A revocation bitmap is a space-efficient data structure that enables the issuer of credentials to signal which specific credentials within a batch have been revoked. It operates by assigning each credential a unique index number. The bitmap itself is a simple string of bits (0s and 1s), where each bit's position corresponds to a credential index. A 0 typically indicates the credential is valid, while a 1 indicates it has been revoked. This allows a verifier to check the status of a single credential by looking up only its specific bit position, a process known as a selective disclosure of revocation status.
LABS
Glossary
Revocation Bitmap
A revocation bitmap is a status list implementation in Decentralized Identity (DID) systems where each bit in a string represents the revocation status (e.g., 1 for revoked) of a Verifiable Credential at a specific index.
Chainscore © 2026
definition
BLOCKCHAIN DATA STRUCTURE
What is a Revocation Bitmap?
A revocation bitmap is a compact, on-chain data structure used to track the revocation status of a large set of credentials, such as Verifiable Credentials (VCs) or attestations, without revealing the credentials themselves.
The primary technical advantage of a revocation bitmap is its constant-size, on-chain footprint. Unlike a traditional revocation list that grows linearly with each revoked item, a bitmap's size is fixed at creation based on the total number of credentials issued in that batch. This makes it highly scalable and cost-effective for blockchain systems, where storing data is expensive. Common implementations, such as those defined in the W3C Verifiable Credentials Data Model, often encode the bitmap as a base64 string for compact storage and transmission.
In practice, when a user presents a credential for verification, they provide their credential index. The verifier then fetches the current revocation bitmap from its published source (e.g., a smart contract or a decentralized identifier document) and checks the bit at that index. This mechanism provides a privacy-preserving check, as the verifier does not learn about the revocation status of any other credentials in the set. It is a foundational component for decentralized identity systems, enabling efficient and scalable credential lifecycle management without relying on centralized, queryable databases.
how-it-works
CREDENTIALS & ZKP
How a Revocation Bitmap Works
A technical breakdown of the space-efficient data structure used to manage credential revocation in decentralized identity systems.
A revocation bitmap is a compact, on-chain data structure that uses a simple binary mapping to indicate whether a specific credential, like a Verifiable Credential (VC), has been revoked. Each bit in the bitmap corresponds to a unique credential index, where a 1 (or 0, depending on the implementation's convention) signals revocation and a 0 signals the credential is still valid. This mechanism allows verifiers to check the revocation status of a credential by querying a single bit at a known position, without revealing which specific credential is being checked, thereby preserving privacy. Its core innovation is replacing large, privacy-leaking revocation lists with a tiny, fixed-size bit array.
The system's efficiency stems from its bitwise operations. When a credential issuer needs to revoke a credential, they calculate its unique index (e.g., from a credential's credentialStatus field) and publish a transaction that sets the corresponding bit in the on-chain bitmap. A verifier performs the same index calculation and reads that single bit. This operation is extremely gas-efficient on blockchains like Ethereum, as it involves minimal on-chain data storage and computation. Common standards implementing this pattern include the Iden3 Reverse Hash Service and the W3C Status List 2021 specification, which defines a bitstring status list.
A critical feature of revocation bitmaps is their support for selective disclosure and privacy. When a user presents a zero-knowledge proof (ZKP) of credential validity, they can prove that their credential's specific index bit is set to 'valid' without revealing the index itself. This prevents verifiers from linking different presentations back to the same user or credential. The bitmap itself is often stored in a compressed format, such as a base64-encoded string, and can be referenced via a URI in a credential's credentialStatus object, enabling decentralized and interoperable status checks across different ecosystems.
key-features
DATA STRUCTURE
Key Features of Revocation Bitmaps
A revocation bitmap is a compact, on-chain data structure used to track the validity status of a large set of items, such as zero-knowledge proof nullifiers or account nonces, by using a single bit per item.
01
Bitwise Status Tracking
Each item in the set is assigned a unique index, and its status (e.g., valid or revoked/spent) is represented by a single bit (0 or 1) in a large binary array. A 0 typically means 'unused' or 'valid', while a 1 means 'used' or 'revoked'. This is the most storage-efficient method for tracking binary state.
02
On-Chain Storage & Gas Efficiency
The entire bitmap is stored as a single storage slot (or a series of packed words) in a smart contract. Checking or updating a status requires reading/writing only this slot, making operations gas-efficient compared to storing a mapping of individual booleans, which uses a new storage slot for each entry.
03
Core Use Case: Nullifier Sets
The primary application is in zero-knowledge rollups and privacy systems like Tornado Cash. When a user withdraws funds, they provide a nullifier (a unique identifier for their deposit). The contract checks the bitmap: if the bit for that nullifier's index is 0, the withdrawal is valid; it then sets the bit to 1 to prevent double-spending.
04
Deterministic Indexing
To check or set a bit, the system must calculate its exact position. This is done via a deterministic function (often a hash modulo the bitmap size) that maps an item (e.g., a nullifier hash) to a specific bit index and word offset within the stored data structure.
05
Fixed-Cost Operations
Because the data is packed, the gas cost for checkBit and setBit operations is constant (O(1)), regardless of how many items are in the set. This predictable cost is crucial for scalability and user experience in decentralized applications.
06
Contrast with Merkle Trees
For revocation, Merkle trees require inclusion proofs to show an item is in a valid set. Bitmaps are for exclusion proofs: proving an item is not in the revoked set. Bitmaps are more efficient for frequent, single-item updates, while trees are better for batch updates.
visual-explainer
DATA STRUCTURE
Visualizing a Revocation Bitmap
A technical exploration of how a revocation bitmap functions as a compact, on-chain registry for tracking the status of credentials or permissions.
A revocation bitmap is a compact, on-chain data structure, often implemented as a bit array, where each bit represents the active or revoked status of a corresponding credential, token, or permission. The core mechanism is simple: a 0 (or 1) typically indicates the item is valid, while a 1 (or 0) flags it as revoked. This binary representation allows for extremely efficient storage and verification, as checking a single bit's state is a constant-time operation. In blockchain systems like those using Verifiable Credentials (VCs) or specific token standards, this provides a scalable alternative to maintaining individual revocation lists for each issued item.
Visualizing this structure reveals its efficiency. Imagine a long string of bits, such as 00101101, where each position corresponds to a unique credential ID. A verifier, knowing the specific index of the credential they are checking, queries this public bitmap. If the bit at index 3 is set to 1, the credential is revoked. This model is central to standards like W3C's Status List 2021, which encodes a gzip-compressed bitmap into a JSON Web Token (JWT) or other formats, enabling the entire status registry for thousands of credentials to be stored in a single, small on-chain transaction or a decentralized identifier (DID) document.
The practical implementation involves two key processes: bitmap management and proof generation. An issuer, acting as the bitmap controller, updates the specific bit when a credential must be revoked. The verifier's task is to cryptographically verify that the presented credential's index points to a 0 in the latest, signed version of the bitmap. This often involves checking a Merkle proof or a digital signature on the entire bitmap to ensure its integrity and freshness, preventing reliance on stale or tampered data. This creates a trust-minimized system where revocation status is as verifiable as the credential itself.
Compared to Certificate Revocation Lists (CRLs) or online status protocols, a revocation bitmap offers distinct advantages for decentralized systems. Its space efficiency is paramount, as the size grows linearly with the number of possible revocations, not the number of actual revocations. Furthermore, its privacy-preserving nature allows a user to prove their credential is valid by revealing only a single bit position, without disclosing the status of any other credentials in the registry. This makes it a foundational primitive for scalable Self-Sovereign Identity (SSI) and selective disclosure frameworks on blockchain.
examples
REVOCATION BITMAP
Examples & Implementations
Revocation bitmaps are implemented across various blockchain ecosystems to provide efficient, on-chain credential status verification. These examples highlight key protocols and their specific approaches.
03
Bitwise Operations for Verification
The core technical implementation involves bitwise AND operations. To check if credential #N is revoked:
- Calculate its bit position within the bitmap (often
index = credentialID % 256). - Perform
bitmap & (1 << index). - A result of
0means active; a non-zero result means revoked. This check is a constant-time, low-cost operation executable in a smart contract or client-side.
05
Comparison to CRL & OCSP
Revocation bitmaps offer a blockchain-native alternative to traditional PKI systems:
- Certificate Revocation Lists (CRL): A full, growing list of serial numbers. Bitmaps provide constant-size storage.
- Online Certificate Status Protocol (OCSP): Requires querying a central responder. Bitmaps enable trustless, on-chain verification without a live query. This shift is critical for decentralized applications requiring self-sovereign credential status.
06
Scalability & Compression
For systems with millions of credentials, a single bitmap per issuer may be insufficient. Implementations often use:
- Bitmap Indexing: Credentials are grouped into pages (e.g., 65,536 credentials per bitmap).
- Sparse Merkle Trees: For extremely sparse revocation, a tree can prove non-membership more efficiently.
- Off-Chain Storage with On-Chain Root: Storing the full bitmap on IPFS or a decentralized storage network, with only the cryptographic root committed on-chain for verification.
COMPARISON
Revocation Bitmap vs. Other Status Methods
A technical comparison of mechanisms for managing the validity status of verifiable credentials and attestations on-chain.
| Feature | Revocation Bitmap | Revocation Registry (On-Chain) | Status List (Off-Chain) |
|---|---|---|---|
Data Location | On-chain (smart contract state) | On-chain (registry contract) | Off-chain (hosted JSON) |
Status Check Cost | Gas fee for read | Gas fee for read | HTTP request (no gas) |
Revocation Update Cost | Gas fee for state update | Gas fee for registry update | Hosting/bandwidth cost |
Decentralization | High (tied to chain consensus) | High (tied to chain consensus) | Low (depends on central server) |
Real-time Status | |||
Censorship Resistance | |||
Scalability for Mass Revocation | High (single bit per ID) | Medium (per-credential entry) | High (single list file) |
Privacy of Revocation Check |
security-considerations
REVOCATION BITMAP
Security & Operational Considerations
A revocation bitmap is a cryptographic mechanism for efficiently managing the status of credentials or permissions on a blockchain, enabling selective invalidation without revealing the revoked items.
01
Core Mechanism
A revocation bitmap is a compact data structure, often a bit array, where each bit corresponds to the status (valid/revoked) of a specific credential or authorization. The index of a credential (e.g., a credential ID) maps to a specific bit position. A '0' typically indicates valid, while a '1' indicates revoked. This allows for constant-time status checks and privacy-preserving verification, as the verifier only needs to query the bit at a specific index without learning about other credentials.
02
On-Chain vs. Off-Chain Storage
The bitmap's storage location is a key operational decision with security trade-offs.
- On-Chain Storage: The bitmap is stored in a smart contract or on the ledger itself. This provides immutable audit trails and decentralized trust but incurs gas/transaction costs for updates and queries.
- Off-Chain Storage (with On-Chain Anchor): The bitmap is maintained off-chain (e.g., in a database), with only a cryptographic commitment (like a Merkle root) periodically published on-chain. This is highly gas-efficient but introduces a trust assumption in the off-chain data provider's availability and honesty.
03
Privacy & Selective Disclosure
A major advantage of revocation bitmaps is enabling zero-knowledge (ZK) proofs of non-revocation. A credential holder can generate a proof that the bit at their credential's index is '0' (valid) without revealing the index itself or any other information in the bitmap. This is crucial for systems like verifiable credentials and anonymous attestations, where maintaining user privacy while ensuring credential freshness is paramount.
04
Scalability & Gas Optimization
Managing bitmap size and update costs is critical for scalability.
- Sparse Merkle Trees: Often used to represent the bitmap, allowing efficient updates and proofs for a vast namespace (e.g., 2^256 leaves) while only storing non-default (revoked) leaves.
- Batching Updates: Revocation authorities can aggregate multiple revocations into a single transaction to update the on-chain state, amortizing gas costs.
- Bitfield Compression: Techniques like run-length encoding (RLE) can compress the bitmap if revocations are clustered, reducing storage and transmission overhead.
05
Security Risks & Mitigations
Key security considerations for revocation bitmap implementations include:
- Centralized Revocation Authority: A single entity controlling updates creates a single point of failure and censorship risk. Mitigations include multi-signature schemes or decentralized governance.
- State Bloat: An ever-growing, uncompressed on-chain bitmap can become prohibitively expensive. Using sparse data structures is essential.
- Front-Running & Race Conditions: In on-chain schemes, a malicious user might try to use a credential between the time a revocation is issued and the transaction is mined. Commit-Reveal schemes or time-locks can mitigate this.
06
Real-World Implementations
Revocation bitmaps are a foundational component in several major protocols.
- Ethereum Attestation Service (EAS): Uses an on-chain bitmap for efficient revocation of attestations.
- Verifiable Credentials (W3C): The Status List 2021 specification defines a standard for using bitstrings for credential status, enabling interoperability.
- Semaphore Protocol: Uses a Merkle tree-based group management structure where leaves can be set to a 'nullifier' state, functionally similar to a revocation bitmap for anonymous group membership.
REVOCATION BITMAP
Frequently Asked Questions (FAQ)
A revocation bitmap is a cryptographic mechanism for efficiently managing the revocation status of credentials, tokens, or permissions on a blockchain. This section answers common technical questions about its implementation and use cases.
A revocation bitmap is a space-efficient data structure, typically a large bit array, where each bit represents the active or revoked status of a corresponding credential, token, or permission. The core mechanism works by mapping a unique identifier (like a credential index or token ID) to a specific position in the bitmap. A bit value of 0 usually indicates the item is valid, while a 1 indicates it has been revoked. This allows any verifier to check the status of an item with a simple, constant-time lookup by computing its position, making revocation checks extremely fast and cheap on-chain. It is a foundational component in systems like Verifiable Credentials (VCs) and certain Soulbound Token (SBT) implementations where off-chain status must be provably checked on-chain.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall