Combining technologies can lead to new use cases. Cardano has the Atala PRISM project, which is a management system for decentralized identity (DID). Project Midnight will soon be launched, which will be able to use Zero-Knowledge (ZK) proofs. Let's think about what can be achieved by combining these projects.
What is DID for?
Decentralized identity is a way of using blockchain technology to create and manage digital identities (DIDs) that are portable, trustworthy, and self-sovereign.
DIDs are unique identifiers that are generated from public keys and that can be published on a public blockchain like Cardano. Anyone in the world can create a DID without third-party permission. A single entity can even create multiple DIDs.
DID on its own primarily serves to prove that you are the owner of that DID. It's a unique identifier that you control and can use to authenticate yourself in digital spaces. However, a DID itself does not provide information about your real-world identity. That's where Verifiable Credentials (VCs) come in, which can be linked to your DID and provide attestations about your real-world identity.
Verifiable Credentials are a key component of decentralized identity systems. They are digital equivalents of physical credentials like passports, driver’s licenses, or membership cards.
VCs are associated with DIDs. An authority (the issuer of VCs), such as a government, educational institution, or other trusted entity, can create a VC and assign it to a specific DID.
A VC can be any assertion made by an issuer about a holder of DID. This could include assertions about the subject’s identity, capabilities, achievements, or any other attributes. For example, a government could issue a VC asserting that a person is a citizen of a certain country, or a university could issue a VC asserting that a person has received a certain degree. For example, the Ministry of Education in Ethiopia is deploying Atala PRISM for this very purpose.
The interaction between the prover (DID holder) and the verifier (the entity verifying the prover's identity or claims) typically involves the following steps:
- The prover creates a claim about their identity. This could be anything from their name to their age or nationality. The claim must be confirmed by an authority trusted by the verifier.
- The claim is verified by a trusted entity (like a government or bank), which then issues a VC together with proof to the prover. The VC gets associated with the DID of the prover.
- When the prover needs to prove their identity to a verifier, they present the VC along with proof that they are the rightful owner of the VC.
- The verifier checks the VC and the proof provided by the prover. If everything checks out, the verifier accepts the prover's claimed identity.
The correctness of VCs is ensured through the use of cryptographic techniques. When an issuer creates a VC, they sign it with their private key. This creates a digital signature that can be used to verify that the VC indeed comes from the claimed issuer and hasn’t been tampered with. The issuer’s public key, which can be used to verify the digital signature, is typically published on the blockchain along with their DID.
The verifier uses data from both the blockchain and the prover to verify VCs. Verification is therefore fast and always available thanks to the use of blockchain.
The interaction between the prover and the verifier can be encrypted to protect the data during transfer over the internet. This is typically done using secure communication protocols like HTTPS.
Once the data reaches the verifier, it can be decrypted and viewed by the verifier. This is necessary for the verifier to check the VC and the proof provided by the prover.
Digital signatures play a crucial role in this process. They are used to ensure that the VC hasn’t been tampered with and that it indeed comes from the claimed issuer. The prover also uses a digital signature to prove that they are the rightful owner of the VC.
So, while encryption protects data during transfer, it doesn’t hide data from the verifier. That’s where technologies like Zero-Knowledge Proofs come in, allowing users to prove things about their identities without revealing the underlying data.
How do ZK Proofs improve DID?
ZK Proofs can be used as an additional layer to hide data even from the verifier. This is a powerful tool for preserving privacy in decentralized identity systems and other applications where sensitive data needs to be protected.
Let's consider an example where a user wants to prove their nationality, age, and income above a certain threshold without revealing the actual data to a verifier. Let's call him Bob.
The verifier can be, for example, CEX or DEX, which must by law ensure that citizens from certain countries or terrorists do not trade on it. Furthermore, only adults with a certain income trade on it. The exchange does not want to keep user data (for security reasons) but wants to comply with the regulator's requirements. Assume that the regulator does not require the exchange to collect personal information about traders.
Bob (DID holder) already has the necessary VCs from authorities (government and employer) and wants to trade on an exchange that needs to verify identity, age, and income.
Bob uses VCs to create ZK proofs that prove he is a citizen of a certain country (without revealing his exact nationality), that he is over 18 (without revealing his exact age), and that his income is above a certain threshold (without revealing his exact income).
Bob submits the DID including proof of ownership (digital signature) and all ZK proofs to the verifier.
The verifier checks the ZK proofs using the public key associated with the user's DID. Several rounds of challenge-response will take place so that the verifier can be sure about ZK proofs. If the verification passes, the verifier accepts Bob's claims without ever seeing the user's actual nationality, age, or income.
It is certainly positive that it will be technologically possible to enable users to control their privacy and choose which data to provide to a third party. Some governments and organizations are exploring these technologies for their potential to enhance privacy and security.
These technologies can enhance privacy but they also raise new challenges. Authorities need to balance the privacy benefits of these technologies with other considerations such as security, regulation, and compliance. So while it is possible that authorities will allow the use of DIDs and ZK proofs, it's also likely that they will still want to maintain some level of control and oversight. This could involve setting standards for how these technologies are used, or requiring certain types of disclosures or checks in specific contexts.