On-chain credentials are verifiable attestations—like proof of KYC, guild membership, or skill certification—stored as tokens or state within a smart contract. Unlike static NFTs, a revocable credential's core feature is the ability for an authorized issuer to invalidate it after issuance. This is critical for maintaining system integrity when credentials are compromised, requirements change, or user status is revoked. Implementing this requires a smart contract pattern that manages a dynamic validity state separate from the token's existence.
LABS
Guides
How to Implement Revocable Credentials Using Smart Contracts
This guide provides patterns for implementing credential revocation on-chain, covering revocation registries, status list credentials, and smart contract allow/deny lists. It includes Solidity code examples and compares on-chain vs. hybrid models.
Chainscore © 2026
introduction
DEVELOPER TUTORIAL
How to Implement Revocable Credentials Using Smart Contracts
A technical guide to building and managing on-chain credentials with built-in revocation mechanisms for use in DAOs, DeFi, and identity systems.
The most common implementation uses a mapping to track revocation status. Below is a simplified Solidity example for an SBT (Soulbound Token) with a revocation flag. The key functions are mint for issuance, revoke for invalidation, and a check like isValid for verification.
soliditycontract RevocableCredential is ERC721 { address public issuer; mapping(uint256 => bool) public revoked; constructor() ERC721("Credential", "CRED") { issuer = msg.sender; } function mint(address to, uint256 tokenId) external onlyIssuer { _safeMint(to, tokenId); } function revoke(uint256 tokenId) external onlyIssuer { revoked[tokenId] = true; emit CredentialRevoked(tokenId); } function isValid(uint256 tokenId) external view returns (bool) { return _exists(tokenId) && !revoked[tokenId]; } }
For production systems, consider these key design patterns: - Expiration Timestamps: Add a validUntil field for time-bound credentials. - Suspension vs. Revocation: Distinguish between temporary suspension and permanent revocation. - Delegated Revocation: Use an access control system like OpenZeppelin's Ownable or a multi-sig for issuer management. - On-Chain Proofs: Integrate with verifiable credential standards like W3C VC Data Model for interoperability. - Gas Optimization: Use bitmaps or packed storage for bulk status updates to reduce costs, especially on L2s like Arbitrum or Optimism.
Revocable credentials are foundational for real-world Web3 applications. In DeFi, they can enforce compliance (e.g., an accredited investor SBT). For DAO governance, they can manage voting power based on active, non-revoked membership. In developer ecosystems, they can represent revoked API keys or attestations. When verifying a credential, external contracts or interfaces should always call the isValid method, not just check for token ownership, to ensure the attestation's current state is respected.
Best practices for security and user experience include: - Clear Revocation Reasons: Emit events with metadata explaining why a credential was revoked. - Off-Chain Indexing: Use a subgraph or indexer to track revocation status for efficient queries. - User Notification: Implement push notifications via services like EPNS or XMTP to alert holders of status changes. - Audit the Logic: Ensure the revocation function is protected from reentrancy and that state changes are atomic. Always consider the privacy implications of storing revocation status fully on-chain versus using zero-knowledge proofs for selective disclosure.
The future of revocable credentials points toward interchain standards. Using a modular attestation layer like EAS (Ethereum Attestation Service) or Verax allows credentials to be issued on one chain and verified across many, with revocation registries managed independently. By implementing robust revocation logic today, developers build the foundation for more accountable and flexible on-chain identity systems.
prerequisites
TUTORIAL
Prerequisites and Setup
This guide walks through implementing a revocable credential system using Ethereum smart contracts, covering the core concepts, required tools, and initial project setup.
A revocable credential is a digital attestation, like a membership or certificate, whose validity can be programmatically revoked by its issuer. On-chain, this is typically implemented using a registry pattern. Instead of storing credential data directly on-chain, a smart contract maintains a mapping—a registry—that tracks whether a given credential ID is active or revoked. This approach minimizes gas costs and keeps sensitive data off-chain, storing only the essential revocation status. The core logic revolves around an issuer address having the exclusive authority to issue and revoke credentials for users.
To build this system, you will need a development environment for Ethereum smart contracts. Essential tools include Node.js (v18 or later), a package manager like npm or yarn, and the Hardhat development framework. Hardhat provides a local Ethereum network, a testing suite, and plugins for compilation and deployment. You will also use OpenZeppelin Contracts, a library of secure, audited standard contracts. We will import its Ownable contract for access control. Install these with npm init -y followed by npm install --save-dev hardhat @openzeppelin/contracts.
Initialize a new Hardhat project by running npx hardhat init and selecting the TypeScript project template for better type safety. This creates a basic project structure with contracts/, scripts/, and test/ directories. In the contracts/ folder, create a new file, RevocableCredentialRegistry.sol. We will write our Solidity code here. Ensure your hardhat.config.ts is configured for the Sepolia testnet by adding a network entry and providing an RPC URL and a private key from a wallet like MetaMask for deployment scripts.
key-concepts-text
TECHNICAL GUIDE
How to Implement Revocable Credentials Using Smart Contracts
A developer-focused guide to building on-chain credential systems with built-in revocation mechanisms using Ethereum smart contracts.
Revocable credentials on the blockchain are digital attestations, like badges or certifications, whose validity can be programmatically revoked by an issuer. Unlike static NFTs, they require a stateful contract that tracks the active status of each credential. The core smart contract must manage three key functions: issuing a credential to a recipient's address, checking its current validity status, and revoking it. This is typically implemented by mapping a unique credential ID (like a uint256 token ID) to a boolean isRevoked flag. When a user presents their credential, a verifier's contract calls the issuer's contract to check this flag before granting access or privileges.
A basic implementation extends the ERC-721 standard. Start by importing OpenZeppelin's contracts and adding a _revokedTokens mapping. The mint function issues the credential, while a revoke function, protected by an onlyIssuer modifier, sets the token's status to revoked. Crucially, you must override the transferFrom function to prevent transfers if the token is revoked, maintaining control. Here's a minimal skeleton:
soliditymapping(uint256 => bool) private _revokedTokens; function revoke(uint256 tokenId) public onlyIssuer { _revokedTokens[tokenId] = true; emit Revoked(tokenId); } function isValid(uint256 tokenId) public view returns (bool) { return !_revokedTokens[tokenId]; }
For production systems, consider gas efficiency and scalability. Storing revocation status on-chain for millions of credentials can be expensive. A common optimization is to use a revocation registry—a separate contract that maintains a Merkle root of all revoked credential IDs. Issuers periodically update the root, and verifiers check a Merkle proof against it. This approach, used by projects like Veramo, allows for batch updates and off-chain proof verification, significantly reducing gas costs. Another pattern is using a bitmap or a sparse Merkle tree to efficiently manage large revocation sets with minimal on-chain data.
Security is paramount. The revocation function must have robust access control, typically using OpenZeppelin's Ownable or a multi-signature wallet. Consider implementing a timelock on revocation calls to prevent malicious issuers from acting abruptly. Furthermore, design your credential schema to include an expiry timestamp, allowing automatic invalidation via the isValid check without a transaction. Always emit clear events like CredentialIssued and CredentialRevoked for off-chain indexing and transparency. Thoroughly test revocation scenarios, including re-enabling a credential (which requires careful state design), using frameworks like Foundry or Hardhat.
Integration with verifier contracts completes the system. A verifier, such as a gated community smart contract, should not trust the credential NFT alone. It must call the issuer's isValid(tokenId) function in its own logic. For example, a function granting access might look like:
solidityfunction grantAccess(uint256 credentialId) public { require(credentialIssuer.isValid(credentialId), "Credential revoked"); // ... grant access logic }
This pattern ensures real-time, trustless verification. For broader interoperability, align your contract with emerging standards like W3C Verifiable Credentials or EIP-5843 for composable attestations, which are gaining traction in the Ethereum ecosystem for decentralized identity.
implementation-patterns
REVOCABLE CREDENTIALS
Implementation Patterns
Smart contract patterns for issuing, verifying, and revoking on-chain credentials. These designs balance security, user privacy, and gas efficiency.
03
Merkle Tree-Based Revocation
Use a Merkle tree where leaves represent active credentials. The root is stored on-chain. To revoke, the issuer updates the tree, excluding the revoked credential, and publishes a new root. Users provide a Merkle proof for verification.
- Benefit: O(1) on-chain storage cost (only the root).
- Drawback: Requires an off-chain service to maintain and distribute proofs.
- Best For: High-volume, batch credential issuance where gas costs for individual updates are prohibitive.
04
Time-Locked Credentials with Expiry
Build revocability directly into the credential's validity period. Credentials are issued with a built-in expiry timestamp. For early revocation, implement a suspend/unsuspend function controlled by the issuer that overrides the timestamp check.
- Pattern:
isValid = !isSuspended && block.timestamp < expiryTime - Use Case: Subscription access, time-bound certifications, and event tickets.
- Simple & Effective: Reduces complexity by combining revocation with a core time-based logic.
06
ZKP-Circuits for Private Revocation Checks
For maximum privacy, implement revocation checks within a Zero-Knowledge Proof (ZKP) circuit. Users generate a ZK-SNARK proving they hold a valid, non-revoked credential without revealing its identifier. The circuit checks against an on-chain commitment of the revocation list.
- Technology: Use frameworks like Circom or Noir to write the circuit.
- Application: Anonymous voting, private reputation systems, and confidential DeFi access.
- Challenge: Higher computational complexity for both proving and verification.
TECHNICAL OVERVIEW
Revocation Pattern Comparison
A comparison of on-chain credential revocation mechanisms based on gas efficiency, privacy, and implementation complexity.
| Feature / Metric | Blocklist Registry | Expiration Timestamp | Revocation Registry |
|---|---|---|---|
Gas Cost (Revoke) | $2-5 | $0.1-0.5 | $5-15 |
Gas Cost (Verify) | $1-3 | $0.1 | $2-4 |
Privacy Leakage | High (Public list) | None | Medium (Per-credential check) |
Real-time Revocation | |||
State Bloat Risk | High | None | Medium |
Implementation Complexity | Low | Low | High |
Suitable For | Small, public lists | Time-bound credentials | High-value, selective revocation |
solidity-revocation-registry
IMPLEMENTATION GUIDE
Code Example: Simple Revocation Registry
A practical walkthrough for building a foundational on-chain revocation registry using Solidity and Foundry.
A revocation registry is a critical component of verifiable credential systems, allowing issuers to invalidate credentials without altering the original signed data. This example implements a simple, non-token-based registry using a Solidity smart contract. The core logic maps a unique credential identifier (like a credentialId hash) to a boolean status, where true indicates the credential is revoked. This approach is gas-efficient and forms the basis for more complex systems like EIP-5539 or W3C's Status List 2021.
The contract exposes two key functions: revoke(bytes32 credentialId) and isRevoked(bytes32 credentialId). Only the contract owner (the credential issuer) can call the revoke function, which sets the mapping for the given ID to true. The isRevoked function is a public view that allows any verifier to check the status. We use bytes32 for the identifier to efficiently store hashes of credential data, ensuring the registry can scale to millions of entries without excessive gas costs for lookups.
Here is the core contract implementation:
solidity// SPDX-License-Identifier: MIT pragma solidity ^0.8.19; contract SimpleRevocationRegistry { address public owner; mapping(bytes32 => bool) private _revoked; constructor() { owner = msg.sender; } function revoke(bytes32 credentialId) external { require(msg.sender == owner, "Only owner can revoke"); _revoked[credentialId] = true; } function isRevoked(bytes32 credentialId) external view returns (bool) { return _revoked[credentialId]; } }
Deploy this contract to a network like Sepolia or Polygon Mumbai using Foundry: forge create SimpleRevocationRegistry --rpc-url $RPC_URL --private-key $PRIVATE_KEY.
To integrate this registry, an issuer must generate a deterministic credentialId for each credential, typically the keccak256 hash of a unique combination like issuerAddress + credentialSubjectId + issuanceTimestamp. This ID is embedded in the verifiable credential's proof as a revocationRegistry field. When a verifier receives a credential, they call the on-chain isRevoked() function with this ID. A return value of true means the credential is invalid, even if the cryptographic signature is correct.
This basic design has trade-offs. It requires a separate on-chain transaction for each revocation, making it suitable for low-volume or high-value credentials. For mass revocation events, consider batch operations or a bitmap-based registry like the Status List 2021 which can revoke up to 16,000 credentials with a single bit flip. Always audit revocation logic, as incorrect ID generation can lead to unreachable or colliding entries, breaking the entire system's trust model.
status-list-credential-implementation
IMPLEMENTATION GUIDE
Code Example: Status List Credential (Bitstring)
A practical guide to implementing W3C-compliant revocable credentials using smart contracts and bitstring status lists.
The W3C Verifiable Credentials specification defines a StatusList2021 entry for managing credential revocation. This method uses a bitstring—a compressed array of bits—where each bit represents the status (0 for valid, 1 for revoked) of a credential at a specific index. The bitstring is stored as a Base64-encoded string within a credential's credentialStatus property, which points to a publicly accessible status list credential. This approach is efficient and privacy-preserving, as a verifier only needs to fetch and check a single bit for a given credential ID, without revealing other entries in the list.
To anchor this system on-chain for trust and immutability, a smart contract can manage the status list. A common implementation involves a contract that stores the compressed bitstring and an associated URI where the full status list credential is hosted. The contract exposes functions to set the status of a credential at a specific index and to read the status of any index. The on-chain data acts as the single source of truth, while the off-chain JSON credential provides the standardized format for verifiers. This hybrid model leverages blockchain for tamper-proof status updates and standard protocols for interoperability.
Here is a simplified Solidity contract example for managing a status list. The contract stores a mapping of listId to a BitString struct containing the encoded data and URI. The setStatus function allows the issuer to flip a specific bit, and the getStatus function lets anyone verify it.
solidity// SPDX-License-Identifier: MIT pragma solidity ^0.8.19; contract StatusListRegistry { struct BitString { bytes encodedBits; string statusListCredentialUri; } mapping(string => BitString) public statusLists; address public issuer; constructor() { issuer = msg.sender; } function setStatus( string calldata listId, uint256 index, bool isRevoked ) external { require(msg.sender == issuer, "Not authorized"); BitString storage list = statusLists[listId]; // Logic to set the bit at `index` in `list.encodedBits` to 1 if `isRevoked` // This involves bitwise operations on the bytes array. } function getStatus( string calldata listId, uint256 index ) external view returns (bool) { BitString storage list = statusLists[listId]; // Logic to read the bit at `index` from `list.encodedBits` // Returns true if the credential is revoked. return false; // Placeholder } }
The off-chain component is a StatusList2021Credential, a standard JSON-LD document. Its credentialSubject contains the encodedList property (the Base64-encoded bitstring) and a statusPurpose (like "revocation"). The id of this credential is the URI referenced in the smart contract. When an issuer revokes a user's credential, they must perform two actions: 1) Call the smart contract's setStatus function to update the on-chain bit, and 2) Regenerate the off-chain status list credential JSON with the updated encodedList and publish it at the URI. This ensures consistency between the on-chain truth and the verifiable document.
For verification, a relying party follows a defined flow. First, they extract the credentialStatus object from the presented credential, which contains the statusListIndex and the statusListCredential URI. They then fetch the status list credential from that URI and validate its signature. Next, they can optionally verify the on-chain status by calling the getStatus function on the registry contract using the list ID and index. Finally, they decode the Base64 encodedList from the fetched credential, check the bit at the given index, and confirm the credential's status. This dual-check provides robust security against a compromised off-hosted file.
Key considerations for production use include gas optimization for bit manipulation in Solidity, implementing access control for issuers (like using OpenZeppelin's Ownable), and ensuring the availability of the off-hosted status list credential. The statusListCredential URI should point to a highly available service like IPFS or Arweave. This pattern is used by projects like Veramo for credential management and aligns with the W3C VC-API standards. By combining the immutability of smart contracts with the flexibility of standard credentials, developers can build scalable, interoperable, and trust-minimized revocation systems for decentralized identity.
privacy-trade-offs
PRIVACY CONSIDERATIONS AND TRADE-OFFS
How to Implement Revocable Credentials Using Smart Contracts
A technical guide to building privacy-preserving, revocable credentials on-chain, balancing user control with issuer authority.
Revocable credentials are a core component of decentralized identity systems, allowing an issuer to grant and later invalidate a claim about a user. On public blockchains, this creates a privacy challenge: a credential's status must be verifiable without exposing the holder's identity or the credential's contents. Zero-knowledge proofs (ZKPs) and commitment schemes are the primary cryptographic tools used to solve this. A user presents a ZKP that they possess a valid, unrevoked credential, without revealing the credential identifier itself. The issuer maintains a revocation registry, often a Merkle tree or a smart contract mapping, which the proof checks against.
The most common implementation uses a Merkle tree revocation registry. The issuer's smart contract stores the Merkle root of a tree where each leaf is a commitment to a credential. To revoke, the issuer updates the leaf's status and publishes a new root. A user proves their credential is valid by providing a Merkle proof that their commitment exists in the non-revoked portion of the tree. For example, the Semaphore protocol uses this model for anonymous signaling. The trade-off is gas cost: updating the Merkle root on-chain for each revocation can be expensive, and the registry size is limited by gas constraints.
An alternative is a accumulator-based registry, like a RSA or bilinear map accumulator, where the issuer maintains a single accumulator value representing all valid credentials. Revocation updates this single value. The Indy blockchain originally used this approach. The trade-off shifts from storage/update cost to computational complexity for proof generation and verification, which can be higher for ZKPs involving accumulators. Smart contracts must also be equipped to verify these more complex cryptographic primitives, which wasn't feasible before precompiles like the BN256 pairing on Ethereum.
Key design decisions involve who controls revocation. In a centralized model, the issuer's smart contract holds a private key to sign revocation updates, creating a single point of control and failure. A decentralized or multi-sig model distributes this authority, enhancing censorship resistance but adding complexity. Furthermore, you must decide on revocation granularity: can you revoke a single credential, or all credentials for a user? Fine-grained control offers more precision but increases the data and logic required in the smart contract state.
When implementing, start with a simple contract interface. The issuer contract should have functions to issueCommitment(bytes32 commitment), revokeCommitment(bytes32 commitment), and getRevocationRoot(). The verification contract needs a function verifyCredentialProof(bytes calldata proof, bytes32 currentRoot) that uses a verifier contract, like one generated from a ZK-SNARK circuit via SnarkJS and Circom. Always include a time-delay or challenge period for revocations to mitigate malicious issuer behavior. Test extensively on a testnet like Sepolia, as gas optimization for frequent root updates is critical for production.
Privacy trade-offs are inherent. While the credential content is hidden, the act of interacting with the revocation registry contract can create transaction graph metadata. Solutions like zkRollups or application-specific chains can bundle proofs to obscure individual user actions. Ultimately, implementing revocable credentials requires balancing user privacy, issuer sovereignty, on-chain efficiency, and security. Frameworks like Veramo and Sismo provide modular libraries to integrate these patterns, allowing developers to focus on their specific credential schema and revocation policy.
hybrid-off-chain-models
HYBRID AND OFF-CHAIN MODELS
How to Implement Revocable Credentials Using Smart Contracts
A practical guide to building a system where credential status is managed on-chain while the credential data itself remains off-chain, enabling efficient revocation.
Revocable credentials are essential for identity and access management systems where permissions must be dynamically updated or withdrawn. A purely on-chain approach, where the full credential is stored in a smart contract, is often prohibitively expensive and lacks privacy. The hybrid model solves this by storing only a minimal, critical piece of data on-chain—typically a revocation registry—while the credential's substantive data (claims, metadata) is stored off-chain, often as a Verifiable Credential (VC). This separation allows for efficient status checks without exposing private user data on a public ledger.
The core on-chain component is a smart contract that acts as a revocation registry. It maintains a mapping, such as mapping(uint256 => bool) public isRevoked, where the key is a unique credential identifier (like a UUID or a hash of the credential's public details). The contract exposes two critical functions: revokeCredential(uint256 credentialId) for the issuer and checkStatus(uint256 credentialId) view returns (bool) for any verifier. When a verifier receives an off-chain credential, they call checkStatus with the provided ID. A return value of true indicates the credential is no longer valid, regardless of its off-chain cryptographic proof.
Here is a simplified Solidity example for a basic revocation registry contract:
solidity// SPDX-License-Identifier: MIT pragma solidity ^0.8.19; contract RevocationRegistry { address public issuer; mapping(uint256 => bool) private _revoked; constructor() { issuer = msg.sender; } function revoke(uint256 credentialId) external { require(msg.sender == issuer, "Only issuer can revoke"); _revoked[credentialId] = true; emit CredentialRevoked(credentialId); } function isRevoked(uint256 credentialId) external view returns (bool) { return _revoked[credentialId]; } event CredentialRevoked(uint256 indexed credentialId); }
This contract allows the designated issuer to revoke credentials by ID, and any party can query the status. The off-chain credential must include this credentialId and the contract's address so verifiers know where to check.
For production systems, consider more advanced patterns to reduce gas costs and enhance privacy. A bitmap-based registry allows an issuer to revoke batches of credentials in a single transaction by setting bits in a packed uint256. Another approach uses cryptographic accumulators, like RSA or Merkle trees, where the on-chain state is a single accumulator value. Revocation updates this value, and the verifier checks a zero-knowledge proof that a credential is not in the revoked set, offering better privacy. Standards like the W3C Revocation List 2020 provide a specification for implementing this hybrid model using JSON-LD and linked data.
When implementing, key design decisions include choosing the credential identifier, managing issuer keys, and determining update frequency. The ID must be unique and unguessable, often derived from a hash of the issuer's DID and a random UUID. Issuer key management is critical; consider using a smart contract wallet or multi-sig for the revoke function to prevent single points of failure. Furthermore, you must decide between real-time revocation (immediate on-chain update) and periodic batch updates to optimize for gas efficiency versus revocation latency, depending on your use case's requirements.
resource-links
DEVELOPER GUIDES
Resources and Further Reading
Primary specifications, smart contract patterns, and reference implementations for building revocable credentials on-chain or in hybrid Web3 identity systems.
REVOCABLE CREDENTIALS
Frequently Asked Questions
Common technical questions and solutions for developers implementing on-chain revocable credentials using smart contracts.
Two primary patterns dominate on-chain credential revocation: Registry-Based and Status List-Based.
Registry-Based uses a central smart contract as a revocation registry. The credential (e.g., an SBT or VC) holds a reference to this registry and a unique identifier. To verify, a contract checks the registry's isRevoked(id) function. This is simple but can be gas-intensive for batch checks.
Status List-Based, defined in the W3C VC Status List 2021 specification, uses a bitstring (a compressed list of bits). A credential points to a status list credential and a specific index. Revocation is toggling a single bit. This is highly gas-efficient for checking many credentials, as you verify a single Merkle proof for the entire list. The Ethereum Attestation Service (EAS) Schema Registry is a prominent example using this pattern.
conclusion
IMPLEMENTATION GUIDE
Conclusion and Next Steps
This guide has outlined the core components for building a system of revocable credentials on-chain. The next steps involve production considerations, advanced patterns, and integration.
You now have a functional blueprint for revocable credentials using a combination of Soulbound Tokens (SBTs) and a revocation registry. The core contract logic demonstrates how to issue non-transferable tokens representing credentials and manage their validity status through a separate, centralized or decentralized authority. This pattern is foundational for systems like on-chain resumes, attestations, and verifiable credentials where proof of status must be dynamically updatable.
For production deployment, critical next steps include enhancing security and decentralization. Consider implementing a multi-signature wallet or a decentralized autonomous organization (DAO) as the revocation authority instead of a single EOA. Integrate EIP-712 typed structured data signing for off-chain credential issuance with on-chain verification, reducing gas costs. Audit your contracts thoroughly, especially the authorization logic in the RevocationRegistry, as it controls the entire system's integrity.
To extend functionality, explore advanced patterns like time-based expiration (adding a validUntil timestamp to the credential), credential tiers (using different SBT token IDs), or zk-SNARKs for privacy where a user can prove they hold a valid, unrevoked credential without revealing its specific ID. The Ethereum Attestation Service (EAS) and Verax are excellent references for more sophisticated schema-based attestation architectures.
Finally, integrate your credential system with the broader ecosystem. Build a front-end dApp for issuers and verifiers using wagmi or ethers.js. Consider indexing credential events with The Graph for efficient querying. By implementing these steps, you move from a prototype to a robust, usable infrastructure for trust and reputation in Web3 applications.