Even with the prospect of digital identities unlocking extensive amounts of economic value, primary concerns remain around privacy issues.
Two main models of digital identities, siloed identity and federated identity, place the control over your identity in the hands of either service providers or middlemen like Facebook. Google or Twitter. This has led to a lack of security over digital identities as well as antitrust behaviour among users.
According to the research held by Pew Research Center, the majority of Americans feel they have less control over data collected by the government or companies.
To resolve the digital identity issues, another digital identity model Self-sovereign identities (SSI) that can improve transparency and trust have been developed.
What is SSI?
Self-sovereign identity (SSI) is an identity model that acknowledges that a user should not only own their digital identities but should also have complete control over them. SSI are digital identities that are managed in a decentralized way and enable users to self-manage their identities without depending on third-party providers that store and control their data.
But one of the most common questions when it comes to the self-sovereign identities movement is, “why blockchain?”
This question arises from the impulse that data about the person’s identity is to be shared, stored and used for verification on a distributed ledger.
So, let’s bust the myth of personal identifiable information (PII) on the blockchain.
Breaking the Myth, PII on Blockchain
A common myth around blockchain and identity is that blockchain can offer an ideal distributed solution for PII. Technically, blockchain can support PII storage on the ledger or chain. But just because blockchain is capable of solving the centralized database problem doesn’t mean it is the accurate tool for that.
Undoubtedly, blockchain is much more than just a distributed ledger. Instead, SSI uses blockchain’s distributed ledger to create an immutable lifecycle event record for globally unique decentralized identifiers or DIDs. These DIDs will provide the mapping of a unique identifier to an entity, including connected devices, organizations, or a person. But the verifiable credentials associated with a person’s DID and PII will never be stored in a public ledger. Besides, the credentials for verification are shared cryptographically among peers at the network edge. In the case of SSI, verifiers (the recipients of verifiable credentials) in a peer-to-peer connection, use the associated DID to locate the sender's public verification key for decoding and validating the verifiable credential data.
Why Problem Does Blockchain Solve in SSI?
Blockchain provides an immutable, transparent, auditable, and reliable manner to handle secure and seamless cryptographic key exchange. To help you understand this concept better, let’s check some foundational concepts of blockchain.
In the initial symmetrical encryption scheme used for cryptography solutions, a secret key either random letters, a word, or a number was used. To encrypt a message, a secret key and the text of the message were blended in an algorithm-specific way that can only be decrypted by the sender or received through the shared secret key. The con of this approach is that it requires a secret key exchange before decryption.
To overcome this, asymmetrical encryption came into view. This encryption addresses the shortcomings of symmetric encryption using two keys, one to encrypt and the other to decrypt the message.
To minimize cyberattacks and improve security, asymmetric encryption allows a public key to be freely available to anyone who wants to send the message. But access to the private key is only provided to the owner. As encryption using a public key requires a private key to decrypt and vice versa. The drawback of this encryption scheme is that a trusted and authenticated public key can be discovered by attackers.
So the most persuasive technique for encryption on a client-server model is the digital certificate that blockchain offers. A digital certificate is a document binding metadata of a trusted server with an organization or person.
The metadata in the digital certificate includes the user’s email address, the user’s country, the public key of the user, the organization name, and the organization that issued the certificate.
To decrypt a message using a digital certificate, both parties need each other’s public key by extracting the public key from the other party’s certificate provided by a trusted server. Without the public keys from sender and receiver, a message cannot be decrypted which makes it more reliable in the case of SSI.
A certificate authority or trusted server uses digital certificates to provide a mechanism to establish trust throughout the chain of associated contracts. For example, Liam can be sure that the public key in Ava’s digital signature belongs to her because Liam can track the certificate endorsements from trusted authorities back to a common root.
A public key infrastructure (PKI) implements this centralized trust model by indulging dependency on a certificate authorities hierarchy. These trusted servers confirm the binding authenticity between a public key and its owner through digital certificate issuance.
While in a
blockchain-based web of trust model, the public keys storage is handled on the public ledger. As participants, Liam and Ava create their unique DIDs, attach their public keys and write them to the public ledger. Now only the organization or person with these DIDs will be able to access the attached public keys for verification of the digital signature of another person which improves security.
Moving Ahead with SSI and Blockchain
SSI uses blockchain technology to address several solution requirements. The basic yet most important reason why blockchain is used in the self-sovereign identity (SSI) model is the security and authenticity of key exchange blockchain offers. Solutions that are using SSI can leverage blockchain's distributed ledger technology as the basis of a new model for the web of trust with the immutable recordings of the events related to the binding of public keys and their owner.