Why Decentralized Identity Demands Centralized Archives

Storing verifiable credentials and attestations on-chain is economically impossible. A single global identity with a modest history would require terabytes of data, crippling any L1 or L2. The solution is a canonical, off-chain archive.

• Key Benefit 1: Enables petabyte-scale credential histories at near-zero on-chain cost.
• Key Benefit 2: Creates a universal source of truth for proofs, preventing fragmentation across Ceramic, IPFS, or Arweave.

A purely P2P storage layer (like IPFS) fails when data must be reliably available for real-time verification. Nodes go offline, pinning services are optional. Critical credentials for DeFi or legal purposes demand >99.9% uptime.

• Key Benefit 1: Guaranteed data availability for high-stake verifications across Worldcoin, ENS, and Gitcoin Passport.
• Key Benefit 2: Neutral, canonical archive prevents selective data withholding by any single issuer or verifier.

Finding and proving specific credentials across a decentralized mesh is a compute-intensive search problem. Verifiers need instant, complex queries (e.g., "all credentials from accredited issuers since 2023").

• Key Benefit 1: Enables SQL-level querying across the entire identity graph, impossible on raw decentralized storage.
• Key Benefit 2: Centralized indexing unlocks ZK-proof batching and selective disclosure at scale, a core requirement for protocols like Sismo and Polygon ID.

Decentralized Identifiers (DIDs) are just pointers. The actual credential data (VCs) lives off-chain, creating a massive availability risk. A ~90% data loss rate over a decade is plausible without professional archiving.

• Key Benefit 1: Guaranteed multi-decade retrievability for legal and compliance proofs.
• Key Benefit 2: Enables true long-term identity portability beyond any single provider's lifespan.

Protocols like Ceramic Network and IPFS provide decentralized storage, not preservation. They lack the financial incentives for guaranteed, paid-for-forever storage and active data integrity checks.

• Key Benefit 1: Centralized archives provide SLAs for durability (e.g., 99.999999999%) that decentralized networks cannot match.
• Key Benefit 2: Offloads the economic burden of perpetual storage from the user or application layer.

W3C's trust model assumes a 'Verifiable Data Registry'. In practice, this is a gap filled by centralized actors like Amazon S3 or Arweave, which itself relies on a centralized endowment. True decentralization fails at the archival layer.

• Key Benefit 1: Creates a clear, auditable custodian role accountable for data survival.
• Key Benefit 2: Enables regulatory clarity by having a legally responsible entity for critical identity data.

Ethereum's archive nodes, run by Infura, Alchemy, and QuickNode, prove the model. The chain's security is decentralized, but its usable history is a centralized service. DIDs will follow the same path.

• Key Benefit 1: Leverages proven, scalable infrastructure for high-availability querying.
• Key Benefit 2: Separates the trust model (on-chain proofs) from the performance model (off-chain data).

User-held keys (in wallets like MetaMask or Ledger) control access, not persistence. If the underlying data vanishes, the key controls nothing. Sovereignty requires both access and availability.

• Key Benefit 1: Shifts the burden of backup and migration from non-expert users.
• Key Benefit 2: Creates a recoverable identity layer even after personal device failure.

Regulated DeFi and on-chain KYC (e.g., Circle's Verite) require immutable audit trails. A centralized, compliant archiver becomes the legal system's trusted witness, anchoring decentralized claims to admissible evidence.

• Key Benefit 1: Provides a clear chain of custody for forensic and compliance auditing.
• Key Benefit 2: Enables identity to bridge DeFi and TradFi by meeting existing record-keeping laws.

Resolving a DID document (e.g., did:web:alice.com) requires fetching data from a centralized web server. This creates a single point of failure and censorship, undermining the entire system's resilience.\n- Availability Risk: If the host server is down, the identity is unverifiable.\n- Censorship Vector: Hosts can selectively withhold or alter DID documents.

Systems like Sidetree (used by ION on Bitcoin) and Ceramic Network act as decentralized, immutable ledgers for DID state changes. They anchor compressed proofs on-chain while storing the full history in a peer-to-peer network.\n- Censorship-Resistant: No single entity controls the data archive.\n- Historical Integrity: Full provenance of identity state is preserved and verifiable.

Even with a VDR, users must trust a gateway node to fetch and serve the data. Projects like ENS with CCIP Read or Ethereum Attestation Service push for trust-minimized gateways, but the liveness assumption remains.\n- Gateway Reliance: The network is only as live as its least reliable gateway.\n- Incentive Misalignment: Gateway operators are often not economically compensated for liveness.

The endgame is identity archives that don't require live queries. ZK Proofs of state inclusion (like zkCerts) or Bitcoin-like UTXO models for DIDs allow verification with a static proof, eliminating the need for a live archive.\n- Verification, Not Resolution: Prove membership in a state snapshot, don't fetch current state.\n- Bandwidth Minimal: Proofs are kilobytes, not megabytes of historical data.

Storing credential data directly on-chain (e.g., Ethereum) is economically and technically impossible for mass adoption.\n- Cost Prohibitive: Storing 1KB of data can cost $50+ on L1 Ethereum.\n- Performance Killer: Global consensus for data updates creates ~12 second+ latency, breaking user experience.\n- Privacy Nightmare: All data is permanently public, violating GDPR and common sense.

Separate the data plane from the verification plane. Use performant centralized infra (like Ceramic, Tableland, Arweave) to host data, anchored by decentralized proofs.\n- Web2 Scale, Web3 Trust: Archives handle >10k TPS with sub-second latency; proofs live on-chain.\n- User Sovereignty: Credentials are portable, revocable, and selectively disclosable via ZKPs or BBS+ signatures.\n- Developer Reality: This is the actual architecture of Worldcoin's Orb, Microsoft Entra, and Disco's data backpacks.

The value accrues to the canonical, performant data repositories, not the thin verification layers. This is the AWS for DIDs.\n- Protocol Moats: Network effects around schema standards and data availability create winner-take-most markets.\n- Enterprise Gateway: This is the only architecture that can service banking KYC and DeFi sybil resistance (like Gitcoin Passport) at scale.\n- Market Size: The credential verification market is a $100B+ adjacency to identity and access management.