Learning Series #2: Deciphering Concordium Web3ID and Polygon

November 1, 2023

In this learning series article we’re aiming to deconstruct Polygon and highlight the main technology similarities and differences between Polygon and Concordium.

Polygon is a Layer 2 scaling solution, that operates in tandem with the Ethereum blockchain, offering users swift and cost-effective transactions. At the heart of this ecosystem is MATIC, the native cryptocurrency, which serves various purposes such as covering fees and enabling staking. Polygon mainly addresses the challenge of escalating transaction fees on the Ethereum blockchain due to its popularity in hosting economic activities, including NFT markets and DeFi projects. By integrating with Ethereum, Polygon acts as a parallel blockchain, allowing users to bridge their cryptocurrencies to Polygon and access a wide array of crypto applications that were previously confined to the main Ethereum network, offering an affordable solution for crypto enthusiasts and investors.

Concordium is shaping the landscape with a unique perspective. As a public Layer 1 blockchain, its focus on privacy and accountability through its ID layer is a beacon of innovation. The connection it establishes between wallets and real-world identities, fortified by third-party verification and ingenious zero-knowledge proofs, weaves a tapestry of trust while preserving the essence of privacy. This strategic path resonates across diverse sectors — from the global economy to the intricacies of finance, the transformative potential of DeFi, the immersive realms of virtual experiences, and the dynamic world of gaming.

Identity Focus on Both Chains

Concordium and Polygon ID each offer an identity infrastructure designed to enhance the security and trustworthiness of interactions between users and applications, all the while adhering to the core tenets of self-sovereign identity and privacy. Despite their shared objectives, both platforms exhibit subtle yet noteworthy distinctions in their technological approaches. Let’s break down Polygon ID and Web3ID by Concordium in the following paragraphs.

Polygon ID

Figure 1. Triangle of Trust https://0xpolygonid.github.io/tutorials/

Polygon ID employs zero-knowledge proofs to allow users to prove their identity without revealing their private information, thus guarding freedom of expression and privacy. Central components of Polygon ID encompass Decentralized Identifiers (DID) and Verifiable Credentials (VCs), both compliant with W3C standards. The system operates on the foundation of a “Triangle of Trust” comprising Identity Holders, Issuers, and Verifiers. Identity Holders store VCs and generate proofs, while Issuers cryptographically sign VCs, and Verifiers ensure authenticity.

Verification can occur off-chain or on-chain through smart contracts, offering flexibility to developers. Users retain self-sovereignty over their private keys and data, enabling them to share information with third parties without Issuer permissions. The concept of transitive trust allows for the seamless sharing of credentials across different domains. Polygon ID is based on the open-source Iden3 protocol, providing a reliable platform for application development, emphasizing security and privacy.

Web3ID by Concordium

Figure 2. Concordium Web3ID

Concordium’s Web3 ID allows companies or individuals (issuers) to make statements about users (holders) and create proof of these statements using a special cryptographic signature. Other parties (verifiers) can verify these statements by requesting a zero-knowledge proof. Holders can create this proof to show the requested information about their statements. The status of the credential issued is stored on the Concordium blockchain to make it immutable and decentralized.

Issuer: An issuer attests claims about a holder. For example, a book club can attest memberships or a government can attest identities. To ensure the decentralization of the identity system, anyone with an account on the Concordium blockchain can be an issuer. Attestation of claims are done as Verifiable Credentials (VCs), digital credentials that have been verified by a trusted third party to be authentic and accurate. These credentials are based on the Verifiable Credentials Data Model 1.0, a standard set by the World Wide Web Consortium (W3C).

‍Holder: A holder can get verifiable credentials from issuers that attest claims about the holder. The holder uses their verifiable credentials to prove (in zero-knowledge) statements about themselves using on-chain, immutable proof of authenticity.

‍Verifier: A verifier wants to know if a statement about a holder is true with respect to claims attested by issuers. For example, a web shop might provide discounts if customers can prove they are a member of the book club.

In Concordium’s Web3 ID zero-knowledge proofs allow the holder to demonstrate to the verifier that a particular statement is true, without revealing any additional information beyond the statement itself. This means that the verifier can be confident that the statement is true, without knowing anything else about the proof. In other words, a zero-knowledge proof enables a person to prove knowledge of a secret or private information, such as a password, without actually revealing the password itself.

Figure 3. Key Benefits of Concordium’s Web3ID

The Problem with Verifying Issuers

In their documentation, Polygon ID team discusses the concept of an “issuer,” which could be various entities like a DAO, a government institution providing identity documents, or an employer endorsing its employees. They also mention that anyone can set up their own Issuer node directly on their infrastructure using different methods, including SaaS vendors.

However, there’s a concern regarding knowing the true identity and trustworthiness of these issuers. Despite the security of blockchain technology and the privacy protection offered by zero-knowledge proofs, there’s still uncertainty about whether the entity issuing a verifiable credential is genuinely authorized to do so.

This is where Polygon ID and Concordium Web3ID differ in their approaches to this problem. Both have distinct methods for verifying the authenticity and authorization of issuers, ensuring the trustworthiness of the credentials they issue.

On Concordium’s blockchain, the protocol level ID layer, ensures that every wallet is associated with a real-world identity that has been verified through a 3rd party ID provider. This real world identity information is kept encrypted and decentralized so that their anonymity is maintained, until and unless they do something bad. This setup ensures that if there are individuals or organizations with malicious intentions using Concordium’s blockchain, their anonymity can be taken away through a judicial process. The process is very straightforward and compliance friendly, thus ensuring the safety of using the platform.

This requirement also applies to Web3ID -based Issuers, the entities responsible for issuing verifiable credentials. This additional measure adds an extra layer of safety, making it more difficult for someone to pretend to be a different person or organization than they actually are on the blockchain.

The situation varies significantly when it comes to Polygon ID, where anyone can become an issuer. An issuer is aware of the identifiers to which they have issued credentials and possesses the raw data. Consequently, based on their own criteria, they can decide to revoke certain credentials. However, the verifier has no means to check if the credentials used in presenting proofs have been revoked at a later time. They can only ascertain that the credentials were not revoked when the Zero-Knowledge Proof (ZKP) was presented. If necessary, the verifier can request the holder to periodically generate new ZKPs.

In the context of Polygon ID, the verifier must explicitly specify the decentralized identifiers (DIDs) of the issuers they trust. This approach works well if there are one or just a few issuers that provide the necessary credentials, such as country authorities, KYC providers, or Proof-Of-Humanity issuers. Polygon is developing a solution to address this issue through a DID Configuration. This involves specifying the issuer’s DID in a file hosted on the issuer’s official website. Consequently, when a verifier needs to confirm the validity of a digital ID, they can verify that the DID provided by the issuer indeed belongs to their official website. It’s important to note that these specific approaches, including the use of Trust Registries, where issuers must meet specific criteria before being added, and DID Configuration, are part of the potential future developments for Polygon. However, it’s important to mention that these developments are currently of lower priority.

Another crucial point of distinction between Polygon ID and Concordium lies in their confirmation time, a measure related to block processing speed. As it stands, Polygon typically takes around 5 minutes to achieve finality, meaning it takes that much time for transactions and credentials to be securely confirmed and considered irreversible. In contrast, Concordium impressively boasts a mere 3-second confirmation time , ensuring incredibly rapid confirmation of transactions and changes in the system. This discrepancy becomes particularly noteworthy when considering credential revocation scenarios. In Polygon’s case, the 5-minute delay could potentially create a significant time gap, which might lead to adverse consequences before the revocation takes effect.

Wrapping up the Learnings

Figure 4. Key differences between Concordium Web3ID and Polygon ID

Polygon ID and Concordium Web3ID offer distinct approaches to issuer verification and credential trustworthiness. While Concordium ensures real-world identity verification through 3rd party providers, Polygon ID’s open issuer model raises concerns about true identity validation. Furthermore, Polygon’s 5-minute confirmation time for transactions and credentials contrasts with Concordium’s rapid 3-second confirmation, impacting the effectiveness of credential revocation. These differences underscore the importance of issuer trust and confirmation speed in blockchain identity systems.