July 17, 2023 - 6 min read
DIDs are your on-chain, cryptographic fingerprints- made possible by powerful cryptographic primitives for decentralized, trustless verification.
One’s identity is everything. Ownership of oneself is the essence of freedom, and ownership of one’s property seems to fall under this umbrella. Opening a bank account, registering employment, voting in elections, buying real estate—all of these things require an individual proving their identity.
Until recently, we couldn’t control how our personal information was stored, shared, or disposed of – or have proof that our data was mishandled or compromised. That is, our personally identifiable information has been subject to opaque and centralized control. This could be brought to a swift end by leveraging the security of cryptographic primitives and decentralization regarding data storage, verification, and transparency.
What’s worse, the digital space has become crowded with anonymous bots and other malicious actors who create chaos without incurring any real cost to themselves. Considering the damage that DDoS or other bot-like attacks can inflict on civil discourse and the functionality of web services, debates on the pros and cons of anonymity have become more prominent. Perhaps requiring digital IDs to use online services could make such attacks costly by identifying perpetrators and holding them accountable.
Implementing a system of decentralized identity would not be as simple as minting a token. No, it must be interoperable amongst disparate ecosystems. A proper DID would allow individuals to manage their identity-related information without relying on a single network nor any central authorities except for the sovereign jurisdictions in which they live.
However, protecting individuals from privacy infringements and identity theft while also delivering a slick UX is no simple task. In order to deliver the best results, a vertically integrated stack of powerful cryptographic primitives will need to be leveraged so as to optimize outcomes and minimize any drawbacks. DIDs must be stored via decentralized blockchains, persistent over time, globally resolvable, and cryptographically verifiable.
One way to do this would be for users to store their DIDs into their own personal databases, or keystore contracts. These would essentially be like storage facilities for cryptographic keys and certificates, with permissioned pools of data. That means you would only reveal only the required KYC information during an interaction without revealing anything else about yourself.
The keystore contract could contain all of the KYC information needed to verify a human with a digital signature. That way, you would use your keystore contract as a source-level, primary identifier. The primary function would be to contain the public keys, authentication protocols, identifying metadata, timestamps and signatures for auditing, and endpoint addresses necessary to verify entities intending to interact with Web3 infrastructure requiring KYC access.
However, their digital assets would be held in various accounts or wallets that can be generated or verified via their DID keystore. The keystores would be private, while subsequently allowing for counterfactual instantiation, meaning one can generate new addresses which can demonstrate provenance from the original keystore contract.
For example, each user would need to generate their DID on one chain which could subsequently allow for other interactions to point back to the origin keystore contract. This would be the root of all on-chain interactions so long as other blockchains can call upon one’s DID from the target chain or L2. Transacting from newly generated wallets or addresses would require a cryptographic proof demonstrating provenance from the user’s DID keystore contract.
While privacy is understood to be an essential concept for identity management solutions, it is especially crucial for decentralized, automated systems like smart contract platforms- and the immutability of a public blockchain’s recorded history. That is to say that mistakes are unforgiving in this space.
As there are no centralized authorities to abuse their power in DeFi, there are also no benevolent customer service reps which can fix a mistake you made by reversing an erroneous transaction. Losing access to your credentials or allowing a malicious actor to gain undue access could be catastrophic. Therefore, both privacy controls and recovery solutions need to be adjusted so that new users will onboard themselves confidently.
Fortunately, DID infrastructure can incorporate Privacy by Design into its security infrastructure from the ground up. From generating temporary public addresses to storing personally identifiable information (PII) off-chain, there are several clever privacy-preserving layers which can future-proof the security of most our sensitive data:
One often forgotten concept by digital natives and the Web3 crowd more specifically is that regular users need to understand how this stuff works and be able to operate it without frustration (or catastrophic loss, for that matter). That is to say that DIDs need to be understandable to and comfortable for users like say, your parents or grandparents.
Nobody except for the most risk-tolerant individuals will accept the risk of catastrophic failure when it comes to the loss of their assets or their identity in the form of DIDs. It is not just about technical feasibility but about actual accessibility for regular users. This is a paradox which may haunt Web3 enthusiasts for some time to come. With great decentralization comes great responsibility.
Thus, decentralized private key storage, secret sharing schemes, or social recovery methods could be used to distribute the risks of loss without compromising on security in meaningful ways. Ironically, a physical device like a hardware ID could still be used to store private keys with PIN code access for daily conveniences while recovery seeds could be kept offline for recovery efforts.
Despite the challenges in a workable DID implementation, scalability, security, and privacy for our users has to take precedence above convenience. Too often we accept centralized solutions for the sake of cost savings, brevity of development, or quicker adoption. The hard work has to be done without any corners being cut, even if it takes years of development. Our patience will be rewarded in time.
RECENT POSTS
Suscríbete al boletín de Supra para recibir noticias, actualizaciones, análisis de la industria y más.
©2024 Supra | Entropy Foundation (Suiza: CHE.383.364.961). Todos los derechos reservados