One of the most tricky tasks in web3 development is managing identities and credentials. This data is both extremely valuable – and extremely vulnerable to threats like phishing attacks and private key exposure. And privacy concerns build up exponentially with the steady growth of the amount of personal information we leave across the web, including our digital identities spread across various platforms.
A prominent solution that currently gets increasingly more recognition in Web3 development is the combination of Decentralized Identity (henceforth, DID) and Verifiable Credentials (VC). While the former technology decentralizes control and dramatically reduces risks like phishing, making identity management more secure, the latter protects privacy by allowing users to prove their identities without revealing sensitive information.
My name is Asutosh Mourya, and I am an engineering leader with over 18 years of experience architecting and developing complex products across various industries, with a focus on blockchain. Today, I would like to share with you my expertise in employing DID and VC solutions to tackle these problems. I will tell you how you can implement these impressive technologies in your projects and show how their fusion can skyrocket the UX of a blockchain wallet.
Enhancing Security with Decentralized Identity
According to the 2023 Wallet Drainers Report by the blockchain security platform Scam Sniffer, more than 320 thousand crypto users fell prey to phishing attacks in 2023, losing almost $300 million to scammers. This report also stresses that phishing activities continued to grow throughout the year, and there is no reason to think this trend will change in the near future.
Phishing scams often exploit the very heart of blockchain technology – its decentralised nature. Non-custodial wallet users are tricked into exposing their private keys to malicious websites or apps pretending to be legitimate services. A possible solution is to use custodial wallets, opting for convenience at the cost of reduced control over the keys. This loss of control is why many users (including this author) prefer non-custodial wallets, enjoying full control over their keys but increasing the risk of loss or accidental exposure. And so far, these were the only options: you either trust a third party at the expense of decreased control, or you manage your keys yourself – at the expense of decreased security!
This Catch-22 has long been the bane of blockchain wallets – but it doesn’t have to stay this way. Decentralised Identity is believed to be the cure to this ailment. Just as the name suggests, this technology shifts control to users themselves by providing a unique, cryptographically secure identifier not tied to any centralised authority. Users can share these identifiers with service providers, who in turn can verify their identity by cross-referencing the public keys. Being immutable and verifiable on the blockchain, such an identifier is resistant to tampering and phishing attacks. And since DID allows users to authenticate without revealing private keys or sensitive information, it dramatically decreases the risk of exposure.
Implementing DID
Implementing DID in your wallet app will require setting up the infra to create, resolve, and manage DIDs. This includes establishing a DID registry on the blockchain. The registry is a decentralised directory holding DID documents with public keys and service endpoints used for identity verification.
Let’s use some toy data to illustrate how you can do this:
from MyBlockchainSDK import DID, DIDDocument, DIDResolver, DIDUpdater
# Creating a DID
def create_new_did():
try:
new_did = DID.create()
print(f"New DID: {new_did.id}")
print(f"DID Document: {new_did.document}")
return new_did
except Exception as e:
print(f"Error creating DID: {e}")
# Resolving a DID
def resolve_did(did_id):
try:
resolved_document = DIDResolver.resolve(did_id)
print(f"Resolved DID Document: {resolved_document}")
except Exception as e:
print(f"Error resolving DID: {e}")
# Updating a DID document
def update_did(did_id, new_data):
try:
updater = DIDUpdater(did_id)
updated_document = updater.update(new_data)
print(f"Updated DID Document: {updated_document}")
except Exception as e:
print(f"Error updating DID: {e}")
# Main workflow
if __name__ == "__main__":
new_did = create_did()
if new_did:
resolve_did(new_did.id)
new_data = {
"verificationMethod": [{
"id": f"{new_did.id}#keys-2",
"type": "Ed25519VerificationKey2018",
"controller": new_did.id,
"publicKeyBase58": "NewPublicKeyBase58EncodedString"
}]
}
update_did(new_did.id, new_data)Multi-Signature Authentication
DID also gives us an extra bonus of the ability to implement multisig authentication as an additional layer of security. Just as the name implies, multisig is a requirement to use multiple keys stored on different devices to authorise a transaction –we may even resort to a third-party service for approval!
Let’s put it all together:
from MyBlockchainSDK import MultiSigWallet
def make_multisig_wallet(owners, required_signatures):
try:
multisig_wallet = MultiSigWallet.create(owners, required_signatures)
print(f"MultiSig Wallet Address: {multisig_wallet.address}")
return multisig_wallet
except Exception as e:
print(f"Error creating MultiSig wallet: {e}")
if __name__ == "__main__":
# List of owner DIDs
owners = ["did:example:123456789abcdefghi", "did:example:987654321hgfedcba"]
# Create a multisig wallet requiring 2 out of 3 signatures
create_multisig_wallet(owners, 2)Ensuring Privacy with Verifiable Credentials
The transparency of blockchain, its essential feature and one of its largest advantages, presents another serious problem – the problem of ensuring user privacy. All transactions on a blockchain are kept public, and this creates a possibility (albeit theoretical) of users’ identities becoming compromised.
Moreover, blockchain wallets are required by crypto regulators to verify their users’ identity, and these checks – known as KYC procedures – tend to be quite extensive. Naturally, centralised storage of the data collected during these checks only increases the risk of data leaks. This issue has remained unresolved with traditional authentication methods.
Verifiable Credentials are a truly ingenious solution: VCs allow users to verify their identities by presenting cryptographic proof of their credentials, selectively disclosing only the necessary data. The full user’s identity doesn’t have to ever be revealed. Here’s how this works:
- A trusted authority – issuer – signs the credentials with their private key. The resulting DID document (a JSON file) includes the issuer’s public key.
- Users store and manage their VCs in digital wallets.
- When a user needs to verify their identity or attributes, they selectively disclose their VCs to a verifier.
- The verifier uses the issuer’s public key to validate the cryptographic proofs embedded in the VCs without accessing the underlying data.
I will skip the implementation part here because the power of VCs is shown the best not alone but in combination with DID.
Improving UX with the DID / VC Combination
Although DID and VCs effectively address major security and privacy challenges in blockchain wallets, used separately, they don’t solve another complex issue – the issue of managing multiple identities and credentials across various platforms. Traditional systems relying on logins and passwords present a fragmented approach: users are required to either remember credentials for various apps and websites, dealing with such issues as redundancy, excess complexity, and possible hacking; or trust a dedicated app – which creates new security and privacy concerns. I don’t think I have to remind you of cases when certain password-keeping apps leaked user data.
This whole conundrum can be solved and UX dramatically improved by integrating DID with VC into a unified identity management system. This powerful combo addresses several problems at once:
- DID acts as a single digital identity to be used across various services.
- VCs allow users to share only the data necessary for a specific transaction.
- Users can use a single solution – a digital wallet – to store and manage their DIDs and VCs.
- All this is wrapped in a consistent UI presenting a standardised UX across various platforms.
Let’s build on our previous example and see how we can incorporate the DID/VC combination in our mock wallet app:
from MyBlockchainSDK import DID, VC, VCVerifier
def issue_did_and_vc(issuer_did, subject_did, credential_data, issuer_private_key):
try:
new_did = DID.create(subject_did)
print(f"New DID: {new_did.id}")
vc = VC.create(issuer_did=issuer_did, subject_did=new_did.id, credential_data=credential_data)
signed_vc = vc.sign(issuer_private_key=issuer_private_key)
print(f"Issued VC: {signed_vc}")
return new_did, signed_vc
except Exception as e:
print(f"Error issuing DID and VC: {e}")
def verify_vc(signed_vc):
try:
verifier = VCVerifier()
is_valid = verifier.verify(signed_vc)
print(f"VC is valid: {is_valid}")
return is_valid
except Exception as e:
print(f"Error verifying VC: {e}")
if __name__ == "__main__":
issuer_did = "did:example:issuer"
subject_did = "did:example:123456789abcdefghi"
credential_data = {"age": "21+", "name": "Asutosh M."}
issuer_private_key = "IssuerPrivateKey"
new_did, signed_vc = issue_did_and_vc(issuer_did, subject_did, credential_data, issuer_private_key)
if signed_vc:
verify_vc(signed_vc)Conclusion
Integration of DID and VC is a magnificent technology that addresses major security, privacy, and UX challenges. This combination reduces redundancy, enhances user privacy and security, and provides a consistent UX. In fact, today, we have only had a peek into the power of this impressive combo, with a lot of material being left outside the scope of this article. There is much more to these technologies! The decentralised nature of DID and the revolutionary features of VCs present limitless possibilities for their further evolution. Web3 technologies continue to evolve, and I am positive that DID and VC are destined to play a vital role in future digital ecosystems.
Read Also: Decentralized Identity Protocol .bit Raises $13M Series A
