Identity Attestation

These are attestations that cryptographically prove an entity is a unique human, combating sybil attacks in governance and airdrops. Protocols like Proof of Humanity, Worldcoin, and BrightID use different mechanisms:

• Social graph verification: Vouching by existing trusted members.
• Biometric orb: Scanning iris patterns to generate a unique hash.
• Video attestation: Submitting a video for community verification.

Attestations are recorded on-chain (e.g., Ethereum, Optimism) to create portable, composable reputation systems. Ethereum Attestation Service (EAS) and Gitcoin Passport are key standards.

• EAS: A schema registry for creating and verifying on- or off-chain attestations.
• Gitcoin Passport: Aggregates scores from various Web2 and Web3 identity providers (like BrightID, ENS) into a single stamp score for sybil-resistant governance.

Zero-Knowledge Proofs enable users to prove they hold a valid attestation (e.g., "I am over 18") without revealing the underlying data. This is critical for privacy-preserving KYC and access control.

• zkSNARKs / zkSTARKs: Generate a cryptographic proof of statement validity.
• Use Case: Proving membership in a DAO or citizenship of a country for a service, while keeping the specific DAO or country secret.

Soulbound Tokens are non-transferable (non-fungible) tokens that represent commitments, credentials, or affiliations bound to a specific wallet or "Soul." Proposed by Vitalik Buterin, they act as persistent, on-chain attestations of identity traits.

• Characteristics: Non-transferable, potentially revocable by the issuer.
• Examples: Educational degrees, employment history, event attendance badges, or voting records in a DAO.

A Decentralized Identifier (DID) is a globally unique, cryptographically verifiable identifier that is owned and controlled by the user, not a central registry. It is the foundational standard for self-sovereign identity.

• Structure: A DID consists of a URI scheme (did:), a method identifier (e.g., ethr, web), and a method-specific identifier.
• Control: Users prove control via private keys, enabling them to create and manage their own identity documents (DID Documents).
• Example: did:ethr:0xab... is a DID anchored on the Ethereum blockchain.

Verifiable Credentials are tamper-evident digital claims issued by an authority (issuer) to a holder, which can be cryptographically verified by a third party (verifier). They are the primary data format for attestations.

• Components: A VC includes metadata, claims, and a digital signature from the issuer.
• Privacy: Credentials can be presented selectively using Zero-Knowledge Proofs (ZKPs) to prove a claim (e.g., age > 18) without revealing the underlying data.
• Standard: Defined by the W3C Verifiable Credentials Data Model.

A core challenge in identity systems is preventing a single entity from creating multiple fraudulent identities (Sybil attacks). Attestations provide mechanisms to establish uniqueness.

• Physical-World Proofs: Methods include biometric verification, government ID checks, or in-person notarization.
• Social Graph Analysis: Systems like Proof of Humanity use video submissions and social vouching.
• Cost-Based Mechanisms: Requiring a bond or stake that is economically prohibitive to replicate many times.

Trust is dynamic; attestations must be revocable or expire to remain accurate. Managing revocation is a critical security consideration.

• Status Registries: Issuers maintain a revocation registry (on-chain or off-chain) that verifiers must check.
• Time-Based Expiry: Credentials have a built-in validUntil timestamp.
• Challenge: Balancing revocation needs with user privacy and system decentralization.

Proving an attestation should not leak unnecessary personal data. Advanced cryptographic techniques enable selective disclosure.

• Zero-Knowledge Proofs (ZKPs): Allow a user to prove they possess a valid credential meeting certain criteria without revealing the credential itself.
• BBS+ Signatures: A signature scheme enabling the creation of multiple, unlinkable proofs from a single credential.
• Minimal Disclosure: The principle of sharing the absolute minimum data required for a transaction.

The value of an attestation depends on the trustworthiness of its issuer. Decentralized systems rely on transparent trust frameworks.

• Issuer Accreditation: Hierarchical or peer-to-peer models for accrediting authorities.
• On-Chain Registries: Public lists of trusted issuers, sometimes governed by DAOs.
• Attestation Scoring: Systems that weight attestations based on the issuer's historical accuracy and reputation.

A Decentralized Identifier (DID) is a globally unique, cryptographically verifiable identifier that an individual or entity controls without a central registry. It is the foundational address for a self-sovereign identity (SSI). DIDs resolve to a DID Document, which contains public keys and service endpoints for authentication and attestation verification.

• Example: did:ethr:0x1234...
• Key Property: Enables direct, peer-to-peer interactions without intermediaries.

A Verifiable Credential is a tamper-evident digital claim, such as a diploma or passport, issued by an issuer to a holder. It is cryptographically signed and can be presented to a verifier. VCs are the standard data format for attestations, enabling privacy-preserving selective disclosure.

• Structure: Contains metadata, claims, and a proof (signature).
• Standard: Defined by the World Wide Web Consortium (W3C).

A Verifiable Presentation is the data format a holder uses to present one or more Verifiable Credentials to a verifier. The holder creates the VP, which includes the credentials and a proof demonstrating they are the legitimate holder, without revealing unnecessary information.

• Purpose: Enables selective disclosure and zero-knowledge proofs (ZKPs).
• Example: Proving you are over 21 without revealing your birth date.

An Attestation Registry is an on-chain or decentralized data structure that stores the status and metadata of attestations. It allows verifiers to check the validity and revocation status of a credential without querying the original issuer directly.

• On-chain: Smart contracts on Ethereum (e.g., EAS - Ethereum Attestation Service).
• Off-chain: Decentralized storage networks like IPFS or Ceramic.

A Zero-Knowledge Proof is a cryptographic method that allows one party (the prover) to prove to another (the verifier) that a statement is true without revealing any information beyond the validity of the statement itself. In identity attestation, ZKPs enable privacy-preserving verification.

• Use Case: Proving you hold a credential from a trusted issuer without showing the credential's contents.
• Technology: zk-SNARKs and zk-STARKs.

Self-Sovereign Identity is a model for digital identity where individuals or entities have sole ownership and control over their identity data and credentials, without relying on centralized authorities. It is the philosophical and architectural framework that DIDs, VCs, and attestations enable.

• Core Principles: User control, portability, and interoperability.
• Contrast: Opposite of federated or centralized identity models.