Building digital identity infrastructure you can rely on — at scale, under regulation, without downtime.

📍 Luxembourg · 🇰🇷 Korea  |  🏢 Hopae  |  🌐 Open Wallet Foundation  |  ✍️ blog.lukasjhan.com

Republic of Korea Air Force, honorably discharged as Staff Sergeant.

The reference TypeScript implementation of SD-JWT and SD-JWT VC — powering production digital identity wallets across Europe and beyond.

• First project to graduate from OWF Lab → Growth Stage
• Implements the latest SD-JWT and SD-JWT VC specifications
• Deployed in EUDI Wallet ecosystem implementations
• 6M+ total downloads on npm

TypeScript implementation of ISO 18013-5 (mDoc) — the mobile driver's license standard being adopted across the EU and US.

Contributor to the official EU Digital Identity Wallet reference codebase — maintained by the European Commission as the canonical implementation of the eIDAS 2.0 Architecture Reference Framework (ARF).

• DCQL null matching — implemented the missing null-matching semantics of the DCQL specification in the iOS wallet stack, enabling verifiers to query for credentials with optional claims
  • eudi-lib-ios-openid4vp-swift #179
  • eudi-lib-ios-wallet-kit #313

Contributing engineer on the official IATA Proof of Concept (Cycle 2) — validating credential-based digital identity across global airline and airport infrastructure, representing Hopae as a listed technology partner.

• Verifying Digital Identity in the Distribution Process — B2B agent verification across NDC distribution networks plus B2C traveler identity via digital wallets
• Contactless Travel — End-to-end contactless travel pilot using wallet-based credentials across airlines, airports, and wallet providers

Partners include Air Canada, British Airways, Qatar Airways, Japan Airlines, Air New Zealand, Hong Kong Int'l Airport, with technology partners Google Wallet, Amadeus, SITA, NEC, Infosys. Standards applied: W3C VC · SD-JWT VC · OpenID4VP · ISO 23220 — the same specifications I maintain and contribute to upstream.

Issuer-Unlinkable Nullifiers and Revocation in Transparent Zero-Knowledge · working paper, 2026

Selective-disclosure credentials ship without unlinkability — the issuer's signature and salted hashes let colluding verifiers (and the issuer itself) correlate every presentation. This work brings unlinkability to the unmodified SD-JWT VC and ISO mdoc credentials I maintain upstream, using transparent (no-trusted-setup) zero-knowledge on top of Google's longfellow-zk.

• 🧩 The first ZK circuits for the unmodified IETF SD-JWT VC text format (JSON/JWS/base64url) — no change to issuers or devices
• 🪪 An issuer-unlinkable blind nullifier — a per-context tag that even the issuer cannot trace, enabling one-vote-per-election / one-account-per-service without ever de-anonymizing the holder
• 🔁 Signed-range revocation plus a shared, format-agnostic core that runs unchanged across both SD-JWT VC and ISO mdoc
• ⚡ Implemented & benchmarked end-to-end — sub-2s proving, sub-second verification on a desktop and a Snapdragon 8 Gen 2 phone, with no trusted setup

📄 Read the working draft (PDF)

• KRDS React — Component library for the Korean Government Design System
• winston-opensearch — Winston logger transport for OpenSearch

Working at the intersection of EU regulation and technical implementation — where every spec decision carries legal consequences.

📄 W3C Translations (Korean):

• DID Core 1.0
• VC Data Model 1.1

Blog — blog.lukasjhan.com — monthly writing (EN) on digital identity, trust infrastructure, and engineering culture.

Events & Talks

Reflections on each event are published on the blog above.

Cloud & Infrastructure

Languages

Backend

Data & Messaging

Observability