Signing Algorithm

Name	Implementation Support	IPR Policy	Specification	Standardization (Body, Process)	Recognition by government authorities (NIST, BSI, ...)	Performance	Security strength
BBS+ with public key binding	https://github.com/mattrglobal/bbs-signatures		https://datatracker.ietf.org/doc/draft-looker-cfrg-bbs-signatures/	DIF (intention to transfer to IRTF CFRG)	*		381 bit curve
BoundBBS+		barely		DIF (intention to transfer to IRTF CFRG)	*
CL	Hyperledger Ursa, https://github.com/privacybydesign/gabi		CL-Signatures of there own do not have a formal specification, that is included in Anoncreds	none	*	Ursa: up to 7 seconds for a validation and approximately 30 seconds for credential definition generation; IRMA (Yivi): both in less than a second	equivalent to RSA2048
Coconut	https://dev.zenroom.org/#/pages/zencode-crypto?id=zero-knowledge-proof-and-attribute-based-credentials	Apache License 2.0	different curves-different specs	different curves-different standards	*	high
ECDSA	many mature implementations		X9.62-2005	ANSI			256 / 384 / 512 bit
EdDSA	many mature implementations				*	high	257 / 384 / 512 bit
ML-DSA	https://dev.zenroom.org/#/pages/zencode-scenarios-post-quantum-cryptography?id=ml-dsa-44		https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf	NIST	*	high
PS	Hyperledger Anoncreds, https://github.com/hyperledger/anoncreds-v2-rs		PS-Signatures of there own do not have a formal specification, that is included in Anoncreds-V2	none	*	medium, faster than CL, slower than Schnorr, single-digit milliseconds for all operations, even in a threshold decentralized setting
RSA	many mature implementations				*		2048 / 3072 / 4096 (scales bad)
Schnorr	many mature implementations	patents expired	different curves-different specs	different curves-different standards	*	high