Issuers certify attributes privately.

5.1 Issuer Certification Flow

1. User proves to issuer the plaintext value.
2. Issuer computes:
   • issuer_commitment = Hash(issuer_public_key || policy_version)
   • signature on the value commitment
3. User stores:
   • value encrypted in Vault
   • issuer signature
   • issuer commitment
4. Attribute leaf includes:
   • descriptor
   • value commitment
   • issuer commitment
   • validity window

The issuer never needs to see the full identity, only the attribute relevant to them.