Systematization of Knowledge for Decentralized Identities and Verifiable Credentials
On behalf of Nethermind Research, in fulfillment of Phase I of Research for Lido DAO.
(The original research proposal can be found here.)
I. Introduction
In this systematization of knowledge, we examine the current innovations and approaches to the field of decentralized identity (also self-sovereign identity), as well as its relevant foundations. In the words of the Ethereum foundation, decentralized identity is “the idea that identity-related information should be self-controlled, private, and portable.” Accordingly, an introductory article by Dock Labs defines decentralized identity as “a type of identity management that allows people to control their own digital identity without depending on a specific service provider.”
Users can construct their decentralized identities from various data sources—whether from interactions happening on a blockchain, information gathered from major social networks or centralized websites, or even an ID issued by a government or an educational institution. Self-sovereign identity implementations then store this data (encrypted or not) in a document on a distributed ledger (such as a blockchain), and associate this document to a set of keys in control of the user, which can be used to assert ownership of the data. Thereafter, a unique address pointing to this document is generated to facilitate access and communication. These addresses are known as decentralized identifiers (DIDs)
In order to make use of this identity, users are able to request or create verifiable credentials, which are cryptographically-verifiable claims to a third party about the data which conforms their identity. Verifiable credentials give the user control of exactly which pieces of information are shown; they also give information requesters tools to combat forgery and fraud.
Understanding current solutions in the landscape of self-sovereign identity is relevant to Lido’s aim of increasing the quality of its validator set in a distributed fashion. A mechanism that decentralizes Lido’s validator set will require robust methods for identity management and authentication. The compilation and analysis of the research sources herein represents the first step towards a state-of-the-art-informed design of a mechanism fulfilling Lido’s goals.
Transferring identity data to Web3
We have mentioned how inputs from Web2 may be used in order to construct a decentralized identity. As examples, one may consider a reputation score on Reddit, the number of stars on repositories created by a user on GitHub, or even the existence of an open TLS connection with a government website, which a user presents as evidence of citizenship from a given country.
In the context of Web3/blockchain, one reason to be interested in bridging Web2 data to Web3 is that it may provide some degree of resistance to a Sybil attack—that is, the ability for a malicious entity on a decentralized protocol to create an arbitrary number of identities and gain disproportionate influence over it. If, for example, we require a decentralized identity to bridge a reputation score from Web2 that is valuable enough, then this mechanism can complicate the creation of numerous identities by a single entity.
Besides Web2, there are alternative sources of off-chain information that one may attempt to transfer to Web3 in order to create an identity. Among these, we count government IDs, institutional credentials, and even biometrics. The goal behind using this data remains the same: using sources that are valuable enough to facilitate identification and obfuscate the creation of Sybils.
The main technical challenge when following this approach is: how do we pull this data in a verifiable way, so that the system is not likely to be exploited? For example: are oracles to be used? If so, what incentivization mechanism is used in order to enforce their honesty?
Due to their potential for building Sybil-resistant solutions (and for making decentralized identities more meaningful in general), we will pay special attention to implementations which explore transferring identity data to Web3 in a way that is trustless, or verifiable.
Additional introductory reading
The interested reader who is not previously familiar with decentralized identities may benefit from the following introductory posts:
- “An Overview of Decentralized Identifiers”, by Michael Pica. This post is a summary of the book “Self-Sovereign Identity: Decentralized digital identity and verifiable credentials” (2021), by Preukschat and Reed. It provides a historical account of the evolution of the field, going from public key infrastructures and "webs of trust” to present-day DIDs and VCs.
II. Preliminaries
In order to read the systematization of knowledge, familiarity with some technical concepts in blockchain and cryptography is advised. For review purposes—as well as for standardizing the concepts to be used—, we have prepared the section below.
III. Paper database
The following database organizes the results of our work.
🗃️Decentralized Identity and Verifiable Credential systems. Paper database
In it, a collection of 70papers and protocols have been selected and analyzed as follows:
- A summary note was prepared for each paper, which can be accessed by clicking on each paper’s title.
- Papers were rated from 1 to 5 according to their quality and originality. This is reflected in the “quality score” column.
- Papers were rated according to how relevant they are to Lido’s mechanism design problem. This is reflected in the “relevance score” column.
IV. Selected papers
Finally, we highlight a selection of papers which were rated as highly relevant. Readers are advised to study these first.