DIDs are Dead
On September 1st, 2021 a member of the W3C Advisory Committee filed their response to the “Call for Review” of the Decentralized Identifiers v1.0 Specification (DID core spec). In short, the conclusion of the reviewer is a formal objection and recommendation that the proposed specification not be published as an official recommendation. This is big news, good for some people, bad for others, but the implications of this decision aren’t what this article is about. Instead I want to go over each of the points in the formal objection and discuss alternatives.
Before digging in, I want to first say that I fully agree with this rejection of the proposed DID standard for largely the same reasons the W3C reviewer cites. Over the last couple of years I have been very critical of the developing DID standards at the W3C because they aren’t decentralized, they don’t preserve privacy, and they don’t scale. I co-founded a company called CryptID Technologies to build a set of “crypto-systems building blocks” that combine to build truly decentralized systems for managing the provenance of data and building, upon that, operational systems that are fully user sovereign. The result of that work is a way of thinking and a set of solutions for what we call The Authentic Data Economy.
The stage is now set for transmitting trust in the form of authentic data over the Internet. Not only that, but the standardization and adoption of provenance logs and the associated cryptographic techniques¹ ² ³ ⁴ ⁵ ⁶ — the tech that makes authentic data possible — sets us up to re-invent all electronic commerce to operate on cryptographic abstractions of authentic data instead of the data itself. It’s something I call “zero architecture” because it involves zero-trust security techniques to link together systems that operate exclusively on zero-knowledge proofs calculated from authentic data and contain zero personally identifiable information (PII) in them. That small shift in architecture makes it possible to achieve absolute privacy for the participants in e-commerce while driving out fraud, automating regulatory compliance, and eliminating surveillance capitalism altogether.
The W3C Advisory Committee’s objections have largely been known for a while: there is no practical interoperability between DID methods, the DID method registry encourages divergence versus convergence and the different DID methods have become a set of opaque data silos that prevent data portability across them. None of that is new and the links to those discussions are above. What I want to talk about instead is the final criticism that proof-of-work methods (e.g. blockchains and the huge amount of energy they consume) are harmful for sustainability and the DID methods that rely upon them perpetuate the problem rather than mitigate it.
This is an interesting criticism and one that doesn’t usually take center stage at DID core spec meetings. One of the goals of CryptID’s tech stack is to be fully decentralized and scalable by taking blockchains out of the critical path. It is widely understood that there must be a trust “anchor” that stores data that is either impossible to change — or nearly so. This anchor is used to prove the existence — in time and space — of provenance logs and their associated data. One thing we learned along the way was that the trust anchor only has to span the domains in which the authentic data is used; we call this the “span of trust”. To be more specific, the trust anchor must be available to the zero architecture systems processing zero-knowledge proofs based on the authentic data possessed by the participants. What this means is that reliance on proof-of-work public blockchains is not baked into the authentic data economy like it is in most of the DID methods that use the DID core spec. The list of “zeros” in the zero architecture approach could also include zero proof-of-work.
In most applications of zero architecture, the span of trust is local, not global. Based on what I know about distributions and decentralization, I would expect a power law distribution in the sizes of spans of trust with the smallest spans of trust — the local ones — making up the vast majority of systems with only a few that truly need a global span of trust. In the few systems with a global span of trust, any public blockchain can be used, and even if a proof-of-work blockchain such as Bitcoin is chosen, our innovative use of accumulators for proofs of existence and non-revocation effectively makes infinite the transaction rate of the underlying blockchain. Unlike sidetree and other Merkle Tree based solutions that many DID methods are using, pairing-based elliptic curve accumulators can contain an infinite number of data anchors without growing any larger than 32 bytes. Assuming practical numbers for the accumulators required to anchor billions of pieces of authentic data created by billions of systems, the napkin math shows the accumulator approach is roughly an 8 magnitude reduction in the storage requirements over the other approaches.
To put a finer point on all of this, by abandoning the flawed DID core spec and all of the attendant W3C proposed standards, we have been able to eliminate the requirement for using a blockchain for anchoring trust and even in the few cases where a global span of trust is required and a proof-of-work blockchain is used, we have cryptographic techniques for amortizing the cost in resources over many many many pieces of authentic data. This translates directly into much more sustainable use of energy resources for both consensus around, and storage of, authentic data. There is even hope that recent research on the use of accumulators in blockchains may give us similar guarantees as proof-of-work without the proof-of-work energy consumption. One of my favorites at the moment is The Mina Protocol.
DIDs are dead. But there are alternatives. CryptID Technologies is currently working closely with other like minded organizations in the Applied Crypto Working Group at the Decentralized Identity Foundation. We are open sourcing all of our building blocks and hoping to create IETF standards around the protocols and file formats needed to build the authentic data economy and zero architecture systems.
About CryptID Technologies
Founded by four industry veterans that have been part of the S̵S̵I̵ authentic data community since the beginning. We come from leadership roles in organizations like Hyperledger and Sovrin as well as projects such as Hyperledger Ursa, Indy, and Aries. Our mission is to break new ground and solve the perpetual problems of scalability, privacy and sustainability that hang over the existing design and products, preventing widespread adoption. For almost two years now, we have been leading thinkers on decentralization and user sovereign crypto-systems design. In addition to our consulting business we have two new products — built with our open source crypto-systems building blocks — that bring next generation API security and cryptographic services to any system. They represent the first step in migrating everything towards zero architecture. Or Jackelope API security product replaces solutions such as API tokens and OpenID and AuthZ, upgrading systems to support anonymous and secure client access to services. Our Yeti secrets-as-a-service product provides distributed key generation and management and supports all of the standard encryption algorithms as well as the new signature schemes (e.g. BBS+, Pointcheval-Sanders, etc) critical to the success of zero-knowledge proof operations. If you’re interested — even just a little bit — please email me personally at dwh@cryptid.tech or come by a meeting of the Applied Crypto Working Group. I’d love to meet you and answer your questions and have some fun. It is exciting to work on technology that is doing things never before possible.