Understanding the Decentralized identifiers

Technical Published on: Apr 24, 2021 Last updated: Apr 24, 2021

An introductory dive into DIDs

Prerequsities

What DID is

A Decentralized Identifier (DID) is a new type of identifier that is:

  • globally unique
  • resolvable with high availability
  • cryptographically verifiable
  • issued for a lifetime (unless revoked by the owner)

DIDs are typically associated with cryptographic material, such as public keys, and service endpoints, for establishing secure communication channels. DIDs are useful for any application that benefits from self-administered, cryptographically verifiable identifiers, such as personal identifiers, organizational identifiers, and identifiers for Internet-of-Things scenarios.

The same way the SSL/TLS protocol changed internet use forever by opening a gate to the world of encrypted Web traffic, which is the basis for the protocol that keeps the web safe and secure HTTPS; the same way will DIDs enhance the verification process in world of blockchain, such as decentralized finance.

The DID is a new standard of representing users’ identities by referencing subjects in a decentralized way. It is an identifier that references a subject such as:

  • a person
  • an organization
  • an object

The use cases for DIDs include:

  • Identifying people, organizations, and things
  • Achieving a number of security and privacy-protecting guarantees

DIDs are unique identifiers that specify a resolution method for a DID and a blockchain address that represent its owner. For example, Arnolds DID stored on LTO Network would have DID URL (a pointer) set like is:

Example

scheme: the method used: user's pseudonymous ID

Such a unique Decentralized Identifier verifiable on the LTO network would have the format similar to:

did:lto:3JuijVbbserasr48h8rz8451RTyeL

The example DID above resolves by DID Controller to a DID document, the minimal example of which you can see below:
-------------------------------------------------------------------------------------------------------
{

// context explicitly defines the subject - i this case, DID

 "@context": "https://www.w3.org/ns/did/v1",

 "id": "did:lto:3JuijVBB7Nrasr48h8rz8451RTyeL",

 "authentication": [{

   // used to authenticate as did

   "id": "did:lto:3JuijVbbserasr2Ea5hCDz8451RTyeL#keys-1",

   "type": "Ed25519VerificationKey2020",

   // A DID Controller is an entity that has the capability to make changes to a DID document

   "controller": "did:example:123456789abcdefghi",

   "publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"

 }]

}
----------------------------------------------------------------------------------------------------------

The DID document contains associated cryptographic information (like public keys) that allows the DID controller to prove they are/own the subject. This is possible thanks to the fact that every identifier is signed with a user private key. The public key, uniquely paired with the private key, is then published to a distributed ledger.

When a DID is resolved, the extracted public key is compared to the public key stored on a blockchain. A DID document is something like a “blockchain hand-shake” between the information stored in the DID and on a blockchain.

For a proper functionality of DIDs on the LTO network, any DID must be indexed first. Indexing is a process that connects the public address with the associated public key. An address owner can do so using a simple anchoring transaction that will ensure their DID is properly indexed.

This is caused by the fact that the blockchain address is generated from the public key using a one-way hashing function, which makes it impossible to extract the public key from an address.

Without the anchoring transaction, the public key for an address remains unknown.

Unification with a real-world identity

Combination of DID with a proof of identity, which was issued by some authority, enhances the DID capabilities. DID can be part of Verifiable credentials (VC), which acts as digital certificates, ID, diplomas, or many others. This way, it is possible to verify the identities of persons or objects, and also, it is possible to add a value to these objects. Using a VC with DIDs that contains information about several real estate properties, can act  as proof of ownership and value for these objects.
Combining DID with VC keeps the user credentials private.

Combination of DID with a certificate issued by a Certificate authority (CA) creates a great tool for companies that want to cooperate in trust networks and their identity is claimed by the certificate issued by CA.
Combining DID with an CA issued certificate (type x509) keeps the company credentials public, this saving time with manual searching for the company credibility.

Summarization

DIDs enable you to reference subjects in a decentralized way. DIDs can be resolved to DID documents. DID documents allow the controller to prove they are/own the subject. LTO Network generates these documents for all LTO accounts, which have done at least one TX. These accounts are created by publishing a certificate which is related to a DID, thus making a connection between the DID and real-world identity. DIDs can be part of Verifiable credentials (VC) .

Additional reading:

  • Understanding the Verifiable Credentials - Next week

Mickey Maler

Among with Christian Zhang

"In blockchain we trust!" A crypto-enthusiastic believer, trader, cryptocurrency blogger, LTO Network supporter, and seed-round researcher.