Self-Sovereign Digital Identity
Introduction
Trust takes center stage when we humans interact with each other. The amount of trust needed between parties is proportional to the amount of risk of having an interaction.
By trusting another party, you empower them to act and decide in a manner that affects you somehow; and by subsequently verifying their actions, they demonstrate to you that they do indeed live up to their responsibilities.
“Trust, but verify,” as the Russian proverb goes.
This article examines the scale of trust and risk set in the context of a decentralized, cryptographically verifiable, self-sovereign system such as Concordium’s Web3 ID framework. In doing so, it establishes the terminology and examines types of interactions that are enabled as the trust and need for verification between parties increases.
Trust & Risk
We humans are transactional beings. Every single interaction between two or more people has some element of transactionality to it from the exchange of goods to social media posts. And every transaction requires some amount of trust between the involved parties before it can take place.
At its most basic level, interactions are private when you want to avoid repercussions from posting online, if you’re buying groceries, a ticket to the movies or numerous other everyday tasks where there is absolutely no reason for the other party to trust you.
As soon, however, as the delivery of a service involves an element of risk, the ability for the parties involved to trust each other becomes crucial. In particular, the ability to know who you’re interacting with and what they stand for are key pieces of information which we humans use to judge if a transaction is worth it.
In an online game, a user may identify themselves via a pseudonym and gain a reputation for being a skilled player. Another user may choose to team up with such an experienced person to slay the dragon — perhaps in exchange for giving up the majority of the plunder. The element of trust is reflected in the skilled player’s social reputation, level, and status in the game.
Banks form the backbone of finance in our societies. Here they take custody of our money, allow us to take out loans when we need a house or a new car, provide services for making more money by investing in stock markets, and deliver payment services in the shape of credit cards and automated transfers. The relationship we form with our banks is based on trust: for the most basic services, the bank needs to ensure we’re an identified person e.g. by checking our passport as we show up at the local branch; and we need to be able to trust the bank will exist tomorrow and not enter into illegal activities with our money that we may end up losing.
More sophisticated financial services, such as investing in stock, requires the bank to check even more aspects of our identity: proof-of-address, that we’re not on a sanctions list, or classified as a protected person. These checks are a legal requirement in most countries for financial service providers and increase trust in the customer’s identity. Collectively such a set of checks is termed, know-your-customer or KYC. With it, the service provider will have proof not only of our legal identity, but also where we live and that we’re a “safe” person to work with.
What the service provider still doesn’t know though is our financial capacity. A bank may have a long-standing relationship with a customer and use the knowledge of monthly payments, account balances, income, etc. to decide on what size of loan at what rate to give. The bank may consult a credit reporting agency to check if we’re a good payer before they do so. The same logic applies in Web3 where our financial reputation can be vouched for by an agency that analyzes our crypto transactions and potentially combines that with information from banks or credit bureaus.
Figure 1: The need to provide more and more information to increase trust, counter risk, and ultimately enable transactions between people to take place.
All in all, the amount of trust we need to convey in each other as we provide ever more risky services increases and we will have to give away more information about ourselves for transactions to happen as illustrated above.
The risk of conducting a transaction with someone and the trust you can convey in them goes hand in hand.
Self-Sovereign Identity
The need to securely verify some aspect of a person’s identity exists in multiple avenues of life. When you enter a nightclub, when you buy adult services, intoxicating substances, or sign up for social media, you need to prove your age; when you buy a boat or a house, apply for a driver’s license, seek insurance, rent a car, you need to prove your full identity.
And the list goes on.
In real life, we keep our identity documents safely tucked away in wallets, purses, or binders and disclose them selectively as needed when we require the service of someone and they ask for credentials. In other words, we have self-sovereign control over our identity ie. we decide who we disclose our information to and when.
But for all its merits, our old backpocket wallet has a privacy flaw: when we pull out our driver’s license and show it to the doorman at the local nightclub to prove we’re old enough to enter, we disclose more than we want to. The doorman may take note of our full identity and choose to abuse that information.
Wouldn’t it be great if we could decide to convey only the information that’s relevant in a particular exchange? If we could prove to the doorman that we’re old enough to enter without showing our full name or convey our address details to the hotel without giving away our social security number and passport id?
Enter digital identities where this kind of interaction is possible and known as selective disclosure. In essence, this capability allows service providers to ask you for just the information they need as it’s available from one of your identity cards either as an attribute such as your first name or a predicate such as “are you from Europe”. Service providers can even mix and match and ask for multiple attributes and predicates from many different identity cards at once.
The illustration below shows how a casino might ask for a digital proof that a person is older than 18 before letting them access the blackjack table. If the person decides to reply, the required information is sent back digitally to the casino in the shape of a so-called zero knowledge proof. Such a proof is near-impossible to forge and can easily be validated by the casino or any other service provider:
Figure 2: Selective disclosure of information as a zero knowledge proof of age
Digital Wallets
Your real-world wallet contains money or credit cards that help you pay for goods. It contains aspects of your identity, your driver’s license, membership cards, business cards, access cards, all of which serve you in transactions of some kind.
In self-sovereign identity frameworks, a digital identity wallet serves the same purpose. It exists in the shape of an application on some device that you control, your laptop or your phone. With your digital wallet you can perform payments for services, hold digital assets, and prove aspects of your identity to get access to services.
You can also receive the digital equivalent of a physical card. In SSI terms such a card is known as a verifiable credential or VC for short. VCs are created by an issuing authority, an issuer, which is typically a company, but which could also be a person or a digital agent. The authenticity of a VC is guaranteed by the issuer’s digital signature and hence they’re extremely difficult to forge.
When you receive a VC from some third party, your wallet will validate that it has a valid signature on it from a known issuer. It is, however, up to you to decide if this is indeed the issuer you expected and if you want to add the VC to your wallet.
The self-sovereign wallet heralds a return to the days of your old physical wallet where you and only you had control over your identity papers. Only now, you can conveniently have your VCs on multiple units and whenever a VC is added, changed or removed, this will be automatically reflected across your devices: the wallets synchronize.
While digital wallets can be self-sovereign, they can also be centralized and custodial. Such wallets are held on your behalf by an external service provider and your data is stored in their databases. Custodial wallets are subject to potential privacy breaches by the service provider and obvious targets for hackers. For those reasons, they can’t serve as a digital replacement of your old back pocket wallet.
The Trust Triangle
Some credentials such as a proof-of-reputation given by a game provider to a gamer requires just a pseudonym, but more often than not will an issuer of a credential require deeper knowledge of the recipient. They will require this because as an issuer you’re putting your name on the line when you give someone a credential that states some claim about them.
For instance, a company needs to be sure that company credentials are issued only to current employees. Failure to ensure this would lead to a breakdown when the local bookstore later gives a discount on cook books in return for a proof-of-employment and passes the cost onto the company that issued the employment credential.
In other words, there is a trust relationship between the issuer of a credential and the verifier of a proof based on the credential: the verifier has to know that the company, which issued the credential, is genuine, that the credential is original, and that the receiver is the intended recipient.
In SSI terms this is known as the trust triangle.
Figure 3: The trust triangle: An issuer (“the company”) issues a credential (“proof-of-employment”) to a holder (“employee”). A verifier (“book store”) requests a proof-of-employment from the holder in order to give a discount. The trust registry (e.g. blockchain) anchors VCs for verification.
In real life we often involve a third party when entering into a business relationship with someone we have no context on: when you sell your house, you trust the real estate agent with your keys and as an escrow to hold your money when the sale goes through; and when you buy stocks you trust your broker with executing the deal and keeping your assets safe in custody.
Self-sovereign identity introduces the notion of a Trust Registry. The registry keeps track of all verifiable credentials issued in the system. It does not contain the actual data that goes into the credentials as that would violate self-sovereignty, but it does keep unique fingerprints of everything, which can be used to check the authenticity and integrity of a verifiable credential.
When you quit your job, your former employer will change your employment status to “not employed”; when you forget to pay the subscription fee, your favorite online magazine may change your status to “suspended”.
In SSI, such life-cycle events of verifiable credentials issued to you are handled inside the Trust Registry by the Issuer who may update the status according to their business rules: renew, update, or burn your credentials.
Blockchain is a perfect match as the technology to implement a Trust Registry on: blockchain transactions are immutable so once a verifiable credential has been anchored onto the chain a verifier can simply check that the credentials underpinning proofs they receive from holders were created by a trusted issuer and that their integrity is intact.
Trust, but verify.
Decentralized Identifiers
When you first download and activate your digital wallet it will be completely empty and to get started you’ll need to create a unique address that will allow you to interact privately with others. Such an address is known as a decentralized identifier (DID). You can create as many DIDs as you like and use them in different contexts as you see fit.
The DID forms the private basis of the chain of trust in a wallet. A DID is like a phone number in the sense that others who know it can use it to communicate with you in an encrypted manner.
This is possible because each DID comes with a cryptographic public key that a sender can use to encrypt a message with and a corresponding private key, which can decrypt the message again. The holder of the DID is the only one who has access to the private key hence privacy is preserved.
DIDs allow for private interactions such as subscribing to newsletters, peer-to-peer communication, private posting of comments online, login to web2 and web3 applications, and more. These features will need to be enabled by the wallet, obviously, but the potential is there.
Expanding on figure 1, the diagram below outlines relevant credential types needed to empower use cases with an increasing need for trust. We will deep dive into these in the coming sections:
Figure 4: Credential types and the use cases they enable with increasing trust.
The Data Economy
Chances are that you have an email address already and perhaps you use Meta for keeping in touch with family and friends, Discord or Telegram for chatting with like-minded individuals, Instagram for sharing snapshots of your everyday life, LinkedIn for managing your professional network, etc.
All of these social media businesses keep your personal information in their private databases and might monetize your online profiles and behavior. This is The Data Economy.
Many social media giants offer their login services to third party companies for free or at a fee. As an end-user logging in with a single username/password is ultra-convenient because now you just have to remember that single combination and voila: you can access multiple websites.
That convenience extends to the third party business, which doesn’t have to build a username/password database and which gets a ton of information about you from the social media giant when you log in. It’s great for business for a tech giant that also keeps track of your email, calendar, search history, image gallery, video preferences, map interactions, and more, and is able to correlate all that information into attractive data packages, which can be sold at a fee to anyone interested.
It’s less great, however, for your privacy.
The self-sovereign identity wallets address this lack of privacy by allowing you to take control of your web2 identity information.
Web2 identities are stored in centralized databases and the first step in taking control is to make them decentralized. This happens through a Web2 Identity Issuer as shown on the figure below which could be implemented as a web application.
The user now clicks a service specific login button e.g. “Login with Telegram” at the Issuer Service which takes them to the service provider’s login system. Once logged in, the service provider sends all of the information it knows about the user to the Web2 Identity Issuer. This, in turn, proceeds to create a verifiable credential for your wallet.
And voila, a centralized Web2 identifier has now become decentralized and self-sovereign. The trick of trust here is that the verifiable credential will be signed by the Social Media Verifier and hence have a reference to their verified identity.
Figure 5: Decentralizing a centralized web2 account
From that point onward, you can prove ownership of your email address or ownership of a social media account to others via zero knowledge proofs. This could for instance enable a custodian to hold free NFTs on your behalf if you prove your email address to them.
Emails are often used for 2-factor authentication and this is also possible in an SSI scenario: the user connects their wallet, then proves their email address to a site, the site sends a one-time password in a link to the user’s email address, the user clicks the link and logs in. Similar interactions are possible with other Web2 identities.
Social Reputation
“On the Internet, nobody knows you’re a dog,” as the caption of an internet cartoon from 1993 by Peter Steiner goes. While anonymity and pseudonymity is great if you want to work from the shadows; it also isn’t a whole lot to go by for someone else to convey any kind of trust in you.
Figure 6: On the Internet, you can be anyone and anything
But if they could somehow judge your behavior in various contexts, you might earn just enough trust for an interaction or transaction to take place: actions speak louder than words.
Social reputation score is an enabler for exactly this kind of trust and it comes in the shape of a credential. Like any credential, a social reputation score needs to be vouched for by some authority, which has done its homework and published how the score is calculated for trust.
A person who needs their social reputation score, would first get verifiable credentials for their social media accounts, then prove ownership of these to a social reputation score bureau. With this knowledge, the bureau can analyze posts and actions taken by the user and finally calculate the score.
With a social reputation score in their wallet as a verifiable credential, a person could improve their profile in job searches, on dating sites, when renting an apartment, and in similar interactions where social reputation is important.
Your Legal Identity
Every time you need to interact with public servants at the border, the municipality or at the police station, you need to provide proof-of-identity in the shape of a credential issued by the government: passport, driver’s license, or national identity card.
Your legal identity opens doors to the financial world and in the context of Concordium, blockchain accounts that can hold crypto currencies, CCD.
A legal identifier is often used to grant you access to services, reserved for people in certain age groups. With it, you can go to casinos, buy substances, or access adult content and the service provider can rest assured that they’re in compliance with the law and not dealing with minors.
A digital identity wallet, which allows you to provide zero-knowledge proofs of predicates will enable applications to simply ask, “are you older than 18 and from Europe OR are you older than 21 and from the USA?” It will not need your name, your actual age, or your financial capabilities. It simply needs to know for certain that you’re an adult. And voila, you have access in a complete privacy-preserving manner.
Legal identifiers open for ownership of real-world assets and digital assets: With an identity framework in place, ownership of digital assets can be asserted using zero knowledge technology and potentially coupled to physical items through active tokens that can be read via wireless technology.
And when you buy such an asset from someone, you might want to know the provenance of the item and who made it. This can be asserted with the same technology and the legal identity for instance by stamping required information onto the Concordium blockchain.
Know Your Customer
Since 1970, governments around the world have actively pursued a strategy to combat financial crime by requiring ever more documentation from those who hold bank accounts and conduct financial transactions.
Through the decades, laws aimed at preventing and detecting money laundering, counter terrorism, and providing transparency in transactions for regulators have been strengthened and the traditional financial system of today has an extensive system in place to make the global financial marketplace a safe place to conduct business.
Collecting such vast amounts of information is a gigantic task and to make it practically possible, the responsibility of doing it has been laid on banks and financial institutions who in turn partner with specialized bureaus that do the actual footwork.
The process of collecting the information is termed, “Know Your Customer” or KYC for short and the bureau doing the work is a KYC-provider.
Figure 7: Traditional KYC where a person has to go through the same extensive process for every financial institution.
Going through a KYC process is a multi-step process, which begins with the basic identity check of a passport and a selfie. But a financial business will need to get the remaining KYC information as well to stay within the boundaries of most jurisdictions.
For an end-user who accesses multiple financial applications, going through KYC several times is ultra inconvenient and the same can be said for businesses who have to integrate with a KYC provider.
Web3 ID flips this whole process upside down by sending you directly to the KYC provider just once and for all to get your papers checked. The result of the KYC provider’s analysis is a Web3 ID Credential, which gets installed into your wallet. You can now go to multiple DeFi applications, staking providers, exchanges, lending protocols, etc. and reuse your KYC information with the single click of a button.
A business can simply use Concordium’s framework to verify a proof issued by you through your wallet and get the verified information, confident in the providence and integrity of the info provided.
Figure 8: Reusable KYC lowers the threshold for onboarding clients to financial businesses
Financial Reputation
Once you know someone’s real identity and have checked that they’re not a known terrorist or involved in known financial crime, you might feel reasonably good about letting them trade on your financial platform.
What you don’t know at this time is how financially viable they are. Do they have real-world experience with trading? Are they in arrears? This lack of knowledge may force you to require assurances before you issue a loan and the interest rate you decide on might be higher because of the financial risk you take.
Outside of Web3, this is where credit bureaus come into play: these companies can calculate a credit score based on your ability to pay back what you owe from mortgage to credit cards and this score can in turn be used to gauge risk when a third party is looking to do business with you.
In Web3, your financial reputation can be calculated from the decentralized loans you’ve taken, from the trades you’ve done on exchanges, and essentially also from credit scores issued by actual credit bureaus.
With a good credit score as a verifiable credential, you might obtain loans with low fees, low interest rates, and even non-collateralized loans and it will be a boon for you and for the financial institution.
Closing Thoughts
Trust and risk go hand in hand and with a decentralized identity system, parties will not be forced to blindly trust, but may actually verify claims with certainty.
Just because you can identify someone safely doesn’t mean you always have to or that an interaction warrants it. You’d never flash your driver’s license when you buy a bag of chips at the grocery store, but you would have to prove your age when you purchase a bottle of wine. For that you’d need to prove your age, which can be done by showing an identity card, which contains your birthday, but that would reveal more than you might be willing to disclose.
With SSI you may selectively reveal just your birthdate and even better, simply show a predicate that proves you’re old enough to buy alcohol without revealing your actual age.
There are numerous scenarios where private interactions are to be preferred and a multitude where deep knowledge of another party is a necessity.
It’s a scale of risk and trust and SSI is the privacy-preserving framework that enables it.