February 22, 2022

Understanding ISS: VCs and DIDs

Globe icon

Self-Sovereign Identity (SSI) is an approach that has become popular with the emergence of Web3 technologies, including the Blockchain.

After examining its definition in a recent blog post and dedicating a white paper to the subject, we decided to look at the technological concepts that make IMS possible: Verifiable Credentials (VCs) and Decentralized Identifiers (DIDs).

In this article, we will introduce you to: 

  • How VCs facilitate online authentication
  • How Selective Disclosure and Zero-Knowledge Proof work to preserve confidentiality
  • How DIDs enable user-controlled verification


VCs or online authentication made easy

VCs make it possible to answer a simple question: how can we provide, online, proof of identity verification that has the same level of trust as an identity document issued by the State?
To answer this question, it is necessary, first of all, to talk about the tools that make it possible to store these Verifiable Credentials: the famous wallets or digital wallets in French.

Definition of a wallet

Like any physical wallet that holds your other credit cards, IDs and other loyalty cards, wallets can store digital assets. Wallets can take the form of a storage key - like Ledger keys - or as a mobile application.

Each wallet includes 2 keys:

  • a public key accessible by everyone (e.g. a Bitcoin address)
  • a private key (e.g. a series of characters known only to the wallet owner)

If a wallet can contain NFTs, it can also contain VCs.

What is a VC? 

Verifiable Credentials are digital, standardised certificates issued by an entity that certify properties about an individual. These certificates allow information to be shared online in a secure and private manner. 


With these verifiable credentials, it becomes possible for any individual to issue specific information needed to access a service... without disclosing the data concerned. 

VCs allow, for example, to prove eligibility for access to a service... without disclosing personal data (e.g. we can prove that you are over 18... without disclosing your date of birth... and with a high level of trust).

Illustration of the principle of the triangle of trust imagined in a Self-Sovereign Identity approach


How can you prove a condition without disclosing data? This is possible through selective disclosure and Zero-Knowledge Proof.

Selective disclosure allows evidence to be generated from a selected set of attributes. Imagine if you could prove that you are over 18 with your ID card without disclosing the mailing address on it. That is disclosing the attribute needed for proof.

Zero-Knowledge Proof is a cryptographic protocol that allows you to verify the authenticity of a property without revealing the value of the data. You can prove that you are over 18 years old without revealing your date of birth.

Selective disclosure and Zero-Knowledge Proof are at the heart of the application of Self-Sovereign Identity

VCs and Derivative Evidence in the presentation of evidence to the auditor

In the above diagram, largely inspired by the W3C diagram, two situations can be imagined.

First, an online betting site asks a person wishing to use its services to prove that they are over 18. Through their wallet, they could simply reveal their Verifiable Credentials, which contain the necessary attributes to prove their eligibility. But in doing so, they would be revealing personal information that is not necessary. An alternative approach would therefore be to create a derived credential that contains only the information necessary for proof. This is called selective disclosure.

The second is that, in order to hold a position in his company, an employer asks a candidate to prove that he has a degree at Bac + 5 level. Thanks to the Zero-Knowledge Proof protocol, the employer knows if the candidate has the diploma... without needing to know when the diploma was obtained.

So attributes can be verified without having to share information... but how can we be sure that this evidence is authentic and not falsified? 

Let us now turn our attention to Decentralized Identifiers (DIDs).


DIDs: facilitating authentication under user control


Today, when you send messages on an application, you are given identifiers.

These identifiers are the property of the application operator. These identifiers are contained in metadata, i.e. information that defines the context and use of the data.

However, these identifiers can raise privacy concerns. For example, Whatsapp collects data associated with your use of the application in the metadata: the timestamp of your messages, the recipients, the duration of the call, your geographical location (this has nothing to do with the fact that Whatsapp encrypts your messages).

Screenshot of Whatsapp's privacy policy and the information collected by Meta (ex-Facebook).


Moreover, this data is monetised. For example, for the creation of profiles, which are then used for advertising targeting.

DIDs are a way of getting around this problem of privacy and monetisation. DIDs are secure, unique identifiers created by the user to ensure authentication to online services, for example .

When a person requests a VC from an issuer, the issuer can create an ephemeral DID, dedicated to this exchange between the person and the issuer, to which the VC will be attached.

The blockchain stores data about issuers and confirms the validity of a VC.

Thus, an individual who wants to verify a VC can query an identity and evidence registry to confirm the identity of the issuer and their eligibility to issue such a credential... confirming that the credential in question is still valid.

As Quentin Drouot, CTO of Archipels, puts it so well: "Your energy supplier doesn't need to know that one of its customers has registered on an online betting site because it has to check that you live in France.

DIDs are fully user-controlled

DIDs and VCs build trust between the issuer, the user and the verifier.

DIDs + VCs = SSI

Cyber attacks have increased dramatically in recent years, challenging traditional models for managing personal data. 

In this context, ISS becomes a first choice solution. If you have any questions about ISS or decentralised identity, please do not hesitate to contactus

Find out more about Archipels decentralized identity solutions :
I want to be recontacted

NOs 6 Latest blog posts

November 2, 2023
Proof of age to access certain websites
What are the best ways to verify that an Internet user is of legal age?
May 23, 2023
The European digital identity: when will it be available?
If the project dedicated to the creation of a European digital identity is on the right track, there are still a number of steps to take before we can benefit from it.
February 15, 2023
Notarizing on blockchain to transform the public sector?
Notarization on blockchain, thought as a method of recording certified data in a secure and transparent way, answers critical issues.
November 16, 2022
In the age of e-wallets, digital identity at the heart of UX
On the occasion of the publication of the AIS white paper, we take a look at the state of the art of digital identity management systems around the world, the technology standards that underpin them and the latest trends.
September 20, 2022
Food labels: certifying on Blockchain to fight fraud?
According to a recent EUIPO study, the rate of counterfeiting of PGI / PDO products would reach 10.3%. How does blockchain help fight fraud?
August 4, 2022
Evidentiary value of the Blockchain: what you need to know!
Blockchain is a universal evidentiary mechanism and will soon be recognized in law in all its evidentiary value making the verification of data in customer journeys compliant with legal provisions.
Archipels logo

Products

Archipels CertifyArchipels VerifyArchipels ConnectConnect ratesCertify rates

Receive the Archipels newsletter!

Digital identity recap.

Thank you! Your submission has been received!
Oops, something went wrong!

2024 Archipels

Privacy statementCookie settingsLegal notice