A Link Secret is a private, cryptographically generated piece of data, such as a large random number, that acts as a holder's personal key to a set of verifiable credentials. It is the critical binding element that proves a credential belongs to a specific holder without revealing their identity. The holder never discloses the link secret itself; instead, they use it to generate zero-knowledge proofs that demonstrate possession of linked credentials. This mechanism is central to privacy-preserving identity systems like those built on the W3C Verifiable Credentials data model and implemented in protocols such as AnonCreds.
LABS
Glossary
Link Secret
A link secret is a private cryptographic value used by a holder to cryptographically bind and prove ownership of multiple verifiable credentials without revealing the secret.
Chainscore © 2026
definition
CRYPTOGRAPHIC PRIMITIVE
What is a Link Secret?
A Link Secret is a fundamental piece of private data in Zero-Knowledge Proof (ZKP) systems, enabling selective disclosure of verifiable credentials.
The core function of a link secret is to enable selective disclosure. When a verifier requests specific claims (e.g., "prove you are over 21"), the holder can use their link secret to generate a proof that satisfies the request without revealing the underlying credential in full or exposing other, unrelated attributes. This process relies on blinding signatures and cryptographic commitments. The link secret is mathematically linked to each issued credential during the creation of a credential offer, creating an unforgeable bond that only the legitimate holder can prove.
From a security perspective, the link secret must be generated and stored securely by the credential holder, typically within a digital wallet. Its compromise would allow an attacker to falsely prove possession of all linked credentials. In implementation, systems like Hyperledger Indy's AnonCreds use link secrets as the master secret (ms) within a CL-Signature scheme. This design ensures unlinkability across different presentations, meaning multiple proofs generated with the same link secret cannot be correlated by verifiers, providing strong user privacy.
The concept is analogous to a private key that signs transactions, but it is used exclusively for proving credential ownership. It is distinct from a Decentralized Identifier (DID); a DID is a public identifier, while a link secret is the private counterpart that authorizes the use of credentials associated with that DID. Proper management of the link secret is therefore the cornerstone of self-sovereign identity (SSI), granting individuals true control over their digital attestations without reliance on centralized databases.
key-features
LINK SECRET
Key Features
A Link Secret is a private, user-generated piece of data that enables the creation of zero-knowledge proofs for verifiable credentials, allowing selective disclosure of attributes without revealing the underlying data.
01
Core Function in ZK Proofs
The Link Secret is the cryptographic key that binds a user to their verifiable credentials. It is used to generate zero-knowledge proofs (ZKPs) that demonstrate possession of a credential and its attributes (e.g., being over 18) without revealing the credential's contents or the secret itself. This enables privacy-preserving authentication.
02
User Sovereignty & Generation
The Link Secret is generated and stored solely by the credential holder, typically within a secure digital wallet. It is never shared with the issuer or verifier. This ensures user sovereignty over their digital identity and prevents correlation of their activities across different services.
03
Binding to Multiple Credentials
A single Link Secret can be cryptographically bound to multiple verifiable credentials from different issuers. This allows a user to create a composite proof that satisfies a complex policy (e.g., "Prove you have a degree from University X AND a license from Authority Y") using one unified, private key.
04
Role in W3C Verifiable Credentials
The Link Secret is a foundational component of the W3C Verifiable Credentials Data Model and related protocols like BBS+ signatures. It fulfills the requirement for a holder-binding mechanism, ensuring that proofs are generated by the legitimate credential owner and not replayed by someone else.
05
Security & Non-Correlation
A core security property is unlinkability. Different proofs generated with the same Link Secret should not be linkable to each other by verifiers. Advanced cryptographic schemes ensure that while the secret binds the proofs to the holder, it does not create a correlatable identifier across transactions.
06
Contrast with Private Keys
While both are private, a Link Secret differs from a blockchain wallet's private key:
- Link Secret: Used specifically for generating ZK proofs about credentials. Not used for signing transactions.
- Wallet Private Key: Used for signing blockchain transactions and proving asset ownership. They are often managed separately within a wallet for security compartmentalization.
how-it-works
CRYPTOGRAPHIC PRIMITIVE
How a Link Secret Works
A link secret is a private, cryptographically generated value that enables selective disclosure of verifiable credentials while preserving user privacy.
A link secret is a private, cryptographically generated value, such as a random number, held exclusively by the holder of a verifiable credential (VC). Its primary function is to enable selective disclosure within zero-knowledge proofs (ZKPs), allowing a user to prove they possess certain credential attributes without revealing the credential's unique identifier or other sensitive data. This mechanism is a cornerstone of privacy-preserving identity systems, preventing the unwanted correlation of a user's activities across different verifiers and services.
The link secret is used to create a cryptographic commitment, often called a link secret commitment, which is embedded within the credential during its issuance. When a user later needs to present proof, they can generate a verifiable presentation that includes a ZK proof. This proof demonstrates knowledge of the link secret corresponding to the public commitment, without disclosing the secret itself. This process binds the presentation to the original credential issuer's signature, proving the credential's authenticity, while the actual data revealed is controlled by the holder.
A practical example is proving you are over 18 to access a service. Your digital driver's license VC contains your birth date and a unique identifier cryptographically linked to your link secret. You can generate a proof stating "I am over 18" and that you hold a valid credential from the DMV. The verifier confirms the proof's validity and the issuer's signature but learns nothing about your exact birth date, name, or credential ID, preventing them from tracking you. This is a key feature of W3C Verifiable Credentials implementations using BBS+ signatures or similar ZKP-capable schemes.
The security of the entire system depends on the link secret's confidentiality. If compromised, an attacker could impersonate the credential holder or create linkable presentations, breaking privacy guarantees. Therefore, it must be generated securely, stored in a secure element or wallet, and never shared. The link secret is distinct from, but can be derived alongside, other cryptographic keys used for signing or authentication, forming a layered approach to decentralized identity and data minimization.
ecosystem-usage
LINK SECRET
Ecosystem Usage & Standards
A Link Secret is a critical cryptographic component in Zero-Knowledge Proof (ZKP) systems, enabling the secure linking of multiple credentials or statements without revealing their contents. It acts as a private key that binds together disparate pieces of information for a single proof.
01
Core Cryptographic Function
A Link Secret is a private, random value generated by a user (the prover) and used to cryptographically bind multiple W3C Verifiable Credentials or claim predicates within a single Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK). It ensures that all revealed attributes in a proof originate from the same holder, preventing credential mixing and replay attacks. The secret is never revealed to the verifier; only its cryptographic commitment is used.
02
Role in Anonymous Credentials
In systems like Indy AnonCreds and W3C AnonCreds LD, the Link Secret is the cornerstone of user-centric privacy. It allows a user to prove they possess a set of credentials from different issuers (e.g., a passport credential and a university degree credential) without revealing the credentials themselves or creating a correlatable identifier. The same Link Secret is embedded in the cryptographic blinding factors for all credentials held by that user.
03
Proof Generation & Presentation
When creating a verifiable presentation, the prover uses their Link Secret to generate a sub-proof for each credential being presented. These sub-proofs are then aggregated. The verifier can check that the same Link Secret was used across all sub-proofs, cryptographically verifying that the prover is the legitimate holder of all the attested attributes, even if only a subset of attributes (like age > 21) is disclosed.
04
Standardization & Interoperability
The concept is formally defined in the W3C AnonCreds specification and is a mandatory component for Hyperledger Indy-based ecosystems. Its standardized use is crucial for interoperability between different issuers, holders, and verifiers. Developers must implement secure generation (using a CSPRNG) and storage (in a secure element or wallet) of the Link Secret, as its compromise allows an attacker to forge proofs linking any credentials.
05
Security Implications
- Compromise: Loss of the Link Secret allows malicious parties to create fraudulent proofs combining any credentials, breaking the system's security.
- Binding Strength: It prevents credential pooling, where multiple users combine their credentials to falsely satisfy a proof.
- Non-Correlation: Proper implementation ensures that presentations using the same underlying credentials with different disclosed attributes cannot be linked to each other by verifiers.
06
Contrast with Correlation Identifiers
A Link Secret is fundamentally different from a correlation identifier (like a public DID). While a DID is public and can be used to link all actions of an identity, the Link Secret is private and only proves a temporary, session-specific linkage between credentials for a single proof. It enables selective disclosure and unlinkability across multiple presentations, whereas a public identifier enables permanent correlation.
security-considerations
LINK SECRET
Security Considerations
A Link Secret is a critical piece of private data in zero-knowledge proofs, enabling the selective disclosure of credential attributes. Its security is paramount for maintaining user privacy and system integrity.
01
Core Function & Security Role
A Link Secret is a private, user-held value that binds together the attributes within a W3C Verifiable Credential. It is the cryptographic key that enables selective disclosure, allowing a user to prove they possess a credential without revealing all its data. Its security is absolute; if compromised, an attacker can forge proofs and link all of a user's credentials, destroying privacy.
02
Generation & Storage Best Practices
The Link Secret must be generated using a cryptographically secure random number generator (CSPRNG). It should never be derived from predictable user data like passwords. Secure storage is the user's responsibility, typically within a digital wallet (custodial or non-custodial). For high-security applications, hardware security modules (HSMs) or secure enclaves are recommended to prevent extraction.
03
Threat: Secret Compromise
If a Link Secret is stolen or leaked, the attacker gains the ability to:
- Generate fraudulent proofs for any credential issued to that user.
- Correlate and link all of the user's previously issued credentials, breaking unlinkability guarantees.
- Impersonate the user indefinitely across all systems using that credential schema. This is a non-revocable, permanent breach for the affected credentials.
04
Threat: Insecure Implementation
Flaws in the zero-knowledge proof circuit (e.g., in Circom or Noir) or the proving system can inadvertently leak the Link Secret. Common vulnerabilities include:
- Side-channel attacks on the proving process.
- Faulty constraint systems that allow the secret to be solved for.
- Weak parameters for the underlying cryptographic curves (e.g., BLS12-381). Regular security audits of the zk-SNARK/zk-STARK implementation are essential.
05
User Recovery & Revocation
Unlike a private key for an account, a lost Link Secret cannot be recovered via a seed phrase—it is a standalone secret. Credential revocation does not revoke the secret itself; it only invalidates the issued credential. Therefore, a compromised secret requires the user to re-issue all associated credentials with a new secret, making prevention the primary security strategy.
06
Related Concept: Blinding & Unlinkability
The Link Secret works in conjunction with blinding factors during the proof generation process. This ensures that even if the same credential is presented multiple times (multiple presentations), the resulting proofs are unlinkable to observers. A secure implementation must guarantee that the Link Secret itself is never exposed or inferable from these blinded proofs, preserving user anonymity across sessions.
technical-details
CORE CONCEPTS
Technical Details: Blinding & Unlinkability
This section explains the cryptographic mechanisms that enable selective disclosure and privacy in credential systems, focusing on the role of the link secret as a foundational component.
A link secret is a cryptographically secure, random value known only to the credential holder, which serves as a shared secret between the issuer and the holder to enable selective disclosure and prevent unauthorized linking of credential presentations. It is a critical component in zero-knowledge proof (ZKP) systems like those defined in the W3C Verifiable Credentials Data Model, acting as a private anchor point. During issuance, the issuer cryptographically binds this secret into the credential. Later, during verification, the holder can prove knowledge of the same secret without revealing it, demonstrating legitimate ownership of multiple credentials from different issuers without allowing those issuers or verifiers to correlate the holder's activities.
The primary function of the link secret is to enforce unlinkability across different credential presentations. When a holder presents proofs derived from multiple credentials—such as a university diploma and a government ID—they can use the same link secret in each proof. The verifier can cryptographically confirm that the same secret is present in all proofs, establishing that the credentials belong to the same entity, but the secret itself remains hidden. Crucially, neither the original issuers nor other verifiers can use this secret to link the holder's transactions or presentations across different sessions or contexts, preserving privacy. This mechanism prevents the creation of a global identifier while still allowing for necessary correlation under the holder's control.
From a technical perspective, the link secret is typically implemented as a large random integer or a point on an elliptic curve. In BBS+ signatures and other ZKP-friendly schemes, the secret is embedded as a committed value within the credential's signature. The holder's wallet securely stores this secret, often deriving it from a seed phrase. During a presentation, the prover (holder) generates a proof that demonstrates knowledge of the secret and its correct binding to the presented attributes, without the secret itself being transmitted. This process, integral to blinded signatures and anonymous credentials, ensures that credential presentations are minimal, selective, and privacy-preserving by default.
CRYPTOGRAPHIC KEY COMPARISON
Link Secret vs. Related Concepts
A technical comparison of the Link Secret with related cryptographic primitives used in zero-knowledge and privacy protocols.
| Feature / Attribute | Link Secret | Private Key | ZK-SNARK Proving Key | Commitment Blinding Factor |
|---|---|---|---|---|
Primary Function | Correlates credentials in a presentation | Signs transactions, proves asset ownership | Generates a zero-knowledge proof | Hides the pre-image of a cryptographic commitment |
Revealed to Verifier? | ||||
Holder Knowledge | Must be kept secret by credential holder | Must be kept secret by asset owner | Public parameter, no secrecy required | Must be kept secret by committer |
Cryptographic Role | Binding element for selective disclosure | Digital signature creation | Proof generation circuit | Randomness for hiding property |
Typical Protocol | Anonymous Credentials (e.g., BBS+, CL) | Asymmetric Cryptography (e.g., ECDSA, EdDSA) | ZK-SNARKs (e.g., Groth16, Plonk) | Commitment Schemes (e.g., Pedersen, SHA256) |
Compromise Consequence | Linkability of previously unlinkable presentations | Loss of asset control, unauthorized transactions | Ability to generate (but not verify) false proofs | Ability to open the commitment to a different value |
Generated By | Credential holder (user) | User's wallet | Trusted setup or universal setup | User or protocol |
examples
LINK SECRET
Practical Examples & Use Cases
A Link Secret is a critical component in Zero-Knowledge Proof (ZKP) systems, enabling the generation of proofs for specific credentials without revealing the underlying data. These examples illustrate its practical applications.
LINK SECRET
Common Misconceptions
The Link Secret is a fundamental cryptographic component in Zero-Knowledge Proofs, particularly in zk-SNARKs. It is a piece of sensitive data that must be kept hidden to ensure the security of the proving system. This section clarifies widespread misunderstandings about its role, security, and management.
A Link Secret (also known as a toxic waste or proving key secret) is a set of secret parameters generated during the trusted setup ceremony for a zk-SNARK circuit. Its importance is absolute: if the Link Secret is ever revealed, an attacker can forge valid proofs for false statements, completely breaking the cryptographic security of the entire application built on that circuit. It is the 'master key' that allows the creation of the public proving and verification keys, and its compromise is irreversible, necessitating a completely new trusted setup.
LINK SECRET
Frequently Asked Questions (FAQ)
A link secret is a critical cryptographic component in zero-knowledge proof systems. These questions address its role, security, and practical management.
A link secret is a private, user-generated random value that cryptographically binds together multiple zero-knowledge credentials issued to the same holder without revealing their connection. It works by being incorporated into the cryptographic material of each credential during issuance. When a holder later presents proofs derived from different credentials, they can use the same link secret to generate a signature of knowledge, demonstrating to a verifier that the credentials belong to the same entity without disclosing the secret itself or the credentials' identifiers. This enables selective disclosure and attribute correlation across a holder's digital identity while preserving privacy.
further-reading
LINK SECRET
Further Reading
A Link Secret is a critical component of Zero-Knowledge Proof systems, enabling the creation of proofs for specific credentials without revealing the underlying data. Explore its core mechanisms and related cryptographic concepts below.
04
Nullifier
A public output derived from a Link Secret that prevents double-spending or replay attacks in anonymous systems. A nullifier is a unique, deterministic hash (e.g., hash(link_secret, external_nullifier)). It reveals no information about the user's identity but proves they have already performed a specific action.
- Function: Acts as a public "spent" flag for anonymous actions.
- Generation: Cryptographically tied to the private Link Secret.
- Critical For: Ensuring uniqueness in anonymous voting or token claims.
05
Identity Commitment
The public-facing component of a private identity, often created from a Link Secret. An Identity Commitment (e.g., hash(link_secret, identity_trapdoor)) is published to a registry or smart contract. It allows a user to prove membership in a group without revealing which specific commitment is theirs.
- Privacy: The commitment itself reveals no private data.
- Group Membership: Used in Semaphore and zk-SNARKs-based groups.
- Foundation: Enables anonymous authentication and credentials.
06
Tornado Cash (Historical Example)
A privacy mixer that utilized a mechanism conceptually similar to a Link Secret. Users deposited funds and later withdrew them by providing a zk-SNARK proof that they owned a deposit note, without revealing which one. The private spending key acted as the user's secret.
- Mechanism: Demonstrated the use of secret ownership proofs for asset privacy.
- Conceptual Link: Highlights the importance of secret management for anonymity.
- Note: Sanctioned by OFAC, illustrating the regulatory challenges of strong privacy tools.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall