<\/p>\n
12 September 2024<\/strong><\/p>\n Ethereum Open Community Projects L2 Standards Working Group<\/span><\/a><\/p>\n Vitalik Buterin highlighted three essential shifts for Ethereum: scaling via L2 rollups to minimize fees, upgrading wallet security through smart contract wallets for improved security and user experience, and enhancing privacy with privacy-preserving measures. This article investigates how the incorporation of W3C Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) can tackle some of these issues by enhancing the management of identities, keys, and addresses, utilizing existing decentralized identity frameworks to help Ethereum\u2019s transition towards a more L2-centered environment.<\/span><\/p>\n As Vitalik Buterin discussed in a series of 2023 writings, notably his <\/span>Three Transitions article<\/span><\/a>, Ethereum is evolving from a nascent experimental technology into a mature tech stack capable of providing an open, global, and permissionless experience for everyday users. Nevertheless, he asserts that there are three principal technical transitions that the stack must undergo, approximately at the same time:<\/span><\/p>\n Vitalik stresses that these transitions are vital and challenging due to the significant coordination required for their execution. He particularly examined the effects of these transitions on the relationship between users and their addresses, payment mechanisms, and key management approaches. The interaction between users and their addresses, along with the management\/recovery of keys, poses substantial concerns both technically and in terms of usability \u2013 user experience determines success or failure, regardless of the robustness of the underlying technology.<\/span><\/p>\n In this article, we will explore these latter issues further and analyze how solutions from a different ecosystem, specifically one concentrating on decentralized identity, often termed self-sovereign identity, can substantially assist with the transitions without necessitating the reinvention of too many elements.<\/span><\/p>\n The problem statement in the context of Ethereum\u2019s technical transitions can be succinctly outlined as follows based on <\/span>Vitalik<\/span><\/a>:<\/span><\/p>\n Consequently, these points bring forth the question of how we manage identities, addresses, and their keys in a cohesive manner that does not confuse users or jeopardize the security of their assets.<\/span><\/p>\n Considering the aforementioned problem statement, the notion of an \u201caddress\u201d within the Ethereum ecosystem is transforming, as the conventional idea of an address as a single cryptographic identifier becomes outdated. Instead, \u201cinstructions for how to engage with me\u201d would entail a combination of addresses across multiple Layer 2 (L2) platforms, stealth meta-addresses, encryption keys, and additional data. In his article, Vitalik suggests that one conceivable approach could involve using Ethereum Name Service (ENS) records to encompass all identity information. Sending someone an ENS name such as \u201calice.eth\u201d would grant them access to all the necessary details for interaction, including payment and privacy-preserving methods. However, this approach has limitations, such as overly linking too much to a name and the inability to utilize trustless counterfactual names, which are critical for sending tokens to newcomers without prior blockchain engagement. Additionally, the ENS system operates on a rent-seeking basis. Therefore, in a broader sense, it is not equitable and does not ensure ongoing ownership of one\u2019s identity; such a situation is untenable. An alternative proposition involves keystore contracts that contain all identity information. These contracts can be conducive to counterfactual settings and are not associated with a single name, allowing for greater flexibility and privacy.<\/span><\/p>\n This leads us to the discussion of keys governing \u201caddresses.\u201d In particular, key rotation and key recovery in a multi-address Ethereum ecosystem. Key rotation is gaining importance alongside smart contract wallets and account abstraction wherein the controlling address of a smart contract wallet might change due to a key being rotated or recovered which necessitates a new controlling address. Regardless of whether it involves key rotation or recovery, the conventional approach would entail executing on-chain procedures for each address individually. This method is impractical because of gas expenses, counterfactual addresses, and privacy issues. As mentioned previously, Vitalik recommends the use of keystore contracts that exist in a single location while directing to verification logic across multiple addresses. This would facilitate the creation of a proof of the current spending key for transactions. This necessitates a recovery architecture that distinctly separates verification logic from asset holdings, simplifying the recovery process by requiring only a cross-network proof for recovery.<\/span><\/p>\n Within this framework, Decentralized Identifiers can harness keystore contracts to facilitate modular verification logic for contract accounts that authenticate zk proofs through a designated validation module and incorporate a system<\/span> for conformance in on-chain executions<\/span><\/a>.<\/span><\/p>\n Incorporating privacy features, such as secured pointers and zero-knowledge proofs, adds complexity. Nevertheless, it brings potential synergies with keystore contracts for persistent addresses, as the persistent address could be rendered \u201ccloaked\u201d within a zero-knowledge proof.<\/span><\/p>\n What implications does this hold for smart contract wallets? Historically, wallets were created to safeguard assets by securing the private key connected to on-chain assets. If a key needed to be modified, the previous one could be revealed safely without concern. However, in a realm governed by zero-knowledge principles, wallets must protect information in addition to assets. The case of <\/span>Zupass, an identity system based on ZK-SNARK<\/span><\/a>, demonstrates that users can maintain data locally and disclose it only when required. Nonetheless, losing the key to decrypt the data results in losing access to all secured information. Hence, managing encryption keys is becoming increasingly vital. Vitalik proposes that utilizing multiple devices or sharing secrets among (key) \u201cguardians\u201d could help reduce the danger of key loss. However, this method is incompatible for asset recovery owing to the risk of collusion among \u201cguardians.\u201d Ultimately, the notion of an address as the user\u2019s identifier on-chain will need to adapt, necessitating wallets to oversee both asset recovery and encryption key recovery to prevent user overwhelm caused by intricate recovery protocols, often known as poor UX. For instance, <\/span>Sign In With Ethereum<\/span><\/a> relies on the on-chain address along with the user’s private key controlling that key to create the authentication message. However, this method does not incorporate a one-to-many relationship, nor does it consider a smart contract wallet as the primary representative of the user. Therefore, the verifying entity, often referred to as the relying party, cannot evaluate the scope of the user’s authorization(s) necessary during login, which is crucial based on the features the verifying party provides to the user’s address.<\/span><\/p>\n The Three Transitions extend beyond mere technical improvements; they signify profound alterations in how users interact with Ethereum-based frameworks, particularly in identity, key management, and addresses. Consequently, this evolution aims to transform the Ethereum ecosystem from its present configuration into a more accessible and user-friendly platform that emphasizes scalability, security, and usability. Hence, one might naturally inquire: Are there existing tools and frameworks that the community can leverage, especially regarding identity, key management, and privacy, to facilitate these transitions? The answer is undoubtedly affirmative. Particularly, the ecosystem surrounding decentralized identity concepts, along with its standards, frameworks, and several reference implementations, has crafted tools that are immediately applicable within the Ethereum stack.<\/span><\/p>\n The decentralized identity ecosystem is centered on empowering individuals to manage their digital identities independently of centralized authorities. It utilizes blockchain technology and cryptographic foundations to guarantee privacy, security, and user-centric identity governance. Central to this ecosystem are two fundamental concepts: Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs).<\/span><\/p>\n Decentralized Identifiers (DIDs):<\/b><\/a><\/p>\n DIDs represent a novel kind of identifier that facilitates verifiable, self-sovereign digital identities. These are unique, globally resolvable identifiers linked to a subject, such as a person, organization, or device. DIDs are inherently decentralized, indicating that they do not depend on a central registry or authority for their establishment or management. Instead, they are created and governed by the users or entities acting on their behalf. DIDs generally employ public-key cryptography to guarantee secure interactions and enable the subject to demonstrate ownership and control of their identity while executing specific authorized actions including assertions, authentication, authorization, and encryption.<\/span><\/p>\n Verifiable Credentials (VCs):<\/b><\/a><\/p>\n Verifiable Credentials are digital credentials containing assertions about a subject\u2019s identity, attributes, or qualifications, issued by trustworthy entities known as issuers. VCs are tamper-evidenced and cryptographically signed to ensure their integrity and legitimacy. Notably, VCs are portable, allowing the subject to present them to verifiers, such as service providers or relying parties, without needing those verifiers to reach out to the issuer directly. This capability allows for seamless and privacy-preserving identity verification across varied domains and contexts.<\/span><\/p>\n Numerous key stakeholders and organizations are aiding the progress and acceptance of decentralized identity technologies:<\/span><\/p>\n Standards are pivotal in ensuring interoperability and alignment within the decentralized identity ecosystem. Some principal standards and reference implementations include:<\/span><\/p>\n Below, we elaborate on how a decentralized identity framework can be effectively employed to address cross-network issues related to identity, address, and key management that were previously outlined.<\/span><\/p>\n Issue<\/b>: Managing identity for a user across various Ethereum networks presents significant complexity.<\/span><\/p>\n DID Solution for Identities<\/b>:<\/span><\/p>\n DID Documents for Address Management<\/b>:<\/span><\/p>\n Issue<\/b>: Users maintain multiple addresses across the Ethereum mainnet, testnets, and Layer 2 solutions, including counterfactual addresses.<\/span><\/p>\n DID Document solution<\/b>:<\/span><\/p>\n DID Documents for Key Management including Social Recovery<\/b>:<\/span><\/p>\n DID Solution for Identities<\/b>:<\/span><\/p>\n Issue<\/b>: The processes for key recovery and key rotation concerning Ethereum addresses, particularly for smart contract wallets, are intricate and not user-friendly.<\/span><\/p>\n DID Document solution:<\/b><\/p>\n Privacy (Zero-Knowledge) Aspect of DIDs and DID Documents<\/b><\/p>\n proofs by initially merkelizing their JSON-LD document and subsequently validating Merkle Proofs of the relationships between DID-to-key and DID-to-functional-capability (as represented through one or more cryptographic keys).<\/span><\/li>\n Challenge<\/b>: The entity executing a key operation such as a key rotation or a digital signature for a financial transaction must demonstrate that it is a legitimate entity that complies with all relevant regulations in a jurisdiction with compliance oversight.<\/span><\/p>\n VC Solution for Regulatory-Compliant Key Operations:<\/b><\/p>\n There are numerous distinct implementations of the <\/span>W3C DID specification<\/span><\/a>. While many DID methods are not scalable enough or do not easily anchor on a blockchain, several DID methods are suitable for the Ethereum ecosystem \u2013 permissionless, blockchain-anchored, scalable, and economical. All of these DID methods are founded on <\/span>the Sidetree Protocol<\/span><\/a>. The Sidetree Protocol serves as a \u201cLayer 2\u201d DID protocol that can be deployed atop any event anchoring system, including <\/span>Ethereum<\/span><\/a>, and adheres to W3C guidelines. The Sidetree protocol does not necessitate centralized authorities, unique protocol tokens, reliable intermediaries, or secondary consensus mechanisms. Specifically, the Sidetree protocol delineates a core set of DID PKI state change operations, organized as delta-based Conflict-Free Replicated Data Types (i.e., Create, Update, Recover, or Deactivate), that modify a Decentralized Identifier\u2019s DID Document state.<\/span><\/p>\n Thus, by utilizing an Ethereum-based implementation of Sidetree, the Ethereum ecosystem can assure that each user possesses a self-sovereign identity, which is both private and compatible across various L2s and applications.<\/span><\/p>\n We are convinced that the incorporation of W3C DIDs and VCs into Ethereum\u2019s framework is essential for navigating the forthcoming transitions. They offer the requisite tools for managing identities, keys, and the security of addresses, as well as ensuring privacy, and are aligned with the decentralized ethos of blockchain technology.<\/span><\/p>\n Regrettably, the Ethereum ecosystem and the decentralized identity (DID) ecosystem have not significantly converged, although both emphasize decentralization. The Ethereum ecosystem has primarily focused on enhancing and scaling its blockchain technology, while the DID ecosystem has prioritized the establishment of standards and protocols for managing digital identities. Consequently, collaborative opportunities between these two ecosystems have been scarce.<\/span><\/p>\n We perceive the Three Transitions as a chance to alter this dynamic and foster closer collaboration between the Decentralized Identity and Ethereum ecosystems.<\/span><\/p>\n Acknowledgments<\/b><\/p>\n Special thanks to Eugenio Reggianini (<\/span>\n
\n
What Constitutes the Decentralized Identity Ecosystem?<\/span><\/h2>\n
\n
\n
Utilizing Decentralized Identifiers (DIDs)<\/span><\/h2>\n
\n
\n
\n
\n
Utilizing Verifiable Credentials (VCs)<\/span><\/h2>\n
\n
Beneficial Implementations for Ethereum Networks<\/span><\/h2>\n