Decentralized Identity: The Passport to Web3

Author: Amber Group
Translator: Evelyn ｜ W3.Hitchhiker
Introduction

The creation of the internet did not provide a native layer for identity. As a result, the issue of digital identity has been relegated to websites and applications. This isolated approach may have been appropriate in the early days of the internet, but as billions of people are now online, its drawbacks have become increasingly apparent. Usernames and passwords remain the mainstream model, despite being repeatedly proven to be an insecure method. On average, individuals have to manage 70 to 80 passwords, leading to a significant decline in user experience. In fact, there are several multimillion-dollar businesses built around helping companies and individuals manage their scattered accounts, such as Okta, 1Password, and Dashlane. Most importantly, users do not actually own their online identities. Instead, they rent them from companies and centralized entities. Consequently, they are easily exposed to risks of digital identity being hacked, manipulated, censored, or simply lost.

The emergence of Web3 fundamentally embeds economic shifts and reintroduces the importance of creating robust identity systems. While decentralized identity (DID) has largely been an overlooked topic compared to DeFi, NFTs, and DAOs, we believe it is a key technological foundation for enabling Web3 native applications. If we create a shared, flexible, and resilient identity layer, we can significantly unleash the pace of innovation by creating a broader design space.

In this report, we provide a high-level overview of key DID concepts and the current DID ecosystem, delving into some projects at the forefront of building the Web3 identity foundation.

Decentralized Identifiers (DID)

The DID specification from W3C is a widely accepted standard that ensures identity systems can interoperate across different networks and platforms.

Below is an overview of the DID architecture. A DID is an address on the internet that someone can own and control directly. It can be used to locate connected DID documents, which contain information related to the DID. DID documents include relevant information for use cases such as sign-in, data encryption, communication, and more. Cryptographic proofs, such as digital signatures, allow entities to prove control over these identifiers.

Basic components of the DID architecture

In summary, a DID is an identity hub. Because users control their hub, they can decide when, with whom, and under what conditions to disclose elements of their digital identity. As the DID standard is adopted by more people, individuals will not be locked into a single ecosystem or isolated approach.

DIDs provide users with control, security, privacy, and portability

DIDs Enable New Use Cases

In the physical world, identity is essential for a well-functioning society. Passports allow governments to identify their citizens, driver's licenses enable citizens to claim the right to be on the road, university degrees confer qualifications, and so on.

Similarly, DIDs will enable high-value internet economic activities. Below, we highlight some current pain points in Web3 that DIDs can address.

NFTs ------ Authenticity and Identity

Fraud and plagiarism continue to plague artists and creators. For example, digital artist and designer Derek Laufman of Marvel's Super Hero Adventures saw his work auctioned on the NFT platform Rarible without his knowledge. Stories like this are common.

NFT fraud continues to trouble artists, source: Twitter

A robust DID infrastructure can solve this problem. Applications can be built on top of DIDs, allowing creators to prove that NFTs representing digital or physical assets were created by them. Buyers and sellers will also be able to verify the provenance of digital artworks. DIDs can also help facilitate more engagement between artists and their communities, such as restricting NFT ownership to community members to limit speculative behavior by scalpers or providing exclusive NFT content to specific holders.

More broadly, NFTs can serve as an anchor for decentralized identity. Some users are already identifying their online presence not only with usernames but also with NFT projects. For example, Manifold co-founder @richerd explained that he rejected a $9.5 million offer for his CryptoPunk NFT because he believes his CryptoPunk is part of his identity and brand.

NFTs as Online Identity

Source: Twitter (@richerd)

Unlocking the Next Phase of DeFi

So far, collateralization has been a pillar of DeFi growth. However, because cryptocurrency financial protocols aim for complete trustlessness and permissionlessness, they often require over-collateralization. For example, loans issued on MakerDAO with ETH require a collateralization rate of 130-170%. This has driven DeFi's growth over the past year, but collateral requirements primarily limit usage to cryptocurrency traders looking to take on leverage. For most people, the reason they want to borrow is that they do not have the money they need.

Reducing or completely eliminating collateral requirements is key to bringing DeFi to mass adoption. Having a strong DID layer can allow for "on-chain" credit scoring, providing users with credit-based lending opportunities. Additionally, since users directly control their credit scores, they can better monitor and adjust their borrowing behavior. Thus, DIDs provide an opportunity to further democratize decentralized financial systems.

Moreover, having a strong identity layer in financial applications can address other current issues in DeFi, such as:

· Improving the fair distribution of token airdrops by verifying actual members and reducing the likelihood of bot dilution.

· Gatekeeping access to DeFi pools using DIDs to reduce spam/Sybil attacks, or enabling institutions to participate by providing compliance tools to identify counterparties.

· Guiding users through Ethereum's dark forest, illuminating trustworthy participants to act in a positive-sum manner.

Decentralized Autonomous Organizations (DAO)

DAOs typically use token-based governance for voting, influence, and prioritization. This often makes sense—those with the most tokens in the game have the most skins—but it can exclude or disenfranchise active contributors who may not have significant capital. While members can build their reputation within a DAO, they may need to start from scratch to establish credibility in a new environment.

DIDs can retain a user's reputation across multiple DAOs. The portability of credentials from one DAO to another reflects the reputation portability we already enjoy in the physical world, preventing active contributors from starting from zero. Additionally, other Web3 contexts, such as participation in Gitcoin, publishing articles on Mirror, or contributing code on Radicle, can further help DAOs find qualified candidates.

DID Ecosystem

The DID ecosystem can be broken down into several layers, each built on top of underlying protocols. We leverage and slightly modify the DIF's four-layer identity model to map current DID projects by their primary focus, but it is important to note that this is a simplified model, and most projects extend beyond a single layer.

Layered Decentralized Identity Ecosystem

Source: DIF, Amber Group

· Layer 1: Identifiers and Standards

Standards, identifiers, and namespaces create a public trust layer that ensures standardization, portability, and interoperability. They also allow networks to register and manage DID methods, providing developers and users with the rules and context for network ID systems.

The Decentralized Identity Foundation (DIF) plays a key role at this layer and is the cornerstone of the ecosystem. It serves as a hub for developing, discussing, and managing all activities necessary to create and maintain an interoperable open ecosystem for the DID stack.

· Layer 2: Infrastructure

Infrastructure and agent frameworks allow applications to interact directly with each other and verifiable data registries. These solutions include communication, storage, and key management. We highlight Ceramic and ENS as projects at the forefront of building DID infrastructure (although the classification of ENS can be debated, we place it in the infrastructure layer because we foresee credentials and applications being built on top of ENS in the future).

· Layer 3: Credentials

Credentials must be managed, updated, and exchanged. The purpose of this layer is to address how DIDs negotiate control and authentication proofs, as well as securely transmit data between identity owners.

BrightID is a notable project in this space. It is a social identity network with over 30,000 users that allows people to prove to applications that they are not using multiple accounts, thereby minimizing the chances of Sybil attacks.

Vitalik Buterin Discusses the Potential Applications of BrightID

Source: Twitter (@VitalikButerin)

· Layer 4: Applications, Wallets, and Products

This layer may be the most familiar to readers, aiming to provide real-world use cases and value for consumers. Some projects, such as Goldfinch (unsecured loans), use proprietary unique entity checks, but the goal is to leverage decentralized ID solutions as they mature. In contrast, other applications have already utilized existing DID technologies, such as TrueFi (unsecured loans with on-chain credit scoring), Gitcoin (funding public goods), and Essign (decentralized electronic protocols).

· Layer X: Transversal

These projects largely transcend any single layer and impact multiple levels. For example, the GDPR data protection law in Europe affects all areas of the ecosystem.

Token Value in the DID Ecosystem

Source: CoinGecko, Coinmarketcap as of November 22, 2021

Selecting DID Projects

Ethereum Name Service - The Public Registry of Ethereum

The Ethereum Name Service (ENS) is a foundational tool that turns any Ethereum address into a public registry. Its primary function is to map human-readable names to machine-readable identifiers. Instead of transacting with "0x7fc7a9694A09077e137f953108265ad59cCF5ba3," you can enter "amberfin.eth" instead. Moreover, due to ENS's hierarchical structure, anyone who owns that domain name may also own subdomains. For example, because Amber Group owns "amberfin.eth," it can also create "pay.amberfin.eth." ENS domain names can also have text records, allowing users to store a variety of data, all linked to a single identifier. In this setup, there are no centralized entities or companies involved.

· Amber Group's ENS Records

The use cases for ENS are continuously growing. A comprehensive DNS integration for ENS was launched in August this year, allowing you to send cryptocurrency to "example.com" instead of "example.eth." Additionally, .eth domain names can also be used to build decentralized websites. For instance, Ethereum co-founder Vitalik Buterin utilized this DNS integration to create a powerful, censorship-resistant website with IPFS.

ENS is likely to play a key role in future portable and decentralized identities. It is registered as a DID representation, allowing ENS names to be wrapped into DIDs to facilitate interoperability. Many Web3 users are already using ENS as their identifier. A survey of ~300 Ethereum users found that ~64% of users already have an ENS, and on-chain analysis shows that ENS users average 2.5 domain names. With the rollout of additional features (such as NFT avatar support) and increasing adoption of dApps for ENS, Web3 users may increasingly use ENS as their de facto public identity on Ethereum.

ENS Name and Avatar Support on Uniswap

ENS Ecosystem

On November 2, ENS announced that it is moving towards decentralized governance by accepting applications from DAO representatives and airdropping ENS governance tokens. The airdrop includes 25% of the total maximum supply; the remainder will be used for community treasury and contributors. This allocation essentially provides half of the total tokens to past individuals (previous contributors and users) and half to future individuals (community treasury).

ENS Token Distribution

ENS token holders only hold governance rights in the DAO and do not receive additional monetary value. Uniquely, ENS token holders are required to sign the ENS constitution, which emphasizes key principles—such as enforcing property rights, avoiding rent-seeking behavior, and integrating with the global namespace—to claim their tokens. Therefore, one of the most exciting aspects of the ENS token is that it is an experiment in how markets price digital public goods.

ENS has generated nearly $20 million in revenue, primarily from new domain registrations, and this revenue will go into the DAO treasury.

ENS Monthly Revenue

Source: Dune Analytics (@makoto)

ENS's revenue per transaction is also increasing, indicating that users are registering domain names for longer periods, acquiring higher-value domain names (i.e., shorter domain names), or both.

ENS Revenue per Transaction

Source: Dune Analytics (@makoto)

After reaching an intraday high of approximately $8.4 billion, ENS's fully diluted market cap is currently [4.2 billion dollars], implying a price-to-earnings ratio of 236 based on the past 12 months.

ENS Market Cap (Fully Diluted)

Source: CoinGecko

MetaMask ------ The Gateway to Blockchain Applications

In the new technological paradigm, the solutions that users interact with most frequently often have a significant impact on the future development of the industry. Similar to how browsers were the battleground for Web1 (Netscape, Internet Explorer, Google Chrome) and applications for Web2 (Facebook, Instagram, Netflix, Spotify), wallets may become the battleground for Web3.

If you have ever interacted with Web3 applications, you have likely used MetaMask. Launched by ConsenSys in 2016, MetaMask is a non-custodial cryptocurrency wallet that allows users to interact with the Ethereum blockchain and any Ethereum-compatible networks (such as Polygon, Arbitrum, Avalanche).

While there is no strict focus on decentralized identity, MetaMask serves as the de facto application for over 21 million monthly active users accessing their Ethereum addresses. Parallel to Web2 single sign-on (SSO) options, almost all EVM-compatible Web3 applications will offer "Log in with MetaMask."

Registration Options on Augur (left) and OpenSea (right)

MetaMask serves as a powerful mental model, showcasing what a broader DID solution might look like while also highlighting the promises and dangers of self-sovereignty. Because MetaMask users hold their own private keys, they truly own the assets in their wallets. There is no need to trust a third party for security and custody. Additionally, users can seamlessly transfer assets from one application to another. For example, an NFT purchased on SuperRare can easily be sold on OpenSea, limiting platform lock-in and enhancing portability. It can be argued that the customer experience has also improved—users do not need to deal with complex registration processes and manage multiple usernames/passwords; they can simply connect their MetaMask wallet to try new applications. Moreover, although "connecting with a wallet" may seem fragmented, it is important to remember that these wallets are just user interfaces, all using the same underlying account system—you can import your Web3 account into other wallets.

Importing an Account to MetaMask

However, hackers and scams are rampant. Web3 users must remain highly vigilant about the security of their wallets to avoid losing control of all their assets. Even losing the seed phrase of a wallet can lead to permanent loss of funds. Therefore, some users may still prefer to delegate account security and management to third-party custodians.

MetaMask is expected to gradually transition to decentralized governance. ConsenSys founder Joseph Lubin recently stated that MetaMask will launch a token in the near future. MetaMask's senior software engineer Erik Marks indicated that the project is "absolutely open to the idea of making the project community-owned," although the team hopes that the use cases for the MetaMask token will be compelling. Some speculate that if MetaMask does conduct an airdrop, users who have used the swap feature of MetaMask will be the primary decision-makers.

ConsenSys CEO Discusses MetaMask Token Issuance

Source: Twitter (@ethereumJoseph)

MetaMask primarily monetizes through its embedded swap feature, which aggregates data from decentralized exchange aggregators, market makers, and DEXs, adding a 0.85% swap fee on top. Since the beginning of this year, the adoption of the swap feature has significantly increased—MetaMask earned approximately $40 million from its swaps last month.

Daily Transaction Volume and DAUs of MetaMask Swap on Ethereum L1

Source: Dune Analytics (@tomhschmidt)

In fact, the revenue growth from MetaMask's swap feature has significantly outpaced the revenue growth of Sushiswap and Curve.

Comparison of MetaMask Revenue with DeFi Protocol Revenues

Source: Dune Analytics (@momir)

Uniswap and 1inch, the leading Ethereum DEX and DEX aggregator, respectively, constitute the majority of MetaMask's liquidity sources.

Liquidity Sources for MetaMask Swap

Source: Dune Analytics (@momir), November 21, 2021

The potential valuation range for the MetaMask token is broad. While stock valuations have no direct comparability, ConsenSys's recent equity financing ($200 million, $3.2 billion valuation) can provide a rough estimate of what the MetaMask token might be worth (when Sky Mavis raised equity financing at a $3 billion valuation, the AXS token was valued at around $4 to $5 billion). Direct token comparability also indicates a wide range. Applications can be valued at $500 to $1,000 per MAU, suggesting a potential valuation range of $10.5 billion to $21 billion.

Valuation Benchmarks for ConsenSys

Source: Public filings, Capital IQ, CoinGecko, Amber Group estimates

Ceramic

Ceramic is a public, decentralized data network for managing dynamic and variable information on the internet. It provides developers with the ability to build applications without databases or servers by creating a flexible primitive called Ceramic streams.

On Ceramic, each piece of information is represented as an append-only commit log called a stream. Each stream is a directed acyclic graph (DAG) stored in IPLD, with an immutable name called StreamID and a verifiable state called StreamState. A stream is conceptually similar to a Git tree, with each stream being its own blockchain, ledger, or event log. Tile Documents are a type of Ceramic StreamType often used as a database alternative for identity metadata (such as archives, social graphs, linked social accounts), user-generated content (such as blog posts, social media), DID documents, verifiable credentials, and more.

The protocol does not rely on any specific blockchain. Instead, it can be conceptualized as a "document chain," where verifying the state of a specific document only requires users to synchronize the data of that given document. Users do not need to synchronize the entire state of the network, as is typically done in most blockchain networks (like Bitcoin, Ethereum). Therefore, there is no global file ledger.

One of Ceramic's key tools is IDX, which is a cross-chain identity protocol that provides a unified repository where all applications can register and discover data sources related to users' DIDs. It can be thought of as a decentralized user table. Thus, IDX allows users to control their identity and data without locking into any single application and easily protect and port their data across applications. At the same time, it enables developers to build data-rich applications without forcing users to recreate the same data across each application.

Ceramic is an important middleware in the DID technology stack. Some projects built on the Ceramic network have already seen traction and market fit, including:

· Boardroom: A governance management platform for DAOs that uses Ceramic's platform to store proposal comments.

· Rabbithole: Encourages people to use applications of Web3 projects, allowing them to earn points and cryptocurrency. Rabbithole uses the Ceramic network to connect multiple Web2 and Web3 accounts into a unified, cross-chain DID, allowing users' reputations to span across other Web3 applications.

· ArcX: A decentralized application that provides on-chain credit scoring and identity through the issuance of "DeFi passports."

Conclusion

The internet may be the most important invention of the century. Over the past two decades, it has fundamentally changed the nature of information flow in society: media, politics, news, education, social interaction, and more. However, even as economic activities increasingly shift from atoms to bytes, our online identities still lack true ownership and remain isolated within platforms.

With the emergence of the value internet, robust DID solutions will be needed to mainstream Web3 by enabling new use cases. We are still in the early stages, but the future is bright. Due to the composability and interoperability of DID standards, the momentum generated by each new application will impact another application. We expect the importance of DID solutions to continue to grow exponentially in the coming years, unlocking the next major cycle of Web3 applications.