Decentralised Identifiers (DIDs): Pioneering Privacy and Security in Identity Verification

By Arya VN, Content Writer, Kerala Blockchain Academy

Key Takeaways

Decentralised Identifiers (DIDs) are a type of identifier that enables verifiable, self-sovereign digital identity. Unlike traditional identifiers such as usernames or email addresses, DIDs are not tied to any centralised authority or service provider. Instead, they are created using decentralised systems like blockchain, distributed ledger technology (DLT), or similar protocols. Key characteristics of DIDs include:

>> DIDs are not controlled by any single entity, making them resistant to censorship or control by a single authority.

>> Users have full control over their DIDs and associated data, allowing them to manage their digital identities without reliance on third parties.

>> DIDs are designed to be long-lasting and immutable, ensuring they remain valid and accessible over time.

>> DIDs can be cryptographically verified, enabling parties to verify the authenticity and integrity of the associated data.

>> DIDs are designed to be interoperable across different systems and platforms, allowing seamless integration into various applications and services.

Decentralised Identifiers (DIDs) serve as distinct global identifiers, allowing users or organisations to authenticate their identities using their systems or nodes. Before delving into the intricacies of decentralised identifiers, let us understand what an identifier is!

Understanding Identifiers

Identifiers are unique data sets that identify and verify a person or their documentation. A name or identity card is an identifier, usually issued by respective governments, boards or employers to the employees. In the digital realm, emails or usernames with passwords are used to access websites, apps and services. Such identifiers are centralised and managed by a private agency.

There are two types of identifiers: centralised and decentralised.

The following session will help to understand the centralised and decentralised system.

A Glimpse into Centralised Identifiers

What happens in centralised identifiers? The centralised system may collect, store, and share data without the party’s consent. The sensitive or personal data may be stored or controlled by providers. Similarly, it can be removed or altered and is prone to such vulnerabilities alongside single-point failure, which might cause data breaches, putting privacy at stake. There is a risk of identity theft in the centralised system. Besides privacy and security threats, the centralised system is also time-consuming. As an alternative, DIDs are designed not to depend on a central issuing party (Identity Provider or IdP) that creates and controls the identity.

Decentralised Identifiers for Enhanced Privacy

Decentralised Identifiers (DIDs) are a type of identifier used to uniquely identify entities such as people, organisations, or devices in a decentralised manner without the need for a centralised authority. DIDs are a fundamental building block for decentralised identity systems, which aim to control users’ identity information while enabling interoperability and privacy. Authentication is achieved through digital signatures, which provide cryptographic proof of identity. DIDs can be tailored to specific contexts and needs, enabling the creation of multiple identifiers. This process allows the controlled sharing of sensitive information by limiting additional details while validating the identity and associated documents.

Decentralised identifiers verify credentials such as educational certificates, certifications, licences, experience certificates, institutional identity, passport or membership validation. Decentralised identifiers are also used to keep anonymity in online games. Blockchain-empowered decentralised identifiers do not store verifiable credentials or confidential or sensitive data in their database.

Security and Interoperable Features of DIDs

Decentralised identifiers can be public or private based on the nature of use. The private DID’s are controlled by a limited number of users, whereas public DID’s are generally used by government departments, private enterprises and supply chain management. Private and Public DID’s are created with public and private keys. Private keys enable users to prove ownership and consent to shared data. The public key is sharable and verifies the time-stamped credentials without contacting the issuing authority.

The interoperability of DIDs is facilitated by various infrastructures such as distributed ledgers, decentralised file systems, distributed databases, and peer-to-peer networks. These features enable seamless interaction and communication across different systems and platforms. In contrast, traditional centralised identity verification systems rely on a central issuing authority to verify each digital or paper document; documents undergo multiple verification stages to ensure their reliability.

DIDs can be classified into two categories based on where they are stored and managed: On-chain DIDs and Off-chain DIDs.

On-chain DIDs: These DIDs are registered and managed directly on the blockchain or a DLT. The identifier itself, along with associated metadata or cryptographic keys, is stored on the blockchain. This provides a high level of security and immutability, as the information cannot be tampered with once recorded on the blockchain. However, it may also result in scalability issues and increased transaction costs due to the inherent limitations of blockchain technology.

Off-chain DIDs: In contrast, Off-chain DIDs keep the majority of their data off the blockchain. Instead of storing all information directly on the blockchain, only a minimal set of data necessary for reference and verification purposes is stored on-chain. The bulk of the DID-related data, such as cryptographic material and metadata, is stored off-chain, often in decentralised storage systems or other distributed databases. Off-chain DIDs offer greater scalability and potentially lower costs compared to on-chain DIDs. However, they may sacrifice some level of immutability and security since the off-chain data storage mechanisms may be less secure than a blockchain.

Both On-chain and Off-chain DIDs have advantages and limitations, and the choice between them depends on factors such as security requirements, scalability needs, cost considerations, and the specific use case of the decentralised identity system. Some systems may even utilise a hybrid approach, combining elements of both On-chain and Off-chain storage to optimise performance and security.

To Wrap…

Decentralised systems eliminate central authorities and the risks of single-point verification failures. They prioritise the privacy of information, sharing only the necessary data with the verifier. This shift towards decentralisation enhances security and privacy in identity verification processes. Privacy ensures security and is verified through the cryptographic proof mechanism, which combines letters and numbers.

The cryptographic keys control the information of the individuals or entities. Through decentralised identifiers, one can digitally sign and issue the credentials. The adoption rate of the technology, interoperability, and loss of private key leading to loss of identity are some of the challenges to be addressed. In the future, with decentralised technologies like blockchain and Web3, individuals and entities will control the data by eliminating possibilities of vulnerabilities.

References

https://www.hindawi.com/journals/jcnc/2019/8706760/

https://www.dock.io/post/decentralized-identity

https://pixelplex.io/blog/what-are-decentralized-identifiers/

https://www.ndss-symposium.org/wp-content/uploads/diss2019_05_Lagutin_paper.pdf