Self-Sovereign identity (SSI) gives users control and ownership over their identity. In centralized and federated identity, a user's identity is an account on a server, and if you delete the account you terminate the user's identity on the internet. With self-sovereign identity, users manage their identity through a digital wallet.
SSI is the end goal of identity 3.0. By using cryptographic keys, ownership of identity is transferred to the individual. SSI means an individual can be an issuer, verifier, and holder of identity. Since identity data is decentralized, no central authority owns the data. The user encrypts their identity documents with their public key, and the verifier can decrypt them on the blockchain where the user's public key sits. The individual holds private keys.
Digital wallets are a way for users to store their digital identity documents securely. These documents exist on a user's device and are used to verify digital identity.
Cryptographic keys work with the public and private key mechanism. When data is verified, the user authorizes the decryption of the public key. The encryption technology used is Elliptic Curve Digital Signature Algorithm (ECDSA). The largest ECDSA key broken to date is 112 bits long. ShareRing uses 256-bit strings, which is 4000 billion billion times harder to break. The passphrase is encrypted (secp256k1) and stored in the keychain/keystore. The backup data is encrypted (secp256k1) by the private key derived from the recovery phrase
A Decentralized Identifier (DID) is a uniquely resolvable string that maps a document to an address. An example DID on ShareLedger is:
This string maps back to an individual. Each document can also have its own DID, which maps a string back to the document.
Verifiable Credentials (VCs) are a W3C standard to express credentials on the internet.VCs can use DIDs as part of their metadata, but it is not necessary. Third parties request VCs from identity providers to verify the identity of individuals. Here is an example of a VC for a passport:
Example of passport info:
"description": "Sharing identity network",
Software Development Kit
ShareRing has developed a software development kit (SDK) that lets third parties use and interact with the ShareRing blockchain (ShareLedger). These are signup, login and vault.
Merkle Tree Algorithm
ShareRing uses the Merkle Tree algorithm to verify document proofs:
- Only a single hash string (32 bytes) is stored on the blockchain instead of the whole data
- This hash verifies an identity document but cannot be resolved back to the original document
- We hash every field in the document, and they are all hashed together to form the Merkle root hash (final hash)
- We obfuscate data to show only the required user information and not every attribute.
In blockchain technology, a ledger is an immutable ground truth database that all participants in the blockchain network must agree on. This ledger is only updated when consensus is reached, and the ledger will be the same for each node.
The blockchain network expands through the process of validation. To add a node to a the network, the new block must be validated by the rest of the network. This involves reaching a consensus within the network where the majority of nodes agree to add the new node. Once consensus has been reached, the block is validated and added to the network. No further changes to the network can be made unless a consensus is reached again.
Vault Query Language
ShareRing's Vault Query Language (VQL) lets you query user's information through a QR code. Users can generate and save complex queries to verify identity, and the response will be a verifiable credential.
- Users can generate and save complex queries to verify identity.
- The response will be a verifiable credential.
- All queries interact with the ShareRing SDK.
All queries interact with the ShareRing SDK.