当前位置：网站首页>Did decentralized digital identity

Did decentralized digital identity

2022-06-13 08:02:00 【Boiled soybeans in brine】

DID Decentralized digital identity

identity

The International Committee on electronic technology will “ identity ” Defined as “ A set of properties associated with an entity ”. The entity here is not just people , For a machine or an object, it can be an entity , Even virtual things in the network can be entities and have identities .

Digital identity

With the emergence and popularization of the Internet , Traditional identity has another form of expression , Digital identity . It is generally believed , The evolution of digital identity has experienced four stages , Namely : Centralized identity 、 Alliance identity 、 User centric identity and self My sovereign status .

Centralized identity is managed and controlled by a single authority , Most identities on the Internet are still centralized .
The emergence of federated identity solves the problem of fragmented and disordered identity data in centralized identity , This identity is managed and controlled by multiple institutions or alliances , The user's identity data has a certain degree of portability , For example, when a user is allowed to log in to a website , You can use the account information of other websites , Be similar to QQ、 Cross platform login of wechat or Weibo .
User centric identity focuses on decentralization , Share identity data through authorization and permission , for example OpenID.
Self sovereignty identity is truly decentralized 、 An identity wholly owned and controlled by an individual .

PKI system

Public Key Infrastructure Abbreviation , Public key infrastructure , Its main function is to bind the identity of the certificate holder and the related key pair （ By issuing digital certificates for public keys and related user identity information ）, Provide users with convenient certificate application 、 The certificate is invalid 、 Certificate acquisition 、 The way to query the certificate status , And use digital certificates and related services （ Certificate release , Blacklist release , Time stamp service, etc ） Realize the identity authentication of each entity in the communication 、 integrity 、 Non repudiation and confidentiality .PKI The center of the system is CA The server ,CA The server must be secure , A trusted . The main carrier is X509 Form of certificate file . About PKI The system can refer to https://blog.csdn.net/lk2684753/article/details/100160856

DID

Decentralized IDentity Decentralized identity , abbreviation DID, Compared with the traditional method based on PKI Our identity system , Based on blockchain DID Digital identity system has the function of ensuring the authenticity of data 、 Protect the privacy of users 、 Strong portability and other characteristics , The advantage is ：

De centralization ： Based on blockchain , Avoid identity data being controlled by a single centralized authority .
Identity is autonomous and controllable ： be based on DPKI （ Distributed public key infrastructure ）, The identity of each user is not controlled by a trusted third party , But controlled by its owner , Individuals can manage their own identity .
Trusted data exchange ： Identity related data is anchored on the blockchain , The authentication process does not need to depend on the identity provider .

DID identification

DID An identifier is a string in a specific format , A digital identity used to represent an entity , The entity here can be human 、 machine 、 matter .DID The format of identification is ：
Insert picture description here

Prefix did: Is constant , Indicates that the string is a did Identification string .
In the middle of the example go by the name of DID Method , It is used to express this DID Identify which scheme is used （ Method ） To define and operate . This DID Methods we can customize , And register to W3C Website （https://w3c.github.io/did-spec-registries/#did-methods） in .
The last part is in the DID Method . For example, we made a DID System , We call the method cid Well , I want to have all the information of Chinese citizens' ID cards DID turn , So I DID The logo is ：
did:cid:411424**************0
Here we use the ID card number as cid This DID Method .

DID file

every last DID The logo will correspond to one DID file （DID Document）. This document is a JSON character string , It usually contains the following information ：

DID Document content
describe
DID The theme
DID The identifier itself , That is to say DID The document describes the DID. because DID The global uniqueness of , So in DID There can only be one... In the document DID.
Public key
Public key is used for digital signature and other encryption operations , These operations are the basis for authentication and secure communication with the service endpoint . If DID The public key does not exist in the document , The key must be assumed to be revoked or invalid , At the same time, the revocation information of the key must be included or referenced （ for example , Undo list ）.
Authentication
The process of authentication is DID Themes are encrypted to prove that they relate to DID The associated process .
to grant authorization
Authorization means that someone else represents DID Theme execution operations , For example, when the key is lost , You can authorize others to update DID Document to help recover the key .
Service endpoint
In addition to publishing authentication and authorization mechanisms ,DID Another major purpose of documentation is to discover service endpoints for topics . The service endpoint can represent any type of service that the subject wants to advertise , Including for further discovery 、 Authentication 、 Decentralized identity management services for authorization or interaction .
Time stamp
Document creation time and update time
The above information is not required , However, generally we recommend including . Let's look at a specific DID Document example ：

{
    
"@context": "https://w3id.org/did/v1",
"id": "did:example:123456789abcdefghi",
"authentication": [{
    
//  Ben DID The document corresponds to DID identification 
"id": "did:example:123456789abcdefghi#keys-1",
"type": "RsaVerificationKey2018",
"controller": "did:example:123456789abcdefghi",
// Ben DID Corresponding public key information 
"publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n"
}],
"service": [{
    
//  Access book DID Corresponding VC The service interface of 
"id":"did:example:123456789abcdefghi#vcs",
"type": "VerifiableCredentialService",
"serviceEndpoint": "https://example.com/vc/"
}]
}

DID The most important thing in the document is the public key information , This is what we are going to do next VC and VP The basis of verification .

We usually put DID Identity as Key, hold DID Document as Value Stored in the blockchain , Using blockchain can't be tampered with 、 Features of shared data access , It can quickly access and obtain trusted data when authenticating identity .

Verifiable Certificate / Verifiable statement (VC)

（Verifiable Claims or Verifiable Credentials, This article will be abbreviated to VC） It's a DID Give another DID A descriptive statement issued by endorsing certain attributes of , And attach your own digital signature , To prove the authenticity of these attributes , It can be considered as a digital certificate .
Conventional PKI The digital certificate system needs CA To present , And in the DID Is also divided into the issuer 、 holder 、 Verifier 、DID Registration system （ That's blockchain ）, The specific relationship is shown in the figure ：
Insert picture description here

Issued by the Issuer Is the certification authority , For example, the ID card is issued by the public security organ , A diploma is a certificate issued by a university .
holder Holder Is the holder of the certificate , Just us ordinary people .
Verifier Verifier It refers to the person or organization that checks our certificate when we use it . For example, we stay in a hotel , The front desk needs to verify our ID card , Then the front desk of the hotel is the verifier ; Another example is that when we join a new company, we need to provide a university diploma , New company HR Is the verifier .
DID Registration system Verifiable Data Registry Is that we have stored DID Identification and DID Where to find the document , adopt DID You can query the corresponding DID file .

When the public security organ issued me an ID card , stay DID in , This ID card is VC. One VC Also a JSON character string , It contains the following information ：
Insert picture description here

VC Metadata , Mainly the issuer 、 Date of issue 、 Information such as the type of declaration .
Statement , One or more descriptions of the subject . For example, my ID card was issued to me by the public security organ VC, The declaration will contain ： full name 、 Gender 、 Date of birth 、 nation 、 Address and other information .
prove , It is usually the issuer's digital signature , Guaranteed this VC Can be verified , prevent VC The content is tampered with and verified VC The issuer of .

The following is an official VC Specific examples of ：

{
    
  // VC The content follows JSON-LD standard 
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
  ],
  //  Ben VC Unique identification of , That's the certificate ID
  "id": "http://example.edu/credentials/1872",
  // VC Format of content 
  "type": ["VerifiableCredential", "AlumniCredential"],
  //  Ben VC The issuer of 
  "issuer": "https://example.edu/issuers/565049",
  //  Ben VC The release time of 
  "issuanceDate": "2010-01-01T19:73:24Z",
  // VC The specific content of the statement 
  "credentialSubject": {
    
    //  Of the declared person DID
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    //  Asserted content of the declaration 
    "alumniOf": {
    
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": [{
    
        "value": "Example University",
        "lang": "en"
      }, {
    
        "value": "Exemple d'Université",
        "lang": "fr"
      }]
    }
  },
  //  To the original VC The proof of 
  "proof": {
    
    //  Signature algorithm 
    "type": "RsaSignature2018",
    //  Signature creation time 
    "created": "2017-06-18T21:19:10Z",
    //  The purpose of this certificate is 
    "proofPurpose": "assertionMethod",
    //  Verify the public key of this signature ID
    "verificationMethod": "https://example.edu/issuers/keys/1",
    //  Contents of digital signature 
    "jws": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..TCYt5X
      sITJX1CxPCT8yAV-TVkIEq_PbChOMqsLfRoPsnsgw5WEuts01mq-pQy7UJiN5mgRxD-WUc
      X16dUEMGlv50aqzpqh4Qktb3rk-BuQy72IFLOqV0G_zS245-kronKb78cPN25DGlcTwLtj
      PAYuNzVBAh4vGHSrQyHUdBBPM"
  }
}

because VC Has the user's privacy information in , therefore VC Usually stored in private storage , For example, in the user's own mobile phone , Or the network address that needs authorization . In addition to the data given in the previous example , our VC It can also have an expiration date , For example, our ID cards are generally 10 Effective in , After expiration, you need to re apply to the issuer for a new VC.

Verifiable expression (VP)

Verifiable presentation abbreviation VP, The verifiable expression is VC The holder presents his own identity data to the verifier . In general , Let's just show VC The full text is sufficient , But in some cases , For privacy protection , We don't need to show the complete VC Content , We only want to selectively disclose certain attributes , Or do not disclose any attributes , Just prove an assertion .

For example, a job seeker wants to enter an office building for an interview , The security guard of the office building requires to register the ID card number and name , But our VC It also includes ethnic groups 、 Address and other information , Our job seekers don't want to expose their address to the security , So he provided it to the security guard VP Should only selectively disclose the ID card number and name , No other information is disclosed .
Another example is that we stipulate that you must be at least 18 You can only buy cigarettes at the age of , So a consumer must prove that he has reached the age of... When buying cigarettes 18 year , But showing your ID card directly to the cashier will expose too much private information , Even if the birthday attribute is selectively disclosed , It will also let the cashier know the specific age and birthday date of the consumer , In this case, consumers only want to VP Prove yourself to be greater than 18 year , No other information should be exposed .

VP The format is ：
Insert picture description here

VP Metadata , It mainly includes version , Ben JSON Information such as the type of the object
VC list , To be displayed VC The content of , In case of selective disclosure or privacy protection , May not contain any VC.
prove , The main thing is that the holder of this VP Signature information for

The following is a specific official VP Example ：

{
    
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
  ],
  "type": "VerifiablePresentation",
  //  Ben VP Contains VC The content of 
  "verifiableCredential": [{
    
    "@context": [
      "https://www.w3.org/2018/credentials/v1",
      "https://www.w3.org/2018/credentials/examples/v1"
    ],
    "id": "http://example.edu/credentials/1872",
    "type": ["VerifiableCredential", "AlumniCredential"],
    "issuer": "https://example.edu/issuers/565049",
    "issuanceDate": "2010-01-01T19:73:24Z",
    "credentialSubject": {
    
      "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
      "alumniOf": {
    
        "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
        "name": [{
    
          "value": "Example University",
          "lang": "en"
        }, {
    
          "value": "Exemple d'Université",
          "lang": "fr"
        }]
      }
    },
    "proof": {
    
      "type": "RsaSignature2018",
      "created": "2017-06-18T21:19:10Z",
      "proofPurpose": "assertionMethod",
      "verificationMethod": "https://example.edu/issuers/keys/1",
      "jws": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..TCYt5X
        sITJX1CxPCT8yAV-TVkIEq_PbChOMqsLfRoPsnsgw5WEuts01mq-pQy7UJiN5mgRxD-WUc
        X16dUEMGlv50aqzpqh4Qktb3rk-BuQy72IFLOqV0G_zS245-kronKb78cPN25DGlcTwLtj
        PAYuNzVBAh4vGHSrQyHUdBBPM"
    }
  }],
  // Holder To the original VP Signature information for 
  "proof": {
    
    "type": "RsaSignature2018",
    "created": "2018-09-14T21:19:10Z",
    "proofPurpose": "authentication",
    "verificationMethod": "did:example:ebfeb1f712ebc6f1c276e12ec21#keys-1",
    // challenge and domain It is designed to prevent replay attacks 
    "challenge": "1f44d55f-f161-4938-a659-f8026467f126",
    "domain": "4jt78h47fh47",
    "jws": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..kTCYt5
      XsITJX1CxPCT8yAV-TVIw5WEuts01mq-pQy7UJiN5mgREEMGlv50aqzpqh4Qq_PbChOMqs
      LfRoPsnsgxD-WUcX16dUOqV0G_zS245-kronKb78cPktb3rk-BuQy72IFLN25DYuNzVBAh
      4vGHSrQyHUGlcTwLtjPAnKb78"
  }
}

DiD Use process of

Scene description

Xiao Ming is a fresh graduate who just graduated from university , On the day of graduation, the school issued the graduation certificate to Xiao Ming's corresponding digital identity , Xiao Ming went to the company the next day after he got his diploma , One of the links , company HR It is required to verify Xiao Ming's academic information , Verification complete , Xiaoming has successfully joined the company .

Generally, the school will issue two certificates: graduation certificate and degree certificate , Here, for simplicity's sake , Just ignore the diploma

step1: Xiao Ming generates DID Identification and DID file

Xiao Ming wants to get a graduation certificate issued by the school , Then he must have his own DID, So he first downloaded a digital identity mobile phone APP, Then create an account . The process of creating an account is to generate a random private key and corresponding public key in the mobile phone . Here we assume that our DID The rules for identification are “did:cid: ID number ”, So Xiao Ming is APP Enter your ID card number in , It generates a DID identification ：

did:cid:511112200001010015

It also generates a DID file , The contents are as follows ：

{
    
"@context": "https://w3id.org/did/v1",
"id": "did:cid:511112200001010015",
"version": 1,
"created": “2020-12-08T16:02:20Z",
"updated": “2020-12-08T16:02:20Z",
"publicKey": [
{
    
"id": "did:cid:511112200001010015#keys-1", "type": "Secp256k1", "publicKeyHex": "02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71" },
{
     "id": "did:cid:511112200001010015#keys-2", "type": "Secp256k1", "publicKeyHex": "e3080168ee293053ba33b235d7116a3263d29f1450936b71" } ],
"authentication": ["did:cid:511112200001010015#key-1"],
"recovery": ["did:cid:511112200001010015#key-2"],
"service": [
{
    
"id": "did:cid:511112200001010015#resolver", "type": "DIDResolve", "serviceEndpoint": "https://did.studyzydemo.com" } ],
"proof": {
    
"type": "Secp256k1", "creator": "did:cid:511112200001010015#keys-1", "signatureValue": "QNB13Y7Q9...1tzjn4w==" } }

Here we should DID Two public keys are set , One is Xiaoming's own , Used for authentication signature, etc ,Key2 It is managed by the system , Used when the mobile phone is lost or the user's private key is lost due to the system crash , Help Xiao Ming find his DID, Bind to a new public key .

Proof Part is that Xiao Ming uses himself APP The private key inside is right for this DID Signature of the document . If we want to further enhance security , Can be proof Part of it is signed by the public security organ .

DID After the document is generated ,APP Will be the DID And documents are chained to the blockchain deposit , Once the chain is up , Everyone can find Xiaoming's this DID And documentation . The blockchain here is generally an alliance chain , Not all data can be written at will , Therefore, Xiao Ming must use his own ID number to verify that he is really himself before going online , To prevent others from falsely using Xiao Ming's ID number .

step2:Issuer The school issues graduation certificate VC To Xiao Ming

The school itself has its own DID, Because the school is issued by the education system DID, So the rules and Xiao Ming as a Chinese citizen DID The rules are different , For example, School DID The sign is ：

did:cedu:uestc

This DID It was not signed by the school itself , It was signed by the Ministry of education ( From the Ministry of education DID yes did:corg:moe), We can find this in the blockchain DID Corresponding DID The documents are as follows ：

{
    
"@context": "https://w3id.org/did/v1",
"id": “did:cedu:uestc",
"version": 1,
"created": “2020-12-08T16:02:20Z",
"updated": “2020-12-08T16:02:20Z",
"publicKey": [
{
    
"id": “did:cedu:uestc#keys-1", "type": "Secp256k1", "publicKeyHex": "3053ba33b235d7116a3e3080168ee293053ba33b235d7116a33053ba33b235d7116a3" },
{
     "id": “did:cedu:uestc#keys-2", "type": "Secp256k1", "publicKeyHex": "e293053ba3053ba33b235d7116a3263d29fe293053ba" } ],
"authentication": [“did:cedu:uestc#key-1"],
"recovery": [“did:cedu:uestc#key-2"],
"service": [
{
    
"id": “did:cedu:uestc#resolver", "type": "DIDResolve", "serviceEndpoint": "https://did.studyzydemo.com" } ],
"proof": {
    
"type": "Secp256k1", "creator": "did:corg:moe#keys-1", "signatureValue": "QNB13Y7Q9...1tzjn4w==" } }

Of all accredited universities DID It's all by did:corg:moe This DID Created , So this is equivalent to the traditional root CA, We just need to trust this DID Created DID, It can be regarded as a regular university .

Go back to the issue of graduation certificates VC, According to Xiao Ming's learning situation （ Admission time 、 Graduation time 、 major 、 Whether to complete the course or not ） And Xiaoming's own DID, Generate VC as follows ：

{
    
  // VC The content follows JSON-LD standard 
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
  ],
  //  Ben VC Unique identification of , That's the certificate ID
  "id": "uestc/alumni/12345",
  // VC Format of content 
  "type": ["VerifiableCredential", "AlumniCredential"],
  //  Ben VC The issuer of 
  "issuer": "did:cedu:uestc",
  //  Ben VC The release time of 
  "issuanceDate": "2010-07-01T19:73:24Z",
  // VC The specific content of the statement 
  "credentialSubject": {
    
    //  Of the declared person DID
    "id": "did:cid:511112200001010015",
    //  The content of the statement : University one is graduated from 、 major 、 Degree, etc 
    "name":" Xiao Ming ",
    "alumniOf": {
    
      "id": "did:cedu:uestc",
      "name": [{
    
        "value": " University of electronic technology ",
        "lang": "cn"
      }]
    },
    "degree":" Master's degree ",
    "degreeType":" engineering course ",
    "college":" school of computing "
  },
  //  To the original VC The proof of 
  "proof": {
    
    "creator": "did:cedu:uestc#keys-1",
    "type": "Secp256k1",
    "signatureValue": "3044022051757c2de7032a0c887c3fcef02ca3812fede7ca748254771b9513d8e2bb"
  }
}

The main thing here is credentialSubject Contents of the certificate and proof Issue the certificate issued by the school . This VC After generation, it will be passed to Xiao Ming , Xiao Ming can choose to store this content on his mobile phone APP in , You can also choose to store on the cloud , Read it later when you need to use it .

step3:Holder Xiao Ming submits his academic credentials VP to Verifier company HR

Next, Xiao Ming came to the new company to join , On the day of entry, you need to submit the academic certificate to the company HR, So Xiaoming generated based on the previous step VC Pack it again , Generate VP,VP Is as follows ：

{
    
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
  ],
  "type": "VerifiablePresentation",
  //  Ben VP Contains VC The content of 
  "verifiableCredential": [{
    
    "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
  ],
  "id": "uestc/alumni/12345",
  "type": ["VerifiableCredential", "AlumniCredential"],
  "issuer": "did:cedu:uestc",
  "issuanceDate": "2010-07-01T19:73:24Z",
  "credentialSubject": {
    
    "id": "did:cid:511112200001010015",
    "name":" Xiao Ming ",
    "alumniOf": {
    
      "id": "did:cedu:uestc",
      "name": [{
    
        "value": " University of electronic technology ",
        "lang": "cn"
      }]
    },
    "degree":" Master's degree ",
    "degreeType":" engineering course ",
    "college":" school of computing "
  },
  "proof": {
    
    "creator": "did:cedu:uestc#keys-1",
    "type": "Secp256k1",
    "signatureValue": "3044022051757c2de7032a0c887c3fcef02ca3812fede7ca748254771b9513d8e2bb"
  }
  }],
  // Holder Xiao Ming to Ben VP Signature information for 
  "proof": {
    
    "type": "Secp256k1",
    "created": "2010-07-02T21:19:10Z",
    "proofPurpose": "authentication",
    "verificationMethod": "did:cid:511112200001010015#keys-1",
    // challenge and domain It is designed to prevent replay attacks 
    "challenge": "1f44d55f-f161-4938-a659-f8026467f126",
    "domain": "4jt78h47fh47",
    "jws": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..kTCYt5
      XsITJX1CxPCT8yAV-TVIw5WEuts01mq-pQy7UJiN5mgREEMGlv50aqzpqh4Qq_PbChOMqs
      LfRoPsnsgxD-WUcX16dUOqV0G_zS245-kronKb78cPktb3rk-BuQy72IFLN25DYuNzVBAh
      4vGHSrQyHUGlcTwLtjPAnKb78"
  }
}

Here's the easy part , Just simply submit the whole graduation certificate , therefore VP We just need to put VC Check in , Last proof Where Xiaoming uses himself APP Inside the private key to sign , Table name this VP Xiao Ming created it himself . This VP After generation, Xiaoming needs to convert the whole VP To the new company HR.

step4:Verifier company HR Xiaoming's VP

company HR As the verifier, after receiving the VP First verify Proof Field , Guarantee VP It was submitted by Xiao Ming , And has not been tampered with . Next, extract the VC Content , Yes VC To verify , The verification process is as follows ：

from proof Of creator Of the issuer DID：did:cedu:uestc
The... Can be queried through the blockchain DID Documents , There is a list of its creator and public key in the document , Among them, we take keys-1 The corresponding public key .
Created by did:corg:moe, It's believable DID, So it creates DID They are credible .
We will further reuse did:corg:moe Go to the blockchain to read DID file , And get the public key , Use this public key pair did:cedu:uestc Verify the signature of the corresponding document , Make sure it is not tampered with .
Verification passed , We'll use did:cedu:uestc The public key of Xiaoming submitted VC Do signature verification , Verification passed , It indicates that the certificate is indeed trusted UESTC Issued by the .
HR Check VC Content provided in , Is it consistent with the resume submitted by Xiao Ming , Check complete , Go through the next step of induction procedures .

In the above verification process, we need to verify the signature at least three times . verification VP It was submitted by Xiao Ming , verification VC yes UESTC Issued by the , verification UESTC Of DID yes MOE Created , and MOE Is in the trusted list of the verifier's system , Therefore, the certificate submitted by Xiao Ming is reliable .

Selective disclosure of user attributes

We generate in the simplest way DID, Issued by VC, verification VP The process introduces DID Usage of , But in real life , We don't always want to put the whole document directly VC Show it to the verifier , For example, when we go to a hotel , You need to register your name 、 ID number information , But if we give our ID card directly to the receptionist , The receptionist can see our nation 、 Address and other information , For the average of us , Maybe it doesn't matter , If it were a star 、 Public figures go to hotels , Then the front desk staff may secretly write down the address information or disclose it to the Internet for various reasons , Bring all kinds of troubles to my life . So what can we do ？ Selective disclosure of user attributes can reduce risk .

We obtained our ID card from the public security organ with Xiaoming VC, Then when I stay in a hotel , Just show me your name 、 Photo and ID number , Do not disclose nationality and address （ Because there is already a birthday in the ID card number , So we ignore the birth date attribute ） For example , Explain the process of selective disclosure of user attributes .

Prepare knowledge 1： Ms merkel tree

The purpose of Merkel tree is to form a short fingerprint of all transactions in a block （ Merkel Gen , Hash value ）, And put this fingerprint on the block , Any tampering with the transaction will result in fingerprint changes . The reason why we use the Merkel tree instead of directly hashing all transactions in the block is that we want to be able to perform fast and simple payment verification （SPV）.

We use 4 Take the Merkel tree composed of transactions as an example , We need to verify Data2 Whether it is included in the block , Just give ：

Raw data to be verified ：Data2
Index of the location of the data to be verified ：1 （ Index to 0 Start , therefore Data2 The index of is 1）
Verify the path ：[Hash1,Hash34]
Merkel Gen ：MerkleRoot

Through this 4 Parameters , We can confirm Data2 Whether it is included in this tree .
Insert picture description here

Prepare knowledge 2： Infinite sequence based on seed

Based on the aforementioned Merkel tree and Merkel verification , We can use user attributes as Data The Merkel tree is partially computed , For example, we need to build a Merkel tree for the attributes on the ID card ：
Insert picture description here

Based on the above Merkel tree , We can just expose birthdays , Without exposing other fields , Then give the verification path , So as to prove the authenticity of birthday data . But there is a potential privacy breach , Is that we will expose Hash1, The attacker can exhaust all ethnic data , Work out each nation's Hash And then compare them , So that I don't want to expose ” nation “ attribute . So what to do ？ The easiest way is to add dots to each field ” salt “.

Before the user generates the Merkel tree , Mr. need to be a random seed , And save the seed data , And then generate based on this seed N A sequence of （N It depends on the number of leaf nodes of our Merkel tree ）, Because our seeds are randomly generated , So we can think of this sequence as random . The simplest way is to use hash functions , The last data is continuously updated Hash, To get the next data . Here is my sequence generation function

func GenerateSequence256(seed []byte, count int) [][]byte {
    
    result := [][]byte{
    }
    current := seed
    for i := 0; i < count; i++ {
    
        current = getHash(current)
        result = append(result, current)
    }
    return result
}

func getHash(input []byte) []byte {
    
    h := sha256.New()
    h.Write(input)
    return h.Sum(nil)
}

With this infinite random sequence , Then we can add salt to every Merkel tree leaf node , As shown in the figure below ：
Insert picture description here

Now we Hash Values are calculated after adding salt , So it is impossible to collide with the original data .

step1: Generate VC

Based on the above two knowledge points , We are preparing VC Data time , In addition to giving each attribute in the certificate , Also need to give ： Random seeds seed, Merkel Gen , The signature of the issuing authority on Merkel . Let's take the ID card as an example , Then the ID card issued to us by the public security organ VC As shown below ：

{
    
  // VC The content follows JSON-LD standard 
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://studyzyexamples.com/identity/v1"
  ],
  //  Ben VC Unique identification of , That's the certificate ID
  "id": "vc511112200001010015",
  // VC Format of content 
  "type": ["VerifiableCredential", "Identity"],
  //  Ben VC The issuer of 
  "issuer": "did: police ID",
  //  Ben VC The release time of 
  "issuanceDate": "2010-07-01T19:73:24Z",
  // VC The specific content of the statement 
  "credentialSubject": {
    
    //  Of the declared person DID
    "id": "did:cid:511112200001010015",
    //  The content of the statement : full name 、 Gender 、 Birthday 、 nation 、 Address, etc 
    "name":" Xiao Ming ",
    "gender":" male ",
    "birthdate":"2000-01-01",
    "nation":" han ",
    "address":"A province B City C District D The street xxx Number ",
    // Next comes the number of seeds 、 Merkel Gen 、 Signature of the police 
    "seed":"23523865082340324",
    "merkleRoot":"ea59a369466be42d1a4783f09ae0721a5a157d6dba9c4b053d407b5a4b9af145",
    "rootSignature":"3066022051757c2de7032a0c887c3fcef02ca3812fede7ca748254771b9513d8e266",
    "signer":"did: police ID#keys-1"
  },
  //  To the original VC The proof of 
  "proof": {
    
    "creator": "did: police ID#keys-1",
    "type": "Secp256k1",
    "signatureValue": "3044022051757c2de7032a0c887c3fcef02ca3812fede7ca748254771b9513d8e2bb"
  }
}

We should note that Merkel's signature is not in proof In the field , But in credentialSubject Inside ,proof The signature inside is for the whole VC Signature of data , and rootSignature It is the signature of the public security organ on the root hash of the constructed Merkel tree .

step2: Generate VP

Next, suppose Xiao Ming wants to take part in a free gift giving activity on his birthday , The activity party shall verify Xiao Ming's date of birth , So Xiao Ming can follow the previous step VC, Generate corresponding VP, Only the birthday field is exposed , Other identity attributes are not exposed , Examples are as follows ：

{
    
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://studyzyexamples.com/identity/v1"
  ],
  "type": "VerifiablePresentation",
  //  Ben VP Contains VC The content of 
  "verifiableCredential": [{
    
    "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://studyzyexamples.com/identity/v1"
  ],
  "id": "vc511112200001010015",
  "type": ["VerifiableCredential", "Identity"],
  "issuer": "did: police ID",
  "issuanceDate": "2010-07-01T19:73:24Z",
  "credentialSubject": {
    
    "id": "did:cid:511112200001010015",
    // The following is an optional disclosure 
    "birthdate":"2000-01-01",
    // The following is the data to verify the validity of the disclosure field 
    // The index of the data in the Merkel tree 
    "dataIndex":2,
    // The value of salt added in this data 
    "salt":"6b264354ed367ced527a86d38f75f9c3888bd3939f548cc48d93af435890b84a",
    // Merkel verifies the path 
    "merklesibling":"34b64151443c3124620bf4ff69a05e97d580f0878b374b8343c6a5c3d8223435 9d2b5b35ccb5bf18747c1f5dc05771c68ce613e6eb0c5f5ef77cec8ba3e9da67 bb82c63d4e21525125bf66a6724fbb4dcbded26aae2baa2633235dc12730016e",
    // Merkel root hash 
    "merkleRoot":"ea59a369466be42d1a4783f09ae0721a5a157d6dba9c4b053d407b5a4b9af145",
    // The signature of the public security organ to Merkel 
    "rootSignature":"3066022051757c2de7032a0c887c3fcef02ca3812fede7ca748254771b9513d8e266",
    // Which public security organ do you use Key Signed by 
    "signer":"did: police ID#keys-1"
  },
  
  }],
  // Holder Xiao Ming to Ben VP Signature information for 
  "proof": {
    
    "type": "Secp256k1",
    "created": "2010-07-02T21:19:10Z",
    "proofPurpose": "authentication",
    "verificationMethod": "did:cid:511112200001010015#keys-1",
    // challenge and domain It is designed to prevent replay attacks 
    "challenge": "1f44d55f-f161-4938-a659-f8026467f126",
    "domain": "4jt78h47fh47",
    "jws": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..kTCYt5
      XsITJX1CxPCT8yAV-TVIw5WEuts01mq-pQy7UJiN5mgREEMGlv50aqzpqh4Qq_PbChOMqs
      LfRoPsnsgxD-WUcX16dUOqV0G_zS245-kronKb78cPktb3rk-BuQy72IFLN25DYuNzVBAh
      4vGHSrQyHUGlcTwLtjPAnKb78"
  }
}

Here we give the fields for selecting disclosure birthdate, Then several essential fields to be verified by Merkel are given ：

“birthdate”:"2000-01-01”, The content of the original data to be disclosed .
dataIndex, The disclosure field is indexed in the leaf section when constructing the Merkel tree , Because we press here ： full name 、 Gender 、 Birthday 、 nation 、 Address sorting , So the index value of birthday is 2.
salt, Yes birthdate The salt added to this field , This data can be used by Xiaoming according to his own VC Medium seed and dataIndex To calculate the .
merkleSibling Is the path required for Merkel verification , As mentioned earlier 4 individual Data For example , If we want to calculate Data2 Validation path for , So that is Hash1,Hash34.
merkleRoot Merkel Gen , This will not be repeated .
rootSignature and signer To verify Merkel's legitimacy .merkleRoot、rootSignature、signer Verification passed , It means that Merkel root is certified by the Ministry of public security .

step3: verification VP

When the merchant receives the VP after , Step by step verification is required , It mainly consists of the following steps ：

1. According to Xiao Ming's DID Get Xiaoming's from the blockchain DID file , Get the public key from , verification VP The signature is authentic and valid .
2. according to VC Medium issuer, Get the public security organs' information from the blockchain DID file , Get the public key from the document , It is also verified that DID Is a credible DID.
3. According to the public key of the public security department , Verify whether Merkel's signature is correct .
4. For disclosure fields 、Dataindex、Salt、MerkleSibling、MerkleRoot And so on , Ensure that the disclosure field is certified by the public security organ .
5. All the above steps have passed the verification , Show credible disclosures ：“birthdate”:"2000-01-01”.

The merchant has verified Xiao Ming's date of birth , But no identity information other than the date of birth was obtained , Thus, selective disclosure is realized .

DID Application

Secure login without password

This usage scenario should be familiar to everyone , It is similar to wechat code scanning login , When we want to register or log in to a website , There is no need to fill in the user name 、 password 、 E-mail messages , Just use the digital ID in your mobile phone APP Scan the QR code of the login page , And then in APP The message after scanning will pop up in the , Select confirm login . Use DID Of APP The difference from the traditional wechat code scanning login is DID The identity information of the user in is owned by the user , The identity information of wechat scanning code login is mastered by Tencent , If one day Tencent banned your wechat account , Then you will not be able to log in to all the websites you previously logged in with wechat . and DID There will be no such problem , Because no one can ban your DID. Use DID The process of realizing password free login is as follows ：

The user opens the website to log in to , The web server generates a with random assignment ID、 Website DID、 Web server URL Two dimensional code .
The user unlocks DID APP, And scan the QR code on the website .
APP Get... In the QR code ID And the server URL, Generate login request , And use the website DID Go to blockchain query DID file , Get the public key of the web server , Encrypt the request data with the public key , Send to web server .
The web server decrypts the login request with the private key , And query in the blockchain DID Corresponding DID file , Get the public key from , Verify the signature with the public key , Make sure DID For the corresponding user .
Web server validation passed , Refresh the login page to login status .

From the whole process, we can see , The server does not know the user's password , And you can't get anything other than users DID and DID Any information outside the documentation , Thus, the security of users' privacy data is ensured . Never worry again XX Website user information is leaked or password is hit by hackers , Login other websites to steal useful information .

Identity Authentication

In a large number of networks involving value , Especially the network of financial products , It is required to do well KYC and AML. In especial KYC, You need to get some identity information of the user , And every time you register a financial website, you need to authenticate your identity information. It's very complicated , Use DID Authentication can simplify the process . With a certain Internet finance APP For example , If a new user wants to invest in it , Then you need to provide the mobile phone verification code 、 ID photo verification 、 Face recognition verification 、 Video recording and other procedures . And if the user goes to another Internet Finance APP Inside , Again, we have to carry out relevant verification , Very troublesome . And if it's based on DID, The procedure of identity authentication can be greatly simplified . Of course, the premise of identity authentication is ： police 、 University and other identity information 、 The certification authority has VC Generate , Concurrent to the user . Users will VC Stored in your own cloud space or your own mobile phone .

When a user logs in without a password APP after , The process of real name authentication is as follows ：

Users log on to the website or APP Or the merchant clicks the authentication button .
The server is based on business requirements , Generate a request for information that requires authentication , And send the request to the user in QR code or other ways DID Of APP.
DID APP After receiving the authentication request , Inquiry Book DID Whether there are... That meet the requirements VC, Whether there are corresponding fields , If the requirements are met , Display the contents of the authentication , And request the user to unlock the private key through fingerprint or password for signature , To generate VP.
The user confirms that the information is correct , Unlock the private key , Generate VP, And will VP In the form of QR code or direct return to the merchant server , Send to merchant server .
Merchant server received VP after , verification VP The signature is correct , Meet the verification requirements , Show that the verification passed . The merchant server will VP preservation , And associate users DID.

In addition to the financial scenario KYC outside , As we have already cited, the company needs to verify its academic qualifications when entering the company 、 Verify your identity when you check in 、 Verify that you are older than when you buy cigarettes and alcohol 18 year , Verify student identity and enjoy student discounts when purchasing scenic spot tickets

Electronic signature

In the traditional electronic signature scheme , Users need to prefabricate one U shield , The U The shield contains the private key assigned to the user and the certificate issued to the user , Each signature needs to be inserted U shield , Installing a plug-in , For normal use . And based on U The electronic signature scheme of Dun has the following problems ：

1. It takes a long time to prepare U shield （ Make a certificate ）, So you can't apply immediately , Use immediately .
2.U The shield must be carried with you , And users generally only have the habit of taking their mobile phones with them , I didn't take it with me U The habit of shield .
3. The signer may modify the original document after signing for the first time , Then sign again , Still verified

Based on digital identity DID Our electronic signature scheme can solve the three problems mentioned above . Its use process is as follows ：

The user creates a good through his own mobile phone DID after , First send a request to the trusted issuer , get VC, And will VC Stored on the client side . The VC It's like tradition PKI System certificate file .
After reviewing the document and confirming that there is no problem , Computing documents Hash, Document Hash And other summary information are sent to by QR code or other means DID APP in .
DID APP Ask the user to unlock the private key , And sign the document hash with the private key , At the same time ：DID、 file Hash、 The signature value is chained .
PC End retrieval blockchain , Obtain the linked in the previous step DID、 Signature value and other information , Verification passed , Display the signature results in the document .

In the above steps , because VC The generation and download of are software implementation , So there is no need to wait for a long time U Shield making ; And the private key is saved to the mobile phone through encryption , You don't have to take one with you U shield ; The signature result is directly linked , Prevent tampering , Prevent the signer from signing multiple versions of the same document

Personal privacy protection

Selective disclosure of user identity attributes and zero knowledge proof , The user only discloses the information required by the verifier when displaying the certificate , Instead of exposing all the information of the entire Certificate , Thus, the purpose of personal privacy protection is realized

There is a further kind called PDC（ Personal data center ） The plan , Personal data is encrypted and stored in the personal data center and connected with the personal data center DID relation , Everyone is responsible for their own data , When it is necessary to obtain some privacy data of users , Need to DID To decrypt access .

Internet of things logo

The application scenarios mentioned above are all aimed at human identity , actually IOT with DID Make a close connection , We give it to each IOT Devices are assigned their unique IDD, Based on the Internet of things + Blockchain +DID structure ： Traceability of commodities 、 Car networking 、 Intelligent manufacturing 、 Smart city and other application scenarios .

Take manufacturing machines in the manufacturing industry as an example , Every machine has a DID, The DID It is generated by the manufacturer of the machine and assigned to each machine , A lot of production data will be produced when the machine is running , The machine will sign the data , Transfer non sensitive production data 、 Signature results and DID Upper chain . The manufacturer of the machine can know the operation of the machine according to the data on the chain , It is convenient for better after-sales maintenance service . When a business needs a loan , The bank can use the production data on the blockchain , With the endorsement of the machine manufacturer , Judge the production and operation of the enterprise , Assess loan risk .

Let's take the Internet of things anti-counterfeiting traceability of high-value commodities as an example , When every commodity is made , The merchant is for it IOT The device produces a private key and creates a unique DID. Because the private key cannot be copied for export , So only the blockchain can be registered DID Our products are authentic . And the DID You can map the corresponding non homogeneity token , Express the circulation process of commodities in the form of digitalization .

Take one with you U shield ; The signature result is directly linked , Prevent tampering , Prevent the signer from signing multiple versions of the same document