Presenter: Angelos Lagos
Date: 10 March 2026

Digital identity systems face an inherent tension between verifiability, non-transferability, and privacy. While current European Digital Identity Wallet prototypes rely on Selective-Disclosure JWTs (SD-JWTs) to achieve minimal disclosure and backward compatibility, these designs fail to uphold the strict three-way unlinkability requirement mandated by EU regulations. Schemes based on BBS signatures have been proposed as a possible solution to this problem. While these schemes satisfy the stated requirements, their use of complex cryptographic operations incurs a non-negligible performance overhead, especially relevant for mobile devices. To empirically investigate this overhead, we construct an extendable benchmarking suite for end-to-end wallet operations. Using our suite, we perform experiments comparing the performance of several privacy-preserving verifiable credential implementations on a desktop computer, a smartphone, a smartwatch, and a low-cost single-board computer. We find that performance varies significantly (often by an order of magnitude) based on hardware, employed scheme, and programming language of the implementation. Performance differences between schemes and implementations are more pronounced on resource-constrained devices. Positively, with the best-performing unlinkable BBS variant, a smartwatch needs around 1.5 seconds for credential presentation, latency that can be considered practically acceptable. Our results inform discussions on the transition to privacy-preserving mobile identity wallets, while our open-source suite can be used to benchmark future implementations.