The importance of privacy rights has increased as more and more of our lives are lived digitally. Although the internet offers ease and connectivity, it exposes users to new privacy risks.But privacy, especially in the digital realm can´t be fully understood without the concept of identity verification and authentication. One of the biggest challenges of fulfilling data rights requests is identity verification.
Consumers are not sitting in the driver´s seat when it comes to their data ownership. In Web2 data is owned and controlled by platforms running all the servers, rather than individual users. This exposes consumers to violations of their privacy data security breaches, targeting, potential censorship, discrimination, etc.
Caring about privacy and protecting one´s information not only prevents intrusion but also maintains control over one´s data fostering autonomy and trust in digital interactions. This is what Web3 and decentralization are all about.
ZKPs (zero-knowledge proofs) make it possible for us to only reveal necessary data, enabling authentication and transactions without exposing sensitive details, and enhancing security and confidentiality in digital interactions.
They play a vital role in safeguarding privacy which is key to making the decentralized web a reality. Without it, true user empowerment won't exist.Concordium understands the importance of user privacy and navigating the digital world safely. It empowers individuals and enterprises to harness blockchain technology responsibly.
The Concordium blockchain simultaneously balances privacy and accountability thanks to the identity verification built into the protocol level and zero-knowledge-proof technology, ensuring that personal information remains anonymous and secure.
Concordium is a science-backed blockchain with a core focus on decentralized identity. It's the only L1 blockchain that offers a built-in, self-sovereign identity feature, wherein every user's real-world identity is authenticated without compromising their privacy. The Concordium blockchain is designed to be fast, secure, and cost-effective.
Being a leading innovator in the decentralized identity space, Concordium will throughout 2023 be taking its identity solution to the next level with the introduction of Web3 ID, a zero-knowledge-based Identity infrastructure. In the true spirit of Web3, anyone will be able to build identity solutions on this platform. At the same time, as a compliance-friendly blockchain, Concordium is in the unique position of facilitating Web3 adoption by Web2 companies and organizations.
In this article, we present an overview of Web3 ID, the benefits it offers, and how it works.
Digital identity refers to the information available online about a person, a business, or an entity that helps them prove their identity and gain access to digital and real-world resources they need.
Currently, centralized and federated identity management systems are used to manage digital identities. In centralized identity management, an organization stores and manages all digital identities in one central location like a server. Common examples of centralized digital identifiers include emails, usernames, and passwords. Similarly, federated identity systems allow users to access multiple applications using one set of login credentials like using a Facebook or Google account. This is also known as single sign-on, and in the most common implementations means deep surveillance and tracking of millions and millions of people worldwide.
Self-sovereign identity is a digital identity management system that empowers individuals to have complete ownership and control over their data. This means individuals have the final say on how their identity is used to access online products and services.
Concordium’s Web3 ID is a much needed identity infrastructure that is intuitive and easy for dApps to build on and offers seamless usability for users, while being highly cost effective.
Concordium’s Web3 ID allows companies or individuals (issuers) to make statements about users (holders) and create proof of these statements using a special cryptographic signature. Other parties (verifiers) can verify these statements by requesting a zero-knowledge proof. Holders can create this proof to show the requested information about their statements. The status of the credential issued is stored on the Concordium blockchain to make it immutable and decentralized.
Issuer: An issuer attests claims about a holder. For example, a book club can attest memberships or a government can attest identities. To ensure the decentralization of the identity system, anyone with an account on the Concordium blockchain can be an issuer. Attestation of claims are done as Verifiable Credentials (VCs), digital credentials that have been verified by a trusted third party to be authentic and accurate. These credentials are based on the Verifiable Credentials Data Model 1.0, a standard set by the World Wide Web Consortium (W3C).
Holder: A holder can get verifiable credentials from issuers that attest claims about the holder. The holder uses their verifiable credentials to prove (in zero-knowledge) statements about themselves using on-chain, immutable proof of authenticity.
Verifier: A verifier wants to know if a statement about a holder is true with respect to claims attested by issuers. For example, a web shop might provide discounts if customers can prove they are a member of the book club.
In Concordium’s Web3 ID zero-knowledge proofs allow the holder to demonstrate to the verifier that a particular statement is true, without revealing any additional information beyond the statement itself. This means that the verifier can be confident that the statement is true, without knowing anything else about the proof. In other words, a zero-knowledge proof enables a person to prove knowledge of a secret or private information, such as a password, without actually revealing the password itself.
● Issue and verify fraud-proof credentials and documents instantly
● Eliminates cyber attack risks that centralized databases face
● Achieve a greater level of adoption by users as they know that their data is not being hoarded and exploited
● Save costs on compliance with easier path to KYC
● Accountability and regulatory compliance thanks to revocable anonymity whereby the identity of bad actors can be revealed when required by law
● Limit exposure and costs of complying with privacy regulation such as GDPR in Europe
● Own and control your digital identity: decentralized and self-sovereign identity solution based on Concoridium’s built in ID layer and zero knowledge technology.
● Users only reveal parts of their verifiable credential that are specific to what needs to be authenticated. For example, the user may only need to reveal if they are above 18 or not, without divulging other information.
● No dependency on any central entity to prove their identity or claim
● No hoarding, spreading and exploitation of personal data as currently the case in Web 2.0
● Build passwordless user-centric apps that enhance user experience and drive Web3 adoption
● Request and verify user data while maintaining their privacy with zero-knowledge proofs
We are already working with several companies looking to build services on top of the Web3 ID infrastructure. But the list of supported use cases are only limited by your imagination. Here are a couple of examples:
Car sharing company: A car sharing company requires users to have a valid driver’s license and be older than 23 years. With Web3 ID the car sharing company may instantly check the user's Verifiable Credential to confirm that they have a valid driver’s license and are above the required age limit. Thanks to Zero-knowledge proofs, the user can confirm this information without sharing unnecessary information like their actual birthday.
Medical Certification: Medical license boards can issue licenses as verifiable credentials. These licenses can be promptly shared by their holders with any hospital, clinic, or medical department they seek to join, ensuring swift and effortless verification. The medical licensing board records the status of the issued claims on the Concordium blockchain. This enables a clinic or hospital to confirm the legitimacy of the Verifiable Credential as they have confidence in the department that provided the credential.
Proof of Unique Humanity: Web3 ID can be used to prove that you are a unique human being and not a bot.
Passwordless authentication: seamlessly login to any portal with your Web3 ID via a blockchain wallet. This is the next iteration of single-sign on (SSO).
Easy onboarding: once users receive a verification credential, they can use them multiple times across platforms to onboard themselves. For example, a customer that has received a KYC credential can use it across DeFi dApps without needing to perform costly KYC for each of them.
Reputation Management: Users can port their reputation across dApps and compose them, without having to start from scratch each time. In Web 2.0, in contrast, an Uber driver would have to build his reputation from scratch when moving over to another platform such as Lift.
With the introduction of the Web3 ID infrastructure, Concordium remains at the forefront of blockchain based self-sovereign decentralized identity. As the first blockchain with an in-built identity layer and anonymity revocation feature to comply with regulation, the Web3 ID infrastructure will form a critical piece in facilitating mass adoption of Web3 by empowering the Concordium community to build future ready dApps.