Learn-by-doing: DID protocol and Verifiable Credential

0. Key takeaways

  • DID(Decentralized Identifier) is a unique identifier for an entity.
  • Each DID is matched with a DID document in a data store(e.g. in a blockchain). The DID document contains several DID-Keys, each key (AuthenticationKey, AgreementKey, AssertionKey,… ) has different functions.
  • Verifiable Credential(VC) contains the user’s detailed information. The identity of one entity is its DID and VCs combined.
  • Three major parties in the DID/VC context are: claimer, attester and verifier.
  • The DID-Keys and VC files should be stored and backed up properly. Losing the DID/Credentials file will result in loss of one’s identity data permanently.

1. What are DID and VC

DID(Decentralized Identifier):

  • Once your private keys are stolen, malicious acts like impersonation may cause “you” to misbehave.
  • Attester: Information related to the issuing authority (for example, a city government, national agency, or certification company)
  • Credential Type: Information related to the data structure of a claim
  • Credential Content: The data in a credential, which contains the personal information of the owner.
  • Attester: An attester responds to a request for attestation in an affirmative way, which is called attesting the claim(i.e. Issuing a Verifiable Credential). Usually, the role of Attester is played by a Trusted Organization.
  • Verifier: A verifier is an entity that requests the claimer to present a credential with certain attributes. The role of Verifier is usually played by a 3rd party who provides service based on the identity of the claimer.

2. Blockchain-based DID and VC

Authentication and verification have become one of the major challenges worldwide. With the advent of blockchain technology and distributed ledger, a novel, fully decentralized and permission-less approach has been established, which is promising for self-governance and self-sovereignty.

2.1 Dive into DID

DID is the identifier of an entity. An entity can only have one DID, and each DID matches a DID document stored on the blockchain. In a blockchain, the owner of an asset is a blockchain address; in the identity world, the owner of a Verifiable Credential is a DID.

Figure 1: A simple example of a decentralized identifier (DID)
Figure 2: Keys(AuthenticationKey & AgreementKey) contained in each DID Profile

2.2 More about VC

Verifiable credentials MUST have a type property.

Figure 3: zCloak Membership(Credential Type) Credential details

3. Start your Credential Platform Journey

3.1 Become a Member and obtain a Verification Code

First of all, you should become a member of zCloak Discord and get a verification code in the zkid-verify channel. Click here to join zCloak Discord.

Figure 4: Join zCloak zkid-verify channel, and send a command
Figure 5: Become a member and obtain a verification code

3.2 Create a Claimer Account

In the Credential Platform, there are three roles — Claimer, Attester, and Verifier. Before creating accounts, let's find out what role they play respectively.

  • Attester: the entity which verifies the information in the claim and does the attestation job(approve or reject). Once the attestation is passed, the claimer will receive an attested credential.
  • Verifier: the entity that is being shared with certain credential. In terms of usage scenarios, when a Claimer obtains a credential from an Attester, the Claimer can share the credential with any verifier they trust.
Figure 6: Get into zCloak Platform(claimer-end)
Figure 7: Create a Claimer Account via password and mnemonic phrases
Figure 8: Account created successfully, DID file download automatically

3.3 Create a zCloak Membership Claim

Creating a claim is one of the most essential steps of our journey. Click the ‘Create Claim’ button, and fill in your personal information(discord_id and verification_code).

Figure 9: Click the button to create a ‘zCloak Membership’ Claim
Figure 10: Fill in your personal information and submit the claim
Figure 11: Get your attested ‘zCloak Membership Credential’

3.4 Share your attested Credential with trusted Verifiers

Now, after obtaining your attested credential, you can share it with any verifier you trust. Then, the verifier can check the information you shared in their own account.

Figure 12: Claimer shares information with the desired verifier
Figure 13: Verifier receives the information shared by the claimer

4. How to store your DID and VC

4.1 Store DID

Your account can only be restored via DID-Key file or original mnemonic phrases. So both of them should be kept safely. zCloak Credential Platform will automatically download your DID file at the Account Creation Phase.

Figure 14: Check and Export your DID keys
Figure 15: Restore account
Figure 16: Restore account via DID-Key file or Mnemonic Phrase

4.2 Store your VC

Once your credential is attested, you can download it at any time. The Verifiable Credential is a JSON file, which contains your personal details in plaintext. So, we MUST store it safely to avoid information leakage.

Figure 17: Download and store you Verifiable Credential(VC)

4.3 Import your VC into zCloak ID Wallet

Download zCloak ID Wallet. Initialize it with a password that is safe and that you can remember. This password is used to encrypt your data and give permission to all operations(i.g. Generate zero-knowledge proof ) in zCloak ID Wallet.

Figure 18: Import Verifiable Credential into zCloak ID Wallet
Figure 19: Check details of the Verifiable Credential with zCloak ID Wallet

5. How to use VC

5.1 Share/Present in plain text

The ‘share’ function in the zCloak Credential Platform between Claimer and Verifier is in the form of plain text. The Verifier has access to all pieces of the credential information if the Claimer chooses to share them all.

5.2 Selective Disclosure

Unlike the first case, Claimer can select one or more pieces of information to share with the trusted verifier. This feature of digitized credentials makes the platform more targeted to privacy protection by providing individuals with granular control over the information shared with various institutions and entities.

5.3 Anonymous Presentation(Zero-Knowledge Proof)

ZKP is a type of cryptographic math that enables someone to prove things are true without actually revealing the information. zCloak uses ZK-STARKs virtual machine to generate and verify zero-knowledge proofs for general-purpose computation, based on the concept of Self-Sovereign Data and Self-Proving Computation. It helps users to perform computation and analysis on their data without sending the data to 3rd parties.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
zCloak Network

zCloak Network

1K Followers

zCloak Network is privacy-preserving DID and computing platform. Website: zcloak.network; Product: zkid.app