⚠️ Draft Standards Track: ERC

ERC-7734: Decentralized Identity Verification (DID)

A privacy-preserving method for decentralized identity verification, enabling secure integration of identity management in dApps.

Authors	Anushka Yadav (@64anushka) <64anushka@gmail.com>
Created	2024-06-26
Discussion Link	https://ethereum-magicians.org/t/discussion-on-decentralized-identity-verification-did-standard/20392

Abstract
Motivation
- Stakeholders
- Differentiation
Specification
- Interface
Rationale
Reference Implementation
Security Considerations
Copyright

Abstract

This proposal introduces a standard for decentralized identity verification (DID) on the blockchain. The standard leverages cryptographic hashes to represent identity proofs and events for transparency and traceability. By emphasizing simplicity, privacy, and user control, this proposal aims to reduce overhead for developers and users, ensuring seamless integration into decentralized applications (dApps). It offers a minimalistic solution that keeps identity structure simple and enables off-chain mechanisms for detailed identity management and verification.

Motivation

Centralized identity verification methods are cumbersome, prone to data breaches, and fail to provide users control over their identity data. Existing DID solutions often introduce complexity, making adoption challenging for developers and users. This proposal seeks to address these issues by:

Offering a minimalistic, decentralized standard that simplifies identity verification.
Providing privacy-preserving mechanisms that keep sensitive identity data off-chain.
Encouraging wider adoption by enabling seamless integration into dApps across various industries.
Stakeholders

The following stakeholders will benefit from this proposal:

dApp Developers

Developers creating decentralized applications that require identity verification can implement this standard to provide users with secure, decentralized identity management. The minimalistic design makes it easier to integrate into existing workflows without adding unnecessary complexity.

Service Providers

Platforms offering services such as decentralized finance (DeFi), gaming, or social networking can integrate this standard to verify user identities without relying on centralized authorities. This reduces the risk of fraud and enhances user trust.

Enterprises

Companies looking to integrate blockchain-based identity solutions into their existing systems can use this standard to ensure secure and privacy-preserving identity verification. This allows for a seamless transition to decentralized technologies while maintaining user privacy and security.

Developers of Interoperability Solutions

Those working on cross-platform and cross-blockchain interoperability can implement this standard to enable a unified identity verification mechanism across different systems, reducing complexity and increasing user control over their identities.

Differentiation

This proposal stands out from other DID standards by focusing on minimalism, user control, and privacy. Unlike other solutions that encompass a wide range of identity attributes and interactions, this standard keeps the structure simple and relies on off-chain mechanisms for detailed identity management. Its simplicity fosters easier adoption, making it ideal for dApps that prioritize user-centric, secure ecosystems.

Specification

The Decentralized Identity Verification (DID) standard introduces a simple, secure, and privacy-preserving mechanism for verifying user identities on the blockchain. The key components of this standard are outlined below:

Identity Contract

A smart contract that acts as the central authority for identity verification. The contract stores the status of identity verifications for users and ensures that verification events are triggered securely and transparently.

Verification Function

The verifyIdentity function allows a user to submit two verification hashes that represent off-chain proofs or attestations of identity. These hashes can be derived from external sources such as third-party verifiers, documents, or attestations.The function compares the provided hashes and updates the identity verification status accordingly.

Input Parameters:

identityHash: A cryptographic hash representing the user’s identity. verificationHash: A cryptographic hash derived from the proof or attestation used to verify the identity.

IdentityVerified Event

The IdentityVerified event is emitted when the user’s identity verification is successfully updated. This event ensures traceability and transparency, allowing dApp developers and users to track verification statuses.

Identity Structure

The identity is a simple structure represented by a unique address (public key). Additional identity attributes, such as name or age, are optional and left to off-chain management. This minimal approach keeps the implementation lean, avoiding unnecessary complexity and encouraging broader adoption.

Interface

pragma solidity ^0.8.0;

interface IDecentralizedIdentity {
    // Struct to represent an identity
    struct Identity {
        address userAddress; // Ethereum address of the user
        bytes32 identityHash; // Hash of the identity data
        bytes32[2] verificationHashes; // Hashes used for verifying identity
        bool isVerified; // Indicates if the identity is verified
        uint256 timestamp; // Timestamp of identity creation
    }

    // Event emitted when a new identity is created
    event IdentityCreated(address indexed userAddress, bytes32 identityHash, uint256 timestamp);

    // Event emitted when an identity is verified
    event IdentityVerified(address indexed userAddress, bytes32[2] verificationHashes, uint256 timestamp);

    // Event emitted when an identity is revoked
    event IdentityRevoked(address indexed userAddress, uint256 timestamp);

    // Function to create a new decentralized identity for the caller.
    // Parameters:
    // - identityHash: Hash of the identity data.
    function createIdentity(bytes32 identityHash) external;

    // Function to verify the decentralized identity for the caller.
    // Parameters:
    // - verificationHashes: Hashes used for verifying the identity. These can be 
    //   derived from off-chain proofs, cryptographic challenges, or other methods 
    //   specific to the implementer's requirements. The exact meaning and derivation 
    //   of the verificationHashes are left to the contract's implementer.
    function verifyIdentity(bytes32[2] calldata verificationHashes) external;

    // Function to revoke the decentralized identity for the caller.
    function revokeIdentity() external;
    
    // Function to retrieve the decentralized identity for a given user address
    // Parameters:
    // - userAddress Ethereum address of the user.
    // Returns:
    // identity The decentralized identity struct.
    function getIdentity(address userAddress) external view returns (Identity memory);
}

Rationale

The design leverages cryptographic hashes to represent identity information, ensuring that sensitive data is not stored directly on the blockchain. The use of verificationHashes allows for flexible identity verification mechanisms. These hashes could be derived from various off-chain proofs, such as cryptographic challenges or attestations, depending on the implementer’s needs. By leaving the interpretation of the verification hashes open, the standard enables adaptability while maintaining privacy and security. Additionally, the inclusion of events ensures transparency and traceability.

Reference Implementation

pragma solidity ^0.8.0;

import "./IDecentralizedIdentity.sol";

contract DecentralizedIdentity is IDecentralizedIdentity {
    // Mapping to store identities by user address
    mapping(address => Identity) private identities;

    // Function to create a new decentralized identity for the caller.
    // Parameters:
    // - identityHash Hash of the identity data.
    function createIdentity(bytes32 identityHash) external override {
        // Ensure identity does not already exist
        require(identities[msg.sender].userAddress == address(0), "Identity already exists");

        // Create the identity for the caller
        identities[msg.sender] = Identity({
            userAddress: msg.sender,
            identityHash: identityHash,
            verificationHashes: [bytes32(0), bytes32(0)], // Initialize with empty hashes
            isVerified: false,
            timestamp: block.timestamp
        });

        // Emit event for the creation of a new identity
        emit IdentityCreated(msg.sender, identityHash, block.timestamp);
    }

    // Function to verify the decentralized identity for the caller.
    // Parameters:
    // - verificationHashes: Hashes used for verifying the identity.
    function verifyIdentity(bytes32[2] calldata verificationHashes) external override {
        // Ensure identity exists
        require(identities[msg.sender].userAddress != address(0), "Identity does not exist");

        // Update verification hashes and mark identity as verified
        identities[msg.sender].verificationHashes = verificationHashes;
        identities[msg.sender].isVerified = true;

        // Emit event for the verification of identity
        emit IdentityVerified(msg.sender, verificationHashes, block.timestamp);
    }

    // Function to revoke the decentralized identity for the caller.
    function revokeIdentity() external override {
        // Ensure identity exists
        require(identities[msg.sender].userAddress != address(0), "Identity does not exist");

        // Mark identity as not verified
        identities[msg.sender].isVerified = false;

        // Emit event for the revocation of identity
        emit IdentityRevoked(msg.sender, block.timestamp);
    }

    // Function to retrieve the decentralized identity for a given user address
    // Parameters:
    // - userAddress Ethereum address of the user.
    // Returns:
    // identity The decentralized identity struct.
    function getIdentity(address userAddress) external view override returns (Identity memory) {
        return identities[userAddress];
    }
}

Security Considerations

Secure Hashing: Ensure that identity and verification hashes are generated using a secure hashing algorithm to prevent collisions and ensure the integrity of the identity data. Replay Attacks: Verification hashes should incorporate nonces or timestamps to prevent replay attacks. Implementation Flexibility: Developers must ensure that hash generation and validation processes are robust and resistant to manipulation.

Copyright

Citation

Please cite this document as:

Anushka Yadav (@64anushka) <64anushka@gmail.com>, "ERC-7734: Decentralized Identity Verification (DID) [DRAFT]," Ethereum Improvement Proposals, no. 7734, June 2024. [Online serial]. Available: https://eips.ethereum.org/EIPS/eip-7734.