How do Decentralized Digital Identities Work on Ethereum?
Blockchain technology allows for users to create and manage digital identities through the combination of the following components:
- Decentralized identifiers
- Identity management
- Embedded encryption
What is Digital Identity?
A digital identity arises organically from the use of personal information on the web and from the shadow data created by the individual’s actions online. A digital identity may be a pseudonymous profile linked to the device’s IP address, for example, a randomly-generated unique ID. Data points that can help form a digital identity include usernames and passwords, drivers license number, online purchasing history, date of birth, online search activities, medical history, etc. Biometrics, Behavioral, Biographic are the modals that make up a person’s identity.
How is Digital Identity Created?
In one example, users sign up to a self-sovereign identity and data platform to create and register a DID. During this process, the user creates a pair of private and public keys. Public keys associated to a DID can be stored on-chain in case keys are compromised or are rotated for security reasons. Additional data associated with a DID such as attestations can be anchored on-chain, but the full data itself should not be stored on-chain to maintain scalability and compliance with privacy regulations.
What is a Decentralized Identifier?
A decentralized identifier (DID) is a pseudo-anonymous identifier for a person, company, object, etc. Each DID is secured by a private key. Only the private key owner can prove that they own or control their identity. One person can have many DIDs, which limits the extent to which they can be tracked across the multiple activities in their life. For example, a person could have one DID associated with a gaming platform, and another, entirely separate DID associated with their credit reporting platform.
Each DID is often associated with a series of attestations (verifiable credentials) issued by other DIDs, that attest to specific characteristics of that DID (e.g., location, age, diplomas, payslips). These credentials are cryptographically signed by their issuers, which allows DID owners to store these credentials themselves instead of relying on a single profile provider (e.g., Google, Facebook). In addition, non-attested data such as browsing histories or social media posts can also be associated to DIDs by the owner or controllers of that data depending on context and intended use.
How are decentralized identities secured?
A key element of securing decentralized identities is cryptography. In cryptography, private keys are known only to the owner, while public keys are disseminated widely. This pairing accomplishes two functions. The first is authentication, where the public key verifies that a holder of the paired private key sent the message. The second is encryption, where only the paired private key holder can decrypt the message encrypted with the public key.
How are decentralized identities used?
Once paired with a decentralized identity, users can present the verified identifier in the form of a QR code to prove their identity and access certain services. The service provider verifies the identity by verifying the proof of control or ownership of the presented attestation — the attestation had been associated with a DID and the user signs the presentation with the private key belonging to that DID. If they match, access is granted.
What Are the Use Cases of Blockchain in Identity Management?
Decentralized and digital identification can be used in many ways. Here are some of the top use cases that ConsenSys has identified:
- Self Sovereign identity
- Data Monetization
- Data Portability
What is Self Sovereign identity?
Self-sovereign identity (SSI) is the concept that people and businesses can store their own identity data on their own devices; choosing which pieces of information to share to validators without relying on a central repository of identity data. These identities could be created independent of nation-states, corporations, or global organizations.
A zero-knowledge proof, sometimes also referred to as a ZK protocol, is a verification method that takes place between a prover and a verifier. In a zero-knowledge proof system, the prover is able to prove to the verifier that they have the knowledge of a particular piece of information (such as the solution to a mathematical equation) without revealing the information itself. These proof systems can be used by modern cryptographers to provide increased levels of privacy and security.
The concept of a zero-knowledge proof was first described in a 1985 MIT paper, published by Shafi Goldwasser and Silvio Micali. They demonstrated that it was possible to prove some properties of a number without disclosing the number or any additional information about it. This paper also introduced the mathematically significant finding that interactions between a prover and a verifier could reduce the amount of information required to prove a given theorem.
A ZK proof must fulfill two basic requirements known as completeness and soundness. Completeness refers to the ability of the prover to demonstrate knowledge of the relevant information to a high degree of probable accuracy. For the proof to be sound, the verifier must be able to reliably determine whether or not the prover is actually in possession of the information. Finally, in order to be truly zero-knowledge, the proof must achieve both completeness and soundness without the information in question ever being communicated between the prover and the verifier.
Zero-knowledge proofs are mostly used for applications in which privacy and security are essential. Authentication systems, for example, can employ ZK proofs to verify credentials or identities without directly divulging them. As a simple example, it can be used to verify that a person has a password to a computer system without the need for disclosing what the password.