Rob Behnke
June 5th, 2023
To date, the majority of blockchain projects have a financial focus. There are many different cryptocurrencies and crypto tokens, and DeFi provides a blockchain-based alternative to traditional financial (TradFi) systems.
However, the blockchain is not limited to implementing decentralized financial systems. Another promising application of blockchain technology is for digital identity.
Traditionally, identity management has been based primarily on physical proofs of identity. For example, many people have birth certificates, driver’s licenses, passports, and other identity documents that they can display to prove their identity. The assumption is that these documents are difficult to forge and require identity validation to be issued.
In recent years, some jurisdictions have been moving from this physical proof of identity to digital identity. For example, the EU has mandated that all member countries offer cross-border digital identity wallets to their citizens by 2024.
Digital identity has numerous benefits and potential applications, including:
Forgeability: If implemented correctly using strong cryptography, digital identity documents are much more difficult to forge than traditional, physical ones.
Verifiability: Physical identity documents are often verified by humans, and verification can be tripped up by similar pictures, confusion over date formats, etc. Digital identity verification uses digital signatures, which either verify or don’t.
Online Utility: Identity verification is difficult online with physical documents, which is why many children under 13 can have Facebook accounts. Digital identity offers the ability to prove age, identity, etc., on the Internet in a usable and privacy-preserving way.
Many jurisdictions have been moving to augment or replace traditional identity documents with digital solutions. However, blockchain technology is an ideal platform for implementing, managing, and using digital identity.
The goal of digital identity — or physical identity documents — is to conclusively verify an individual’s identity. To accomplish this, it needs to have a few properties:
Identification: The ID needs to tie the identity of an individual to something that they can later use to identify themselves.
Verifiability: Given a proof of identity, a verifier needs to be able to use it to verify the person’s identity.
Non-Forgeability: IDs should be difficult — ideally impossible — to forge, or they offer no real proof of identity.
Physical identity documents have these properties, as do digital identity systems. However, they can also be implemented using the blockchain.
Let’s take a closer look at these 3 properties:
IDs are tied to a person’s identity in some way. In many cases, this identity verification is transitive. For example, to get a driver’s license, you might need to present a birth certificate. A corporate ID is typically issued after you prove your identity in some way. Often, birth certificates are the “root of trust” for identity verification because they’re typically issued by (hopefully) trustworthy parties at a time when you don’t have much of an identity, and they are promptly registered with the government.
For transitive identity documents, you typically provide some proof of identity, which is verified. Then, you receive an ID that can be used for identity verification in the future.
On the blockchain, this proof of identity will likely be implemented as a soulbound token or similar entity. After you prove your identity and ownership of a blockchain account (i.e. a private key) to a trusted verifier, a token will be issued and tied to that account. Afterward, by proving that you control that account, you prove that you’re the person whose identity is encoded in that token.
One of the advantages of soulbound tokens for identity management is that you can own an unlimited number of them, which encode different aspects of your identity. For example, tokens can encode an identity as a member of a group, an alumni of a particular school, someone who has completed a course, etc. This makes it possible to prove only the part of your identity that is relevant to a particular request.
Digital identities are commonly based on digital signatures. With a digital signature, you have a keypair consisting of a private key that only you know and a public key known to anyone. A digital signature can be created with a private key and verified with a public key.
One of the common challenges of digital signatures is proving that a public key actually belongs to a particular person (which is necessary to verify that a digital signature was generated by them). Solving this problem typically requires a centralized register or public key infrastructure (PKI).
On the blockchain, the goal of a digital signature is to prove ownership of a particular account, which is easy since public keys are tied to addresses. If those addresses hold soulbound identity tokens, a digital signature verifies that the account owner has the identity attributes encoded in that token.
Blockchain also has the benefit that a user can prove group membership without proving individual identity. Ring signatures are a type of digital signature that can only be generated if you own one of the public keys used in the signature. Since the public keys associated with soulbound tokens are publicly visible on the blockchain, a token owner can prove that they’re one of the token owners without revealing their individual identity.
Finally, an ID needs to be difficult to fake, or it becomes essentially meaningless. Traditional physical IDs are created using materials, designs, etc., that are difficult or expensive to fake. However, the abundant existence of fake IDs means that this isn’t a perfect solution.
Digital IDs, on the other hand, rely on digital signatures to prove authenticity. A soulbound token proving some identity attribute will be created and signed by an entity trusted to verify that attribute. For example, a token proving that a person is an alum of a certain school would be issued by the school’s verified account on the blockchain.
The security of digital signatures relies on strong cryptography and the protection of private keys. As long as trusted validators properly protect their private keys, any soulbound tokens that they issue will be trustworthy.
Digital identity is one of the key use cases for blockchain technology. While in its relative infancy, blockchain-based digital identity has huge potential, especially with its ability to integrate with DeFi and other blockchain-based projects.
However, with blockchain-based digital identity comes the need to secure these identities and the systems that use them. To help secure your digital identity, get in touch with Halborn today.