To resolve the privacy-efficiency trade-off in verifiable credential revocation within self-sovereign identity (SSI), this paper proposes a privacy-preserving revocation mechanism supporting fine-grained temporal authorization. Methodologically, it pioneers the integration of anonymous hierarchical identity-based encryption (HIBE) with zero-knowledge–friendly signatures and verifiable timestamping protocols, enabling holders to autonomously restrict verifiers’ access to revocation status within configurable time windows. Contributions include: (i) issuer unlinkability—issuers cannot trace credential presentations; (ii) verifier privacy confinement—verifiers learn only whether a credential was revoked within the authorized interval, with no extraneous information disclosed; and (iii) regulatory compliance and enhanced verification efficiency. Experimental evaluation demonstrates that the scheme achieves strong privacy guarantees while reducing revocation verification overhead below that of state-of-the-art approaches.

Self-Sovereign Identity (SSI) is an emerging paradigm for authentication and credential presentation that aims to give users control over their data and prevent any kind of tracking by (even trusted) third parties. In the European Union, the EUDI Digital Identity wallet is about to become a concrete implementation of this paradigm. However, a debate is still ongoing, partially reflecting some aspects that are not yet consolidated in the scientific state of the art. Among these, an effective, efficient, and privacy-preserving implementation of verifiable credential revocation remains a subject of discussion. In this work-in-progress paper, we propose the basis of a novel method that customizes the use of anonymous hierarchical identity-based encryption to restrict the Verifier access to the temporal authorizations granted by the Holder. This way, the Issuer cannot track the Holder's credential presentations, and the Verifier cannot check revocation information beyond what is permitted by the Holder.