Identity verification on the blockchain has long roots and most recently, OpenAI founder Sam Altman launched the sensational WorldCoin project, which allows you to verify your identity through the delivery of eye biometrics in one of the WorldCoin offices. Users will receive a World ID, which will confirm that its owner is a real person.
A little less than a day has passed since Vitalik Buterin expressed doubts about this project and its reliability:
▪️Real risk of information leakage;
▪️The low availability of technology for Orb scanning can play in favor of simple, and therefore more vulnerable methods of identity verification;
▪️ centralization.
And of course he added:
“To Worldcoin’s credit, they have committed to decentralizing over time,” - Buterin said.
Nevertheless, he called Altman's design concept "really valuable". After all, retinal scanning is not the only concept in the blockchain. There are alternative identity verification options, such as on the Everscale blockchain, like presenting passports, IDs, or login/passwords, users will use the digital wallet app to securely store their credentials and personal information.
When they need to get an access to the service, they will use a unique identifier that belongs only to them and is called a Decentralized Identifier (DID) to verify their identity. The service provider will check their DID and grant access based on the information provided. Everscale users have full control over their credentials, which means they decide who can access their personal information, to what extent, and when. I already talked about this in my article earlier.
Today in our exclusive interview, we will talk to the product manager of Identix.space Daniel Novich - he is an experienced project and product manager (over 10 years) with expertise in fintech, crypto, blockchain, and web3, who excels in developing and launching successful products, utilizing Agile methodologies and leading diverse teams.
Can you explain what SSI (Self-Sovereign Identity) is and what it means in digital identity systems?
With SSI, users have control over their identification info, not a centralized organization. The user keeps their data on their own devices and grants access to it to the extent and depth they believe appropriate. This approach ensures confidentiality, and security, and lowers costs by eliminating intermediaries. SSI changes the paradigm of digital identity management by using the principles of decentralization made possible by blockchain technology.
What is your experience in developing web applications using SSI technologies? Tell us more about your team.
In 2021, we launched an educational quest platform on web3 technologies, where we developed and enriched users’ profiles based on SSI principles. Users received Verifiable Credentials reflecting their progress and achievements. Concurrently, we were developing Identix Pass, a wallet to manage Verifiable Credentials. This project version used Everscale and Polygon. Our focus on the Venom platform was to develop Identix Pass for verifying property ownership and Reusable KYC and AML. Our team takes part in events like W3C working groups, conferences, and hackathons to learn and share knowledge.
How familiar are you with DIDs (Decentralized Identifiers) and how would you use them in an SSI system?
We, as a startup developing an SSI platform, are familiar with DIDs, or Decentralized Identifiers. DIDs are the building blocks of the SSI model, serving as the foundation for identification in a decentralized system. Each DID is associated with a DID document containing public keys and authentication methods, establishing a connection to a specific entity, such as a user. With their DID, a user can generate and manage their Verifiable Credentials (VCs) that hold information about their identity or characteristics. When necessary, the user can share these VCs with other parties to verify their identity or other data. The receiving party can use the DID and its corresponding DID document to verify the VCs and confirm the user’s control over their data.
Can you describe the process of establishing trust between various entities in the SSI ecosystem?
Creating trust is a vital part of the self-sovereign identity (SSI) ecosystem. SSI offers a transparent and decentralized way to control and exchange identity without relying on centralized authorities, which helps build trust in the system. The Trust Triangle is the foundation of the SSI system and includes Identity Holders, Issuers, and Verifiers. Each party plays a crucial role in establishing and maintaining trust within the SSI framework. Identity Holders have control over their data and identity, which enhances trust in the system. Issuers make sure the credentials they give out are real and trustworthy. Verifiers check the credentials and identity owners using cryptography to ensure they are authentic and trustworthy. Together, these three entities form a robust foundation of trust, enabling a secure self-sovereign identity ecosystem.
Have you worked with any SSI platforms or libraries before? If so, which ones?
We have been and continue to work with W3C DID VC (Decentralized Identifiers and Verifiable Credentials) standards. We use Hyperledger Aries tools to create, send, and store digital credentials in a decentralized way. We use the resources of the Decentralized Identity Foundation to develop self-sovereign identities. We use IPFS and Ceramic for data storage and exchange to maintain decentralization and self-sovereign identity. These technologies create a secure and transparent environment for identity management and data sharing by supporting the core principles of decentralization and self-sovereign identity.
How would you ensure the storage and security of personal data in the SSI system?
Data storage in SSI occurs in a decentralized manner on users’ devices, including non-custodial wallets or Encrypted Data Vaults (EDVs), with data encryption and segmentation. Verifiable credentials with minimal data are used for information exchange. Security is ensured through cryptography, blockchain technology, and secure communication channels for data transmission. It is essential to continuously monitor threats, conduct audits, and educate users on the proper handling of private keys.
Can you explain the concept of zero-knowledge proofs and how they can be used in SSI?
Zero-knowledge proofs (ZKPs) are a cryptographic method that allows for proving possession of certain information without disclosing it. In the context of Self-Sovereign Identity (SSI) systems, ZKPs are applied to create “Zero Knowledge Verifiable Credentials.” This minimizes the disclosure of information during credential verification, thereby ensuring a high level of confidentiality. One notable feature of ZKPs is that the transmitted data appears random or unintelligible, yet they unequivocally confirm specific claims within the proof protocol. Privacy is a critical requirement in SSI, and the use of ZKPs strengthens this aspect by providing data unlinkability and confirmation dissociation from individual users.
What measures will you take to ensure data privacy and GDPR compliance in the SSI system?
To ensure data privacy and GDPR compliance in the SSI system, we focus on data minimization, consent management, and robust encryption. We empower users with the right to access, portability, and the right to be forgotten. Our system is designed with data protection as a default setting, promoting transparency and user control over their data.
Have you integrated SSI systems with existing authentication and authorization protocols (eg OAuth, OpenID Connect)?
If so, how did you approach this integration? We have integrated SSI systems with existing authentication protocols like OAuth2. We implemented this through Single Sign-On (SSO) service for both external and internal use, managing sessions tied to DID communications. In other words, we used Web2 accounts for authentication within the scope of DID communications through our SSO service. We implemented our native SSO service to utilize external OAuth2, like Google, Facebook, and Discord for authentication in DID sessions within the Web3 context.
What challenges did you face in creating SSI solutions and how did you overcome them?
When creating SSI solutions we face some challenges. Technologically, SSI is ready to use, all standards are there. Not so many specialists, but you can find a decent dev team on the market. Most tech issues are related to blockchains SSI solutions are using. Some problems with wallets, transactions, and smart contracts. It is especially crucial for newly created blockchain platforms. The other main problem is product-related, as the market is not ready for SSI. To overcome these, we focus on user and client education, design user-friendly interfaces, ensure compliance with data protection regulations, implement backup and recovery mechanisms for key management, and integrate with existing identity systems using single sign-on with OAuth2. So, yes, education is the key to any new tech out there.
Can you describe the digital credential verification process in the SSI system?
In our Self-Sovereign Identity (SSI) solutions, we use the W3C Verifiable Credentials (VC) standard and Linked Data principles, providing a secure, privacy-respecting, and machine-verifiable way to represent credentials on the web. We customize this standard with our specific schemas, tailoring the types of credentials to our particular use cases. This involves defining the structure and semantics of the claims that our credentials can carry, based on the needs of our users and verifiers. Additionally, we create anchors with partial disclosure, embedding verifiable credentials into the blockchain while preserving the holder’s privacy. The anchor contains a cryptographic hash of the credential, allowing anyone to verify its authenticity and integrity without revealing its full content. The verification process involves checking these anchors in the blockchain. When a verifier receives a credential, they can compute the hash of the received data and compare it with the corresponding anchor in the blockchain. If the hashes match, it verifies that the credential is authentic, untampered, and was indeed issued by the claimed issuer, leveraging the immutability and transparency of the blockchain to establish trust.
How would you implement digital credential revocation mechanisms in the SSI ecosystem?
After all, this is one of the most common problems. Our approach to implementing digital credential revocation mechanisms in the SSI ecosystem involves using blockchain to change the status of credentials, providing a transparent and immutable record of revocations. Only authorized issuers have the control to revoke specific credentials, ensuring decentralization. Other approaches include using revocation lists maintained by issuers, direct status checks with issuers through APIs, and cryptographic accumulators for maintaining sets of non-revoked credentials. Each approach has its trade-offs in terms of privacy, decentralization, computational efficiency, and complexity. Overall, our approach combines the benefits of blockchain’s transparency with issuer control to achieve an effective and decentralized revocation mechanism.
Have you worked on any SSI mobile apps?
If so, what platforms and technologies did you use? We have thoroughly studied competitors’ SSI solutions, and we are currently building a mobile Identix Pass SSI Wallet, as it aligns with the main trend in the industry. For this project, we are using platforms and technologies commonly employed in the development of SSI mobile apps. Including React Native, Swift, Kotlin, or Java. To handle SSI functions, we plan to integrate SSI libraries like Hyperledger Aries, Uport, or Sovrin’s SDKs, which offer tools for DID and Verifiable Credential management. Depending on the underlying blockchain used for DIDs and credential verification, we may need additional technologies like Web3.js or ethers.js for Ethereum integration. Furthermore, to enable decentralized storage in the SSI ecosystem, we are considering options such as IPFS or Filecoin.
Can you discuss the potential risks and security issues associated with SSI systems?
Self-Sovereign Identity (SSI) systems provide a way to manage digital identities without relying on a central authority, but they have risks to consider. One risk is managing private keys; losing access to the key means losing your identity, and if it’s compromised, someone could pretend to be you. Privacy risks may happen if the system isn’t designed well, linking your activities or revealing unnecessary information. Trust in issuers is crucial; if they’re compromised, it can harm the system’s integrity. Also, there are complexities with revoking credentials and vulnerabilities in blockchain technology. Other risks include fragmentation, where parts of your identity could be spread across different systems, causing problems with access. Hidden centralization might occur even though it’s supposed to be decentralized, with control concentrated in a few places. To address these risks, we need careful design, strong implementation, ongoing maintenance, and educating users. Promoting interoperability, open standards, and transparency can help, giving users more control and reducing reliance on single entities.
Why did you choose Everscale and Venom as your main blockchains?
Everscale and Venom blockchains stand out over Ethereum in certain technological aspects:
- Account Abstraction: Everscale treats all accounts uniformly, simplifying smart contract design and user interactions, while Ethereum has a distinction between externally owned accounts and contract accounts, leading to complexities.
- Asynchronous Agent Model: Everscale’s asynchronous agent model allows for more efficient and scalable transaction execution, whereas Ethereum operates on a synchronous and stateful model, potentially causing inefficiencies.
- Sharding: Everscale was designed with sharding from the beginning, providing inherent scalability, while Ethereum’s sharding implementation is relying on Layer 2 solutions for scaling.
- Scalability: Everscale and Venom are designed to be highly scalable, capable of handling large numbers of identities and transactions, which is essential for SSI systems.
- Security: These blockchains use advanced cryptographic techniques to ensure a high level of security, critical for protecting sensitive identity data.
- Active Communities: Both Everscale and Venom have active developer communities and growing ecosystems, providing valuable support for SSI application development.
Innovative Features: These blockchains offer unique features like Everscale’s multi-threaded smart contracts and Venom’s DeFi-focused capabilities, which can be advantageous for SSI systems.
Do you plan to launch on other blockchains?
As a blockchain-agnostic company, we believe in exploring multiple platforms for redundancy and broader reach. While we have experience with Polygon and Gnosis, our primary focus is currently on Everscale and Venom due to their technological superiority for our SSI solution. However, we remain open to expanding to other blockchains in the future to increase flexibility, and user base, and mitigate risks. We will strategically decide on exploring additional chains as we monitor the evolving blockchain landscape.
Can you predict what we can expect in the future in the field of digital credentials?
The concept of Self-Sovereign Identity (SSI) emerged as a transformative idea in the field of digital credentials quite a long ago. Then the COVID-19 pandemic served as a powerful driver, accelerating the adoption of SSI and digital credentials due to the urgent need for secure and verifiable health-related data during the outbreak.
In the future, we can expect increased adoption of digital credentials across various sectors, including education, healthcare, finance, and more.
Integration with the Internet of Things (IoT) will become prevalent, leading to the development of new protocols to ensure secure interactions among devices.
Standardization, privacy enhancements, and interoperability efforts will continue to mature the field of digital credentials, making them more reliable and widely accepted. The legislation will play a crucial role in governing the use and validity of digital credentials, ensuring compliance and trustworthiness.
Usability will improve through better user interfaces, making the management and sharing of digital credentials more convenient and accessible. It’s worth noting that Alex Preukchat, the renowned author of the SSI bible, plays a crucial role in Chainlink as Labs GTM Product Strategy and Readiness. With such expertise and dedication in the field, the adoption of SSI seems more promising than ever.
What would you like to wish our readers?
Indeed, in the spirit of the exciting and evolving world of digital identity and blockchain technology, I would like to wish all our readers robust cryptographic private keys. In simpler terms, may your digital identities remain secure, your transactions private, and your interactions in the digital sphere remain trustworthy and verifiable. Stay safe, stay informed, and embrace the future of self-sovereign identity. Happy innovating!
“5 cents” from Roman:
Of course, this progress in the development of digital identity verification has both benefits and vulnerabilities. But this once again confirms the commitment to the path along which the teams creating such projects go. A diamond does not immediately become a diamond, it goes from stone through many-sided polishing. Also here.
I hope you liked this interview, write comments, share and like it!
If you have any questions or if you need help — you can write me on Twitter or Linkedin.