplicity
Stateless revocation: Each credential is bound to a unique, incrementing nonce. Revocation is a simple on-chain transaction updating the nonce (e.g., in a smart contract registry). This eliminates the need to store and query a persistent list. Ideal for high-throughput, cost-sensitive environments like Ethereum L2s (Optimism, Arbitrum) where storage is expensive.
02
Nonce: Predictable Gas Costs
Fixed-cost operations: The gas fee for issuing or revoking is constant and predictable, as it's a single state update. No scaling cost with the total number of revoked credentials. Critical for protocols like Polygon zkEVM or Base that prioritize stable transaction fees for mass adoption of attestations.
03
Blocklist: Immediate, Granular Control
Real-time revocation: Adding a credential's unique identifier (e.g., credential hash) to an on-chain or off-chain list provides instant, per-credential revocation. Essential for high-security, compliance-driven use cases like KYC/AML credentials (Circle's Verite) or asset tokenization where a specific credential must be invalidated immediately.
04
Blocklist: Privacy-Preserving Verification
Selective disclosure: Using zero-knowledge proofs (ZKPs), a verifier can check a credential against a blocklist without revealing the credential's ID. Supported by frameworks like zkSNARKs (Circom) or zk-STARKs. Best for identity protocols (iden3, Sismo) requiring user privacy during revocation checks.
05
Nonce: Weakness - State Synchronization
Global state dependency: All verifiers must query the latest nonce from the authoritative source (e.g., a specific smart contract). This creates a central point of failure and requires reliable RPC connections to networks like Ethereum Mainnet or Solana. Problematic for offline or intermittently connected verification scenarios.
06
Blocklist: Weakness - Scaling & Cost
Linear cost growth: The gas cost and storage burden of maintaining the list scales with the number of revoked items. On Ethereum Mainnet, this can become prohibitively expensive. Challenging for large-scale credential systems (e.g., event ticketing for 1M+ users) where revocation events are frequent.
pros-cons-b
A Technical Comparison
Revocation Using Blocklist: Pros and Cons
Evaluating the trade-offs between Nonce-based and Blocklist-based credential revocation for on-chain verifiable credentials (VCs).
01
Blocklist: Real-Time Revocation
Immediate Invalidation: A credential is revoked the moment its identifier (e.g., DID) is added to the on-chain blocklist. This is critical for high-security, time-sensitive applications like KYC/AML checks or physical access control where a compromised credential must be invalidated instantly.
~0 sec
Revocation Latency
02
Blocklist: Verifier Simplicity
Simplified Verification Logic: Verifiers only need to check a single, current on-chain state ("is this ID on the list?"). This avoids complex logic to track and validate nonce sequences, reducing gas costs and smart contract complexity for protocols like Ethereum Attestation Service (EAS) or Verax.
1 SLOAD
Typical On-Chain Check
03
Nonce: Privacy-Preserving
No Public Correlation: Revocation is checked via a hidden, incremented nonce. Verifiers see only a zero-knowledge proof of validity, not the credential's unique identifier. This is essential for privacy-first applications using zk-proofs (e.g., Sismo, World ID) where user activity must remain unlinkable.
0
Public Identifier Exposure
04
Nonce: Scalable State Management
Bounded On-Chain State: Only a single nonce value per issuer/credential schema is stored on-chain, regardless of how many credentials are issued. This provides massive scalability advantages for issuers like universities or DAOs deploying millions of credentials, avoiding the unbounded growth of a blocklist.
O(1) Growth
State Complexity
05
Blocklist: Costly & State-Heavy
Unbounded Gas Costs & Storage: Adding entries incurs recurring write costs. Large blocklists become expensive to maintain and query. On networks like Ethereum Mainnet, this can be prohibitive for large-scale credential programs, creating a scaling bottleneck.
O(n) Growth
State & Cost
06
Nonce: Delayed Revocation Window
Inherent Latency: A credential remains valid until its next attestation uses the incremented nonce. This creates a revocation window where a compromised credential could still be used. Unsuitable for scenarios requiring guaranteed, instantaneous revocation.
> 0 sec
Revocation Latency
CHOOSE YOUR PRIORITY
When to Choose Nonce vs Blocklist: Decision by Use Case
Nonce for DeFi
Verdict: The standard for high-value, stateful operations. Strengths: Atomic composability is critical. A transaction with a nonce ensures a specific order of execution, preventing front-running and ensuring complex multi-step interactions (e.g., flash loans via Aave, swaps on Uniswap, and collateral deposits in a single bundle) succeed or fail together. It's the bedrock of Ethereum's account model and is natively supported by wallets like MetaMask and libraries like ethers.js and web3.js. Weaknesses: Requires state management (tracking the next nonce) and can lead to stuck transactions if a prior nonce is not mined.
Blocklist for DeFi
Verdict: Ideal for permissioned components and rapid response to threats.
Strengths: Immediate, global revocation. If a malicious smart contract (e.g., a compromised Curve pool) or a stolen private key is identified, adding it to an on-chain blocklist (like a OpenZeppelin Blacklist role) instantly prevents all future interactions, protecting user funds. Useful for admin-controlled tokens or pausing specific protocol functions.
Weaknesses: Breaks composability, as any transaction involving the blocked address will revert. Adds centralization risk and gas overhead for list management.
REVOCATION MECHANISMS
Technical Deep Dive: Implementation and Standards
A critical comparison of the two primary methods for invalidating Verifiable Credentials: Nonce-based and Blocklist-based revocation. This analysis covers their technical implementations, trade-offs, and suitability for different decentralized identity ecosystems.
The core difference is the mechanism for signaling revocation status. Nonce-based revocation uses a unique, incrementing number (nonce) that must be updated to prove a credential is fresh and unrevoked. Blocklist-based revocation publishes a list of revoked credential identifiers (like the credentialStatus.id) to a public registry, such as a smart contract or an on-chain registry like Ethereum Attestation Service (EAS). The verifier checks if the credential's ID is on this list.
verdict
THE ANALYSIS
Final Verdict and Decision Framework
Choosing between nonce-based and blocklist-based revocation requires a clear understanding of your application's security model and performance demands.
Nonce-based revocation excels at providing a lightweight, scalable, and privacy-preserving mechanism because it leverages a simple, incrementing counter on-chain. For example, in token-gating scenarios using standards like EIP-712 or SIWE, a user's action is invalidated by incrementing a single nonce, a transaction costing minimal gas and requiring no persistent on-chain storage of user data. This approach is ideal for high-throughput applications like gaming or social platforms where user actions are frequent and privacy is valued.
Blocklist-based revocation takes a different approach by maintaining an on-chain registry (e.g., a Merkle tree root or a mapping) of revoked credentials. This results in stronger, immediate, and centralized control—a smart contract can instantly check a user's status against the current list. The trade-off is higher operational overhead: updating a Merkle root for a list of 10,000 entries can cost significant gas, and the system must manage the privacy implications of exposing revocation status on-chain.
The key trade-off: If your priority is scalability, low cost, and user privacy for a high-volume application, choose nonce-based revocation. It's the standard for session management in wallets like MetaMask. If you prioritize immediate, authoritative control and auditability for compliance-heavy use cases like KYC credentials or enterprise access, choose blocklist-based revocation, as seen in implementations like the Iden3 protocol. Your choice fundamentally dictates whether you optimize for user experience or administrative control.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall