4/ This also enables a new type of credentials: verifiable software audits.
A company can prove its proprietary code satisfies a property — say, deleting payment-card numbers after processing — without revealing the source.
2/ Today's private credentials only handle simple predicates over structured data ("over 18," "balance > X").
But the richest signals (purchase histories, medical records, emails) are unstructured, and the interesting claims need semantic reasoning. So that information goes unused.
3/ đťś‹Creds use an LLM running inside a TEE to issue credentials over that unstructured data.
That way, you can prove the richer claims, like real expertise in a product category from your purchase history, while the sensitive purchase transcript data remains private.
5/ But LLMs open new attack surfaces. We formalize two:
- A malicious prover could try to game a credential by manipulating their data (e.g. strategic purchases to inflate expertise).
- A malicious model could try to leak private info, hiding a sensitive bit in output that looks benign.
