Deepak Maram and Harjasleen Malvai
TL;DR Decentralized identity systems allow users to gather and manage their own credentials under the banner of self-created decentralized identifiers (DIDs). The key focus of DIDs is on shifting the control of a credential into users’ hands. Existing decentralized identity proposals, however, suffer from several problems. First and foremost, how do you bootstrap an ecosystem of credential issuers? It is unlikely that most existing legacy providers suddenly switch and issue such credentials. Second, like with cryptocurrencies, DID systems burden users with managing their own keys creating a significant risk of key loss. They also omit essential functionality, like resistance to Sybil attacks and the ability to detect misbehaving or sanctioned users. We address these problems by introducing CanDID in our new paper.What is decentralized identity and why is it important?
Putting existential questions aside, let us consider what it means to have a physical identity or “ID”. Consider the following: when obtaining an identity card from a Department of Motor Vehicles (DMV) in the US, a user can plausibly be issued an ID card with the following documents: a social security card (proof of social security status), a birth certificate (proof of date of birth and name), a bank statement, a payslip (proof of name) and a postmarked letter (proof of address). These documents have a name as a common identifier and can therefore be linked to form this person’s ID.
Note that health records show date of birth and can often be accessed online. So can bank accounts and payslips. A receipt for an e-shopping package, or a shipping tracker is about as good as a postmarked letter. Finally, the US social security administration provides a portal using your SSN on ssa.gov. This is to say that an identity about as “strong” as what is issued by the DMV could be plausibly issued online if we had the ability to access and verify the a...