Web3.0--Introduction to Decentralized Identity DID

Part 01

Internet identity

1.1 Internet identity crisis

As we all know, the Internet we use now is not designed with an identity layer. There is a classic joke: when chatting online, you can't be sure whether the other person is a human or a dog! Many cybercrimes are often based on this. In the early days of Weibo, there were many similar accounts impersonating and defrauding. Later, the platform introduced mechanisms such as big V to perform manual identity recognition, but this method is relatively cumbersome and difficult to replicate.

Identity is the sum of social relationships. The same person has different identities in different scenarios. For example, in the family identity, you may be a father or a husband, and in the work identity, you may be a referee or a colleague. Different scenarios only require part of your identity, but the current Internet has risks such as excessive collection of user information and collection of user information without the user's knowledge.

1.2 A brief history of Internet identity

In the Web 1.0 era (centralized identity), each website uses a unique username to identify different user identity information, and all of this user information exists in the website's database. This identity system has many drawbacks: users need to register a large number of accounts and passwords, and the complex management system is also a big challenge to account security.

Web 1.0

In the Web2.0 era (federal identity), digital identity is platform-centric, and different products on the same platform are connected through an account system. For example, Tencent's email, games, finance, etc. can all use the same account; leading Internet companies such as Google and Facebook also have their own account systems. Compared with Web1.0, this identity system has advantages such as reduced user registration and platform endorsement, but the disadvantages are also well known: the accounts between platforms are not interoperable, and users cannot control their own identity data.

Web2.0

In the Web3.0 era (sovereign identity), identity identifiers have become on-chain addresses, which do not need to be manually generated by users while ensuring uniqueness. User identity data is no longer stored in the databases of major Internet companies but on the blockchain, and users have absolute control over their own identity data.

​

Web3.0

Part 02

Decentralized Identity DID  

2.1 Decentralized Identity (DID)

We need passports and visas to go abroad, and we need various tedious and strict audits. But the Internet is connected to the whole world, and it is impossible for me to need similar audits when visiting a foreign website. Therefore, a universal self-sovereign identity is very necessary. The identity of a subject is neither dependent on nor subject to centralized organizations or countries.

​

But decentralized identity can easily lead to the following cognitive misunderstandings:

• The authority of DID comes from the user himself;
• Once DID becomes popular, there will no longer be a need for government agencies to manage user identities;
• One set of DIDs can cover everything and be applied to all scenarios;
• DID is absolutely safe;
• There is an authoritative central agency for issuing DIDs;
• DID can only be used for personal identity;

In general, DID is an effective supplement to real identity and is constantly developing and updating.

2.2 DID standards and implementation methods

Currently, there are two main types of DID standards: W3C standard and DIF standard.

W3C: Used to identify people, organizations, and things, and to protect security and privacy. Mainly composed of "base layer DID specifications" and "application layer verifiable declarations".

DIF: The primary role is to empower users with full ownership so that an open, decentralized identity ecosystem can be built and interoperability between all participants can be ensured.

This article mainly introduces W3C's DID standards and implementation methods. Its DID system mainly includes two levels of elements, the basic layer and the application layer. The basic layer - DID specification, including DID identification and DID documents.

-- DID Identifier

The DID identifier is the format of the identity identifier. The format of DID is very similar to the URL in the browser. Scheme DID is equivalent to the https protocol. DID method is equivalent to the domain name, which describes the generation rules of DID in detail and can be submitted to W3C for verification and recording. The last string of numbers can be understood as the path, and the generation rules are based on cryptography to ensure global uniqueness. The only function of the entire DID is to serve as an index to open the DID Document, just like opening a specific web page. The mapping of DID to Document must be tamper-resistant and censorship-resistant, and the data must be publicly visible.

-- DID Document

The DID document is the format of identity information. It is a document file based on the JSON format, which contains many meaningful key-value pairs.

• @context: The version number of the W3C standard;
• controller: the user who can modify this document, the value is a string of public keys;
• verificationMethod: declares two keys, which are different publicKeys generated by different encryption algorithms;
• authentication, capabilityDelegation, keyAgreement: These three correspond to three specific scenarios. The first two are processed with public key 1, and the last one is processed with public key 2;
• service: Indicates on which website the content can be modified.

Application Layer - Verifiable Claims (VC)

The way of disclosing private data provides guarantee for data authorization. The following is a rough diagram of the operation mechanism:

• Issuer: the credential issuing agency, such as the government, public security bureau, bank, university and other institutions and organizations;
• Holder: Identity holder, who can request, receive and hold VC from Issuer, and present VC to Verifier. The issued VC can be stored in the wallet for future use when proving again;
• Verifier: Identity consumption institution, such as train stations, game websites, and cigarette shops;
• Registry: A database that maintains DID identifiers and keys (DID documents), such as blockchain, trusted database, distributed ledger, etc.

For ease of understanding, let's take the example of taking a high-speed train to a train station with an ID card. The biggest difference between the entire process and our current centralized verification scenario is that in the centralized scenario, the Verifier system needs to be connected to the Issuer, while VC does not. Once connected to the Issuer, it means that the Verifier may be able to obtain all your identity information, such as marital status and other information that has nothing to do with riding. VC can both reduce system redundancy and protect user privacy. When using VC, users can choose different usage methods according to different security scenarios:

1) Present the full text;

2) Selective presentation;

3) Proof of existence;

Among them, "Proof of Existence" is the best way to protect privacy. Here are a few examples of usage scenarios:

• A is a user who has been registered on Zhihu for 3 years, has received at least 100 likes, and has a community score of more than 1,000. He can participate in a certain NFT whitelist event;
• B's annual income is between 200,000 and 400,000, and his risk level is greater than 3, so he can purchase this financial product;
• C holds a legal digital passport of Country D and can obtain assistance from Country D during an evacuation operation;

When VC is verifying, it involves a new field of privacy computing - local zero-knowledge proof computing. What we hope is that the data can be verified but not seen. Without showing the input data and the calculation process, the credibility of the calculation can be proved by zero-knowledge proof, so as to meet the needs of data analysis and calculation.

Zero-knowledge proof is actually quite common in life. For example, if your phone is lost and someone finds it and leaves it at the property management, and you go to pick it up, how can the property management know that the phone is yours? Usually our phones are password-protected. As long as you can unlock the phone with your face or password, it can be determined that the phone is yours, and your other private information is not needed.

Currently, many projects are using zero-knowledge proof to build self-portraits based on Web3.0. First, the Web2.0 website becomes a signatory of the VC, and uses zero-knowledge digital identity to become tags one by one, and then presents them to the Web3.0 website. The difference here is that the Web2.0 website actually also adds a lot of tags to you, but this is without your permission, and you cannot edit it. The portrait you provide to Web3.0 is what you want, what you are willing to filter, and this is the real self-portrait.

​

Part 03

Summarize  

Humans have survived for thousands of years and have already formed a mature identity system that relies on organizations or countries, so many people think that self-sovereign identity is far away from us. However, with the rapid development of the metaverse, I believe that many virtual elements and unmanned devices (drones, robots...) will use self-sovereign identity more quickly. I believe that in the near future, the system's fast and accurate identity verification will become a daily basic need.