Privacy-preserving identification of blockchain addresses

TL:DR;
In short, the objective of this discussion is to establish a universal verification standard that all dApps can implement to determine if a given wallet address meets specific identity criteria. The underlying assumption is that the verification process will be carried out off-chain, using standardized W3C Verifiable Credentials, such as a national identity card or passport. The goal is to achieve decentralized identity verification and link it with the wallet address in a secure and decentralized manner.

Background

Similar to how Chainlink’s price feeds serve as a crucial foundation in the DeFi ecosystem, identification plays a vital role in advancing the adoption, governance, and use cases of DeFi to the next level. For example, decentralized applications (dApps) could offer under-collateralized lending, tokenization of real-life assets may emerge, and new whitelisting mechanisms could become feasible. In recent months, there have been numerous discussions regarding the creation of a decentralized, blockchain-native, and privacy-preserving identification mechanism.

Self-Sovereign Identity (SSI) provides the necessary building-blocks to create a peer-to-peer identity verification scheme based on standardized W3C verifiable credential models. There are ways now to get your real-life credentials like Passport, Identity Card in your SSI wallet (see here 3 and here 2). Many European governments are now working on providing the national identity card as Verifiable Credentials. Using these credentials, one can create numerous Decentralized Identifiers (DIDs) and various proofs in a privacy preserving manner using selective disclosure, essentially putting users in control of their identity. More details can be read here.

There seems to be a huge potential in bringing SSI to the blockchain world thus enabling a blockchain-native decentralized identity solution.

Goal

Any dApp that has identification requirements from its users can verify them on its own without the need of a centralized identification solutions.

By implementing a decentralized identification mechanism that aligns with the ethos of web3, we can prevent the creation of identity honeypots and give users greater control over their personal information. Additionally, dApps that adopt this mechanism can safeguard themselves against future identification regulations that could impact their operations. [link] [link]

How to achieve this goal?

The world of self-sovereign identity (SSI) has the necessary components for issuing and verifying credentials against a Decentralized Identifier (DID). However, these components are not yet compatible with the Celo blockchain. If we make the SSI prover and verifier components blockchain-aware, we can bridge the gap between these two worlds. This would enable users to create off-chain proofs based on SSI and then sign them from their Celo wallet using EIP-712 signatures, linking their SSI identity with their Celo identity.

Once the dApp’s verifier verifies the user’s claim in a peer-to-peer & off-chain fashion, it can let the dApp smart contract know about the verified addresses. There can be different ways to achieve this:

  • The verifier can “allow” or “whitelist” the verified address so that the dApp smart contract can know which addresses are allowed or disallowed.

  • The verifier can publish a zero-knowledge proof of verification to be consumed

Problem Space

A new EIP can be created for such a verification contract which any dApp can use to check if a certain address is verified or not based on its identification requirements.

To achieve this goal, there are certain considerations:

  • The issuance of credentials must happen off-chain because we want this to be compatible with standardized W3C credentials which will be issued by governments.

  • The verification must happen off-chain: Verification process is complex and not suitable to be done on a smart contract. The credential details are also not on public blockchains since they are issued using SSI framework. Moreover, there can be Personally Identifiable Data in the proofs and processing them on-chain can lead to GDPR compliance problem.

  • To link the proof with Ethereum address, EIP-712 seems to be the best fit since it can show structured data that needs to be signed. Proof data is also structure JSON so it seems like the best fit.

  • The proof requirements must not be pushed on-chain as it can also lead to privacy concerns. For example, if it’s known that a certain dApp contract only allows people from US that have a bank account balance >100k$, and there is an address that’s allowed by that dApp, it might be a privacy concern for the wallet owner. What are the community’s thoughts on this?

  • The verified addresses should be revocable if in case the dApp’s identification requirements change and the verified address no longer meets the criteria. OR the credential expired.

Looking forward for discussions and comments on the best way to achieve this.

5 Likes