Digital Identity and iden3 technology

What is a digital identity

A digital identity is the model and information associated to an entity (person, organization or thing) used by computer systems to represent the external agents to which associate data, interactuate or transact for example. 

Digital Identity Management is not a new challenge, nor is it specific to distributed ledger environments. Applying a digital identity to a physical person (although an identity may be a human, a legal entity, or even a “thing,” like a software program or a piece of hardware that can sign in a trusted manner) is a problem many groups have been attempting to solve since the 1980's. The end user has been forced to manage different user/password pairs and identification flaws and errors have historically become a problem within every security policy for all organizations implementing the existing solutions.

The  security risk of this common design pattern is difficult to measure in terms of economic impact, and the deployment of these existing solutions is difficult because of integration between other existing applications, technological lock-in and user apathy. Most approaches only solve the problem partially, are very costly due to intellectual property rights imposed by vendors, and very complex to implement.

Some initiatives to bring about standardization have been started, such as ISO 2009, and other independent projects such as SAML 2.0, OpenID and OAuth. Most of them are deployed in existing identity platforms, however, the market has yet to adopt any of these as standard.

The only technological approach widely adopted is based on directories leveraged as single points of control. These are based on the legacy X.500 design and evolved into some proprietary technology directories or similar deployments. This design tends to create information “honeypots” which has led to significant losses of privacy for hundreds of millions of people and the user/password is widely used as the way to identify users.

The global trend of digital transformation, the need for identities to be applied to non-human actors (i.e. Internet of Things), and the need for one person to manage multiple identities to be used in diverse use cases, makes the development of a new secure and user friendly identity management solution more urgent every day.

With the development of blockchain technologies, and cryptocurrencies becoming an emerging asset class, blockchain platforms are quickly becoming trusted globally for exchanging value and signing transactions. But still identity management and reliable human association to an account (and a private-public key pair) is a major issue yet to be adequately addressed.

Claim-based model

iden3 project leverages on the claim paradigm. It can be modeled as if each piece of information or attribute associated to an identity comes from another identity's issued claim. 

These issued claims can be public or private, and this need for privacy is obtained by decentralization and leveraging on the use of zero-knowledge proofs.

Iden3 concepts

This model is based on the protocol between the 3 parties involved: issuer, receiver and validator.

3 parties model

Direct claims issuance model

In this model, user identity claims are stored in a Merkle tree and the merkle root stored on chain.

The history of the Merkle roots for all identities is kept on chain, but all the information regarding to the data of the claims is stored off-chain, and the user is in control of this respository.

In such a model, a prolific claim generator entity like a government, can add/modify millions of claims on a single transaction, an maintain their entire claim database with a periodic transaction with a very low cost for an organization.

Single transaction

Indirect claims issuance model

An identity can "pseudo trust" a relayer to do a claim for him.

The identity signs the claim tree root and sends it off chain to the relayer. The relayer makes a claim of the form:

"The claim tree root of the id 0xdba.. is 0x1234"

In this scenario, the relayer is "Trustless". Meaning that thanks to zero knowledge proofs, the relayer can stop working but can not lie.

Enabling the use of relayers, millions of users can create millions of claims which are finally registered on mainnet, but without spending any gas, which makes iden3 platform accessible for all and enables freedom of speech.

Indirect claims