IOSG: The First Application Testbed for DID + Zero-Knowledge Proofs

Original Title: “DID---The First Application Testbed for Zero-Knowledge Proofs”

Author: Ishanee, IOSG Ventures

Editor: Olivia, IOSG Ventures

First, let's explain the meanings of the terms that will be used in the text:

• Decentralized Identity (DID) or Self-Sovereign Identity (SSI): A framework based on open standards that uses independently verifiable credentials owned by individuals, enabling trusted data exchange.
• Credential / Attestation / Verifiable Credential (VC) / POAP / SBT: Documents in Web2 or blockchain that contain details pointing to qualifications. These can be issued by authorities or self-issued.
• Issuers: Entities, institutions, or organizations that issue certificates, attestations, or qualifications.
• Verifiers: End users who query credentials and conduct targeted marketing or participate in activities.

To give a simple example for better understanding of these terms: suppose XYZ Studio wants to airdrop their NFTs to all Uniswap V3 LPs.

• The verifier is XYZ Studio, which will engage in targeted participation activities, namely the airdrop.
• The credential is the Uniswap V3 NFT, held only by Uniswap LPs.
• The issuer is Uniswap Labs.
• The DID is the digital wallet participating in the Uniswap protocol.

When the verifier queries all Uniswap V3 LP NFTs on the blockchain, the public wallet addresses are known to them, and this address is considered a "verifiable data registry." The meanings of the key terms have been established, and now we can begin to focus on how many verifiable credentials and identity stacks exist in internet/Web2 companies, and whether Web3 is related to them.

Identity, VC, and Social Networks in Web2

Meta, Twitter, Instagram, Reddit, Quora, Weibo, and Douyin are all social media platforms. They couple user identities, published content, and social networks into a clean, user-friendly pre-packaged platform, allowing them to collect personal user data such as hobbies, activities, locations, interests, etc.

The business model behind this is simple—these social media platforms sell anonymous user data to advertisers, who can then use this information to conduct more targeted campaigns. Meta and Google even enable an auction model, allowing marketers to bid for ad space.

This business strategy generates huge profits for social platforms—top social media companies in the U.S. earned about $181.1 billion from advertising. For Google and Meta, 81% and 97.9% of their total revenue in 2021 came from this strategy, respectively.

When profits of this magnitude are at stake, no company has the incentive to open-source their identity databases to make them more user-friendly. This is where the philosophy of Web3's decentralized, transparent, tamper-proof, and privacy-protecting social solutions comes into play.

Evolution of Web3 Social Infrastructure

Some key principles of social infrastructure on the blockchain are illustrated below. Data ownership is crucial for end users to have complete control over their digital identities.

Current State of Social Infrastructure in Web3

The current on-chain social data market is divided into dStorage solutions, social graphs, credential issuers, and combinations of issuers and social graphs.
The main challenges facing the industry include:

1. Lack of Granularity in On-Chain Data
2. On-chain data such as wallet holdings (ERC20 & NFTs), transactions, dApp interactions, and transaction frequency are the main data that can be collected.
3. Other types of personal data cannot be obtained except for analyzing the types of NFTs purchased by wallets.
4. Lack of Privacy-Preserving Methods to Bring Off-Chain Data to the Blockchain: For example, Ceramic exposes user data on public chains when bringing off-chain data on-chain, making it indexable.
5. Lack of User Retention: Due to the absence of applications that can continue to propagate social graphs, social networks like CyberConnect or Lens lack user retention.

Role of ZKP in Social Infrastructure

The key challenge of bringing user data from social media networks like Meta or Twitter to the blockchain is the lack of privacy. Even encrypted data stored on multiple anonymous nodes is at risk and vulnerable to hacking or data breaches.

ZK-based applications support:

• Trustless verification of user data
• Protection of user data privacy

With the use of ZK verification in DID systems, users can introduce more granular social data to the blockchain in the form of ZK credentials or attestations, which can be trustlessly verified without significant data leakage or a central database.

Sismo

Sismo's ZK proofs are an interesting experiment in this direction. Based on user/wallet interactions, Sismo allows users to apply for ZK attestations. Using Sismo's SDK, developers can now use Sismo's attestations to lock user groups.
Alpha testing (currently unverified) allows users to mint their ZK badges on Polygon. However, these proofs are evidence of Ethereum activity in the wallet. The following image is an example of a ZK badge for Ethereum super users. Each attestation/badge is a non-transferable SBT (ERC1155).

First Batch

First Batch brings off-chain social data from Discord, Twitter, Reddit, etc., onto the chain. They use Twitter OAuth to index off-chain data from users running through their AI system. The AI tags user profiles with certifications like "coffee lover" and "sports fan," and further tags like "Nespresso" and "Lakers fan."

These tags are converted into on-chain ZK proofs, allowing dApp developers to interact with them at the smart contract level without revealing the true identity of the end users.

Trinsic ID

Trinsic's star products include a Credential API for issuers, a Provider API for customers, and a Wallet API for users & consumers. To use Trinsic, end users must create a digital wallet and generate credentials designed in Trinsic Studio within the wallet. In addition to credentials, users must also generate verification policies to display multiple data points, such as "user is over 21 years old."

The Provider API can access VC and Wallet API to lock in their key user groups and conduct on-chain activities like airdrops.

Notebook Labs

Notebook allows users to set up a "notebook" containing data that indicates they are human, along with some other personal data such as name, address, social security number (optional), country of residence, etc. User notebooks in V1 are stored on AWS servers.

If a user wants to prove their identity, Notebook verifies their wallet address and connects to their notebook. The client generates a proof that shows they have a leaf node in the Merkle tree, which is sent to the smart contract for verification.

This application will be an excellent solution for pre-approved KYC AML (Anti-money laundering) and can be easily integrated into dApps in the future. Using ZK-based DID is very suitable for protecting user privacy and allowing users to control editing their data without storing all data on-chain.

Humannode

Humannode is a Layer1 blockchain against witch-hunting attacks, using proof of uniqueness and proof of existence as its foundational consensus layer. This blockchain is an EVM-compatible underlying chain. Each node has equal voting rights, and malicious behavior will be blacklisted. The team claims to have collected data from over 10,000 individuals.

The Humannode team specializes in cryptographic biometric authentication, combining cryptographic secure matching and validity detection mechanisms to verify the uniqueness and existence of real human identities. They use ZKP to provide proof of uniqueness and liveliness to the protocol.

Polygon ID

Polygon recently announced their Polygon ID product, which works similarly to Sismo. They focus on proof of activity for wallets on the Polygon chain and help generate ZK proofs as a verification mechanism. The key user-side products are the identity application and ID client toolkit shown in the following images, which include relevant APIs and SDKs for developers/dApps/users to integrate.

Worldcoin

Finally, there is Worldcoin, developed by Sam Altman, co-founder of OpenAI. Worldcoin aims to provide a privacy-protecting personality proof protocol, powered by Semaphores (a ZK implementation developed by AppliedZK). They have integrated with an Optimistic Rollup called Hubble to realize their vision of "airdropping to a billion people."

They created a product called "Orb" that captures an image of a person's eye and converts it into a short digital code to check if the person is already registered. If not, they will receive a free share of Worldcoin.

Conclusion

Social infrastructure is key to building any form of sustainable social network or Web3 application. Privacy, security, and data ownership are critical in the infrastructure space. Many companies are currently working to address this issue, and almost all companies focused on identity privacy use zero-knowledge proofs as a source of verification.

As the industry evolves, the key challenge for these companies will be to capture market share—this primarily involves user data, which can only be scaled through social applications that require users to "register." Worldcoin is an exception to their market entry, but all other companies are actively vying for the attention of developers and dApps. For these infrastructure providers, creating a functional SDK to onboard developers is crucial. They may have some gamified elements on their front end, but this is limited in scale, as large-scale user migration occurs around the concepts of "entertainment," "content," or "speculation" in cryptocurrency.