Decentralized Identity with the Tezos DID Method
A DID Method geared for privacy, formal verification, and scaling to billions of identifiers by using off-chain updates.
Spruce and TQ Tezos are jointly releasing the draft specification and initial implementation of Decentralized Identifiers (DIDs) based on the Tezos blockchain. We began our collaboration with TQ Tezos and the wider Tezos ecosystem in August to take full advantage of Tezos’ production-tested proof-of-stake consensus mechanism, ability to perform protocol upgrades, and toolsets for formal methods.
We welcome review of our Tezos DID Method specification, TZIP-019 companion specification, and open-source implementation based on DIDKit. A special thank you goes to Michael Klein of TQ Tezos, a co-author of this body of work, whose contributions have made this possible.
Quick Feature Overview
Tezos Namespace maps directly to the Tezos DID Namespace. Tezos-based DIDs are tz1, tz2, tz3, and KT1 account addresses simply prefixed with did:tz:. For example, tz1aaYoabvj2DQtpHz74Z83fSNjY29asdBfZ just becomes did:tz:tz1aaYoabvj2DQtpHz74Z83fSNjY29asdBfZ.
Tezos DIDs can be used immediately without sending any on-chain transactions. Anyone who generates a new Tezos address can use it as a DID without owning any tez, no exchange or KYC necessary. For readers familiar with the DID ecosystem, this can be thought of as did-key or did-peer with public key hash-based identifiers and a well-defined process for on-chain grafting. In short, Tezos DIDs exist by default but their properties can be optionally updated by their controllers on the Tezos blockchain, or by using signed off-chain inputs.
On-chain data minimization. Spruce takes the position that when it comes to user data, only the absolute minimum amount necessary should be stored on public blockchains. For this reason, the initial release allows only one verification method for authentication as the DID controller, and one service endpoint for linking to a protected service directory. Off-chain rotations for the same two properties are also specified, based on signed JSON patches or Tezos transactions depending on the desired security model.
Support for completely off-chain trust frameworks. Off-chain rotations and authorities means that the Tezos DID method allows for complete DID usage (create, read, update, deactivate) without a single transaction being sent to any public blockchain, maximizing user privacy and reducing the attack surface area. This is a common requirement we have encountered working with our customers in enterprise environments and in the public sector, who also appreciate that tz3 accounts are based on the NIST recommended P-256 curve.
Formal verification
The specification defines the DID manager smart contract which handles the on-chain updates to the DID document. It rotates the verification methods and service endpoints only when signed off by the active key. Anyone can pay for and send the Tezos transaction on behalf of someone else because the signed authorization is contained in an input parameter to the smart contract, similar to a permit.
The DID Manager, like all Tezos smart contracts, is expressed in Michelson, a stack-based, statically typed, and functional programming language. One crucial distinction between Michelson and other smart contract languages is its facilitation of end-to-end formal verification, which has allowed the development of supporting formal verification frameworks including Mi-Cho-Coq and K-Michelson.
We are actively working with TQ Tezos and other groups within the Tezos ecosystem to scope candidate properties and create correctness proofs for them. This can demonstrate immunity from the vulnerabilities responsible for many blockchain attack vectors, including transaction ordering attacks, reentrancy bugs, and violations of state-transition invariants. By next quarter, we expect to have preliminary results incorporated into our implementation’s continuous integration and testing harness.
Scalability and P2P Messaging
We believe that there will exist billions of DIDs actively used by people, IoT devices, software agents, and ephemeral identities on a per-interaction basis. It should be cheap and easy to create one or more DIDs uncorrelated with any aspects of your identity except for what you specifically choose to reveal.
You might want to create a new identifier to share with someone you just met at a party to allow them to securely contact you without giving out your email or phone number. A cloud-based software agent might want to do the same thing but thousands of times per day and with other software agents. Supporting these off-chain structures in a standardized, unified way via emerging P2P and scalability protocols was a central commitment of our design process.
Concretely, the Tezos DID Method supports off-chain updates to the DID document that can be hosted on the Sidetree protocol based on CRDTs, on top of the Key Event Receipt Infrastructure (KERI), or using DHT approaches such as in did-orb. Tezos DIDs will also be able to communicate with each other privately and securely using TorGap (via tz1’s ed25519 keys) or DIDComm.
Tezos ecosystem integrations
Tezos wallet integrations. We are working with wallets, including Kukai, to integrate support for the Tezos DID method and W3C Verifiable Credential-enabled workflows using DIDKit. This will allow Tezos users to privately demonstrate their digital credentials as a way to securely authenticate to services (i.e., “Login with Tezos”).
Baker credentials. We are collaborating with organizations such as Baking Bad to allow Tezos bakers to receive credentials demonstrating their baking history and reputations. With the Tezos DID method, these credentials can now be issued directly for use with their baker addresses or accounts authorized by their baker addresses. Bakers will be able to use their Tezos DIDs to update their metadata in a registry.
Cross-chain credentials. Blockchain users with impressive on-chain transaction histories can’t do much with them on-chain or off-chain. By using a Tezos DID, a user can demonstrate their cross-chain activity such as participation in DeFi (trading, LP) and games in order to be eligible for rewards from services and platforms in the Tezos ecosystem.
NFT authenticity verifications. The combination of credentials issued by social proofs and Tezos DIDs can allow NFT artists to demonstrate their identity for a specific Tezos account. This ensures that an artist can endorse the authenticity of their own digital creations over time, not just at time of issuance of an NFT, and in so doing reduce the ability of fraudulent digital assets to deceive purchasers.
Future development
As the Tezos protocol upgrades and the ecosystem continues to mature, we expect to make improvements to the DID method that would be difficult to replicate in other ecosystems.
- We are working with engineers from TQ Tezos and the wider Tezos ecosystem to prove correctness of select properties of the DID manager smart contract as part of our integration testing.
- With the recent addition of shielded transactions in Edo, it is possible to transfer assets anonymously with DID-based peer-to-peer verifications that leave no on-chain connection strings by using service endpoints.
- We are closely tracking the work of the TezEdge team to enable pure Rust transaction forging in DIDKit.
- Based on feedback from early Tezos DID users, we will be proposing our own updates to the Tezos protocol that can specifically improve support for decentralized identity.
