Credential Graph

The graph is built from verifiable credentials issued by trusted entities (issuers) to subjects (holders). These are cryptographically signed statements (e.g., "Alice holds a KYC badge") stored off-chain, with only their hashes or commitments anchored on-chain for verification. This separates data storage from verification logic.

Instead of isolated credentials, entities and attestations are modeled as a directed graph.

• Nodes represent identities (wallets, DIDs) and credential schemas.
• Edges represent the issuance, holding, or verification of attestations. This structure allows for complex queries like "Find all wallets attested by Protocol X that also hold credential Y."

Holders can prove specific claims from their credentials without revealing the entire document using zero-knowledge proofs (ZKPs). For example, proving you are over 18 from a government ID without showing your birth date. This is a core mechanism for privacy-preserving verification within the graph.

Credentials from different issuers can be aggregated to form a compound identity or reputation score. A user might combine a proof-of-personhood credential, a DeFi credit score, and a guild membership to access a high-tier lending pool. The graph enables the discovery and logical linking of these disparate attestations.

Smart contracts can query the graph's state to verify credentials in real-time. Revocation registries (often on-chain) allow issuers to invalidate credentials without exposing private data. This creates a trust-minimized system where dApps can programmatically check the validity and status of any referenced attestation.

A public schema registry defines the structure of credentials (data fields, types) ensuring different systems can interpret them. Standards like W3C Verifiable Credentials and DID-Core provide the foundation for cross-protocol interoperability, allowing a credential issued in one ecosystem to be used in another.

Users can build a persistent, self-sovereign identity across multiple dApps and protocols. Their verified credentials and reputation are stored in their wallet, not siloed within a single application. This enables reputation portability, allowing users to leverage their established trust score or credentials when interacting with new platforms, reducing the need to start from zero.

By analyzing the graph's connections and credential issuers, protocols can implement sophisticated sybil resistance mechanisms. This moves beyond simple token-gating to assess the quality and provenance of participation. For example, a governance system can weight votes based on a user's verified contributions or credentials from trusted entities, making coordinated attacks more costly and difficult.

Smart contracts can query the credential graph to make granular, logic-based access decisions. This enables:

• Dynamic airdrops targeting users with specific credential histories.
• Progressive decentralization by granting elevated permissions based on proven contributions.
• Customized interest rates in lending protocols based on verified, on-chain repayment history.

All credentials and their issuances are recorded on a public, immutable ledger, creating a transparent and auditable trail of trust. This eliminates reliance on opaque, off-chain databases. Analysts and auditors can verify the entire history of a credential, including when it was issued, by whom, and if it has been revoked, ensuring the data's cryptographic integrity.

The credential graph serves as the foundational layer for building decentralized social graphs and on-chain reputation systems. It enables the discovery of relationships like mentorship, collaboration, and endorsement at scale. This data structure is essential for next-generation applications in decentralized social media, professional networks, and coordination mechanisms like retroactive public goods funding.

The atomic unit of a credential graph. A Verifiable Credential is a tamper-evident, cryptographically signed assertion (like a diploma or proof of age) issued by a trusted entity. It contains claims, metadata, and proofs, forming the nodes in the graph. Standards like the W3C Verifiable Credentials Data Model ensure interoperability.

The foundational identifier system for graph participants. A Decentralized Identifier (DID) is a globally unique, cryptographically verifiable identifier controlled by the entity it identifies (issuer, holder, verifier). DIDs, resolvable to DID Documents, provide the root keys and service endpoints that enable secure, permissionless interactions within the graph without central registries.

The trust layer for resolving identifiers and status. A Verifiable Data Registry is the system—often a blockchain or distributed ledger—that records DIDs, DID Documents, and credential status information (like revocation registries). It provides the immutable, decentralized backbone that allows all parties in the graph to have a consistent view of trust anchors.

A core privacy mechanism enabled by the graph's structure. Selective Disclosure allows a credential holder to prove specific claims from a credential (e.g., "I am over 21") without revealing the entire document or other personal data. This is achieved through zero-knowledge proofs or BBS+ signatures, minimizing data exposure while maintaining verifiability.

The semantic framework that gives the graph meaning. A Credential Schema defines the structure and data types of the claims within a VC (e.g., field names for a driver's license). An Ontology defines the relationships between different schemas and concepts, enabling machines to understand and reason about credentials across different domains and issuers.