Systematization of Knowledge for Decentralized Identities and Verifiable Credentials

On behalf of Nethermind Research, in fulfillment of Phase I of Research for Lido DAO.

(The original research proposal can be found here.)

I. Introduction

In this systematization of knowledge, we examine the current innovations and approaches to the field of decentralized identity (also self-sovereign identity), as well as its relevant foundations. In the words of the Ethereum foundation, decentralized identity is “the idea that identity-related information should be self-controlled, private, and portable.” Accordingly, an introductory article by Dock Labs defines decentralized identity as “a type of identity management that allows people to control their own digital identity without depending on a specific service provider.”

Users can construct their decentralized identities from various data sources—whether from interactions happening on a blockchain, information gathered from major social networks or centralized websites, or even an ID issued by a government or an educational institution. Self-sovereign identity implementations then store this data (encrypted or not) in a document on a distributed ledger (such as a blockchain), and associate this document to a set of keys in control of the user, which can be used to assert ownership of the data. Thereafter, a unique address pointing to this document is generated to facilitate access and communication. These addresses are known as decentralized identifiers (DIDs)

In order to make use of this identity, users are able to request or create verifiable credentials, which are cryptographically-verifiable claims to a third party about the data which conforms their identity. Verifiable credentials give the user control of exactly which pieces of information are shown; they also give information requesters tools to combat forgery and fraud.

Understanding current solutions in the landscape of self-sovereign identity is relevant to Lido’s aim of increasing the quality of its validator set in a distributed fashion. A mechanism that decentralizes Lido’s validator set will require robust methods for identity management and authentication. The compilation and analysis of the research sources herein represents the first step towards a state-of-the-art-informed design of a mechanism fulfilling Lido’s goals.

Transferring identity data to Web3

We have mentioned how inputs from Web2 may be used in order to construct a decentralized identity. As examples, one may consider a reputation score on Reddit, the number of stars on repositories created by a user on GitHub, or even the existence of an open TLS connection with a government website, which a user presents as evidence of citizenship from a given country.

In the context of Web3/blockchain, one reason to be interested in bridging Web2 data to Web3 is that it may provide some degree of resistance to a Sybil attack—that is, the ability for a malicious entity on a decentralized protocol to create an arbitrary number of identities and gain disproportionate influence over it. If, for example, we require a decentralized identity to bridge a reputation score from Web2 that is valuable enough, then this mechanism can complicate the creation of numerous identities by a single entity.

Besides Web2, there are alternative sources of off-chain information that one may attempt to transfer to Web3 in order to create an identity. Among these, we count government IDs, institutional credentials, and even biometrics. The goal behind using this data remains the same: using sources that are valuable enough to facilitate identification and obfuscate the creation of Sybils.

The main technical challenge when following this approach is: how do we pull this data in a verifiable way, so that the system is not likely to be exploited? For example: are oracles to be used? If so, what incentivization mechanism is used in order to enforce their honesty?

Due to their potential for building Sybil-resistant solutions (and for making decentralized identities more meaningful in general), we will pay special attention to implementations which explore transferring identity data to Web3 in a way that is trustless, or verifiable.

Additional introductory reading

The interested reader who is not previously familiar with decentralized identities may benefit from the following introductory posts:

II. Preliminaries

In order to read the systematization of knowledge, familiarity with some technical concepts in blockchain and cryptography is advised. For review purposes—as well as for standardizing the concepts to be used—, we have prepared the section below.

III. Paper database

The following database organizes the results of our work.

🗃️Decentralized Identity and Verifiable Credential systems. Paper database

In it, a collection of 70papers and protocols have been selected and analyzed as follows:

IV. Selected papers

Finally, we highlight a selection of papers which were rated as highly relevant. Readers are advised to study these first.

Classical papers

Decentralized Identity and Verifiable Credentials

Web2 to Web3 data

Project implementations

Interep (by PSE)