3E/ Better DID Mehtods with Zero Knowledge Proofs (ZKPs)? - Privacy Preserving, Globally Verfiable DIDs

From IIW

Better DID Methods with Zero Knowledge Proofs (ZKPs)? - privacy preserving, globally verifiable DIDs

Tuesday 3E

Convener: Rouven Heck, Martin Riedel

Notes-taker(s): Oliver Terbu

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

PDF Slidedeck:


Zoom Chat:

David Huseby: 😂

Oliver Terbu: Pls raise hands if you have questions

David Huseby: too many fucking did methods; most will never be used

Tobias Looker: Haha too true

David Huseby: running a universal resolver is way too hard

mitfik: 77 is not a lot ;)

Oliver Terbu: We have so many, so I need to create a new to rule them all

bsuichies: Is there a link to this presentation?

mitfik: but so true and hoping that KERI would solve that by going into did: without need for a method

David Huseby: any ledger that requires significant resources to be able to resolve DIDs against them are no better than a corporate identity silo

Oliver Terbu: @bsuichies: yes, will be provided

bsuichies: thx

Tobias Looker: IMO the DID method registry is more of a social tool, to get people thinking about the same stuff together in one room

mitfik: KERI is blockchain is DLT less :)

Kyle Den Hartog: “BuT HaVinG mORe DiD MetHOds MaKeS thEm MoRE DeCENtrAliZeD”

David Huseby: there will be one did methods everybody will use because it will have preferential attachment; like how google won

From By_Caballero: ^ :(

mitfik: KERI is globaly verifiable is matter of witnesses around

bsuichies: did:ftw?

From By_Caballero: did:wtf

David Huseby: the cost of supporting another did methods will be enough that implementors of VC systems will only support one, maaaaybe two.

balazs (DIF): fair point

David Huseby: and they won’t be any methods that require running a full blockchain node

bsuichies: @david: define implementors of vc systems

David Huseby: so not bitcoin. not ethereum. not Indy. not any shitcoin. Any engineers building systems that accept verifiable credentials/containers for authentication/authorization

bsuichies: @rouven someone is stealing your furniture!

From Tobias Looker: Hahaha

David Huseby: for example a covid credential checking device+system for airport security

bsuichies: verification or issuance? or both?

David Huseby: both

Oliver Terbu: Airport security will use digital travel creds (DTC). I was just on a call where ICAO presented that.

David Huseby: the VC economy is about accepting VCs and then monetizing credential issuance; @Oliver there is no winner yet

Oliver Terbu: I know

David Huseby: I know of at least six different efforts that have different levels of government and corporate support

Oliver Terbu: ICAO issues passports; Ok, not ICAO

bsuichies: so if keys remain in hardware, wallets are going to be the critical element.. seems pretty difficult in an open standards, interoperable world

Ryan Faulkner: keys remaining in hardware will have implications for portability :/

bsuichies: yeah, we're basically back to individual apps and siloes

By_Caballero: yeesh

Nader Helmy: yeah that's a difficult one. rotate everything everytime you move?

By_Caballero: MPC and threshold signatures, easy! <ducks>

bsuichies: how is an issuer going to prevent issuance to a wallet that he does not approve of, if the wallet is properly interoperable

Dan Bachenheimer: ICAO issues ePassports and will issue DTCs; they both require a centralized PKD and they both can be used to create a derived credential; specifically, a verifiable credential

Nathan_George: My device management and message routing shouldn’t be my peer’s concern

Charles Cunningham: Keris rotation model would allow you to rotate and identifier to another hardware module, so to say, by rotating to the keys within

Oliver Terbu: ICAO standardizes passports through ISO and provides guidance/regulations. The countries are issuing passports.

By_Caballero: your freedom to swing your fist ends at my security needs and nose, nathan

camparra: Shouldn’t you also be adding changing crypto algorithms for keys?

Oliver Terbu: My hope would be that they choose VCs as their DTC containers

balazs (DIF): that would be HUGE! @oliver

Nader Helmy: +1 Charles, I think the difficult part would be enforcing that on a policy level as well as technical one, and do so in an interoperable way

bsuichies: zero-trust wallets

Nathan_George: @By_Caballero my point is that device rotation and message routing can be strongly correlating, I need the ability to limit that leakage, but yes, you still need to know “it is me”, but granularity beyond that is dangerous to the entity model

camparra: Eh that’s cool and all but you have to be able to upgrade crypto

Dan Bachenheimer: ISO standards wrt ICAO define air interface protocols, security, and biometric quality

camparra: KERI doesn’t do that

By_Caballero: @Nathan, I was kidding, but your clarification was super useful, thanks!

camparra: Nor do most wallets

Oliver Terbu: @Dan: yes

bsuichies: Observation: in the physical world the wallet is not secured, and the credentials and tokens are secured

bsuichies: that's pretty scalable. and portable

Kyle Den Hartog: For encryption keys we could use the tree-kem structure being developed for MLS to agree on a symmetric key, but that’s a rabbit hole for another day :)

Andrew Whitehead: treekem does seem nice, especially for smaller groups

camparra: That’s assuming symmetric key encryption will forever hold it’s security @kyle

Kyle Den Hartog: Symmetric is unlikely to be broken by quantum computers because most ciphers are just one-time pads with a way to consistently expand the key

bsuichies: @kyle: 5 dollar wrench

Kyle Den Hartog: The unsolvable problem best left out of scope

bsuichies: :)

Tobias Looker: Yeah lots of the ZKP’s schemes have a massive amount of public parameters required on setup too

Tobias Looker: Which is something that many people tend to ignore the complexity it introduces

Oliver Terbu: @David: could you pls lower your hand

David Huseby: yup

Oliver Terbu: ty

By_Caballero: ^FFR I believe multiple people can claim host simultaneously, and hosts can lower people's hands for clarity of queue :D

Oliver Terbu: :)

By_Caballero: but then you can't raise your own hand, which gets complicated if you're an opinionated host :D

David Huseby: still not scalable  ; )

Oliver Terbu: Ack jonathan

Rouven Heck: Not on Bitcoin ;)

David Huseby: true. ; I keep coming to the conclusion that bitcoin is only useful for two things: 1) storing data that cannot be changed by governments/corps and 2) a cryptographically secure source of “not before” time stamps for things like non-revocation proofs.

mitfik: why Bitcoin and noth Eth? or overall permissioneless ledger ?

Jordan McKinney: All of which (and more) can be done on Ethereum

Oliver Terbu: +1 eth

David Huseby: 🤷🏻‍♂️ incentive structures are different

mitfik: so you saying that Bitcoin have the "best" incicentive ? ; for that specific purpose?

David Huseby: no. but bitcoin is simpler. that’s more attractive to me for security things ; I don’t know which incentive structure is better.

Jordan McKinney: Imo bitcoin security is long-term unsustainable, which is a problem

David Huseby: I’m not a bitcoin shill. not going to argue for them. not sure I understand how you can to that conclusion tho ; how you came to that conclusion...

Jordan McKinney: https://medium.com/coinmonks/bitcoin-security-a-negative-exponential-95e78b6b575

I wrote several posts on the issue ^ ; That’s the first ; Tl;dr hard cap on issuance means all miner revenue has to come from fees which are much lower, less certain, etc

By_Caballero: breaks are optional-- something tells me this group is gonna stay until the bottom of the hour and have to be hosed down like rabid dogs :D

Oliver Terbu: yep, 3 slides left, then we could use the remaining time for all the rabbit holes :)

By_Caballero: sorry, i think I just had a stroke when martin said "recursive"

John Hopkins: What are some of the active implementations?

Kyle Den Hartog: Loopring has been working on one for DEXs  ; It’s not DID focused, but does build on the ZKRollup structure  ; This zksync? https://github.com/matter-labs/zksync

Steven Wilkinson: https://minaprotocol.com/docs/snapps

Kyle Den Hartog: Has anyone looked to build a smart contract with go then? ; At least that you’ve heard of? ; Sorry, not with go with Hyperledger fabric and chaincode ; Thinking about it in the case of securekey

Oliver Terbu: I guess we don’t need the raise hand feature anymore

John Hopkins: quick clarification on terminology when we say rollup, do we just mean any sort of layer 2 network?

Rouven Heck: please ping us - if you are interested to follow up, or want to discuss anything in more detail in futures session: rouven.heck@mesh.xyz ; martin.riedel@mesh.xyz

Jordan McKinney: I believe “rollup” is a specific method of taking a large collection of transactions and created a proof that sort of “contains” all the transactions in a compressed way. The transaction data is not actually contained in the roll-up, so I don’t mean a literal compression. The act of collecting tx’s and creating the rollup can all be done off-chain though, so that is essentially layer 2 and chain agnostic I think

By_Caballero: :flex emoji:

By_Caballero: whoa john is calling from another room in rouven's house

Kyle Den Hartog: Vitalik " ; “The etheream guy”  ; ethereum*

Tobias Looker: Thanks guys cool proposal!

Jeff Orgel: Thx!

Tobias Looker: Do you have a link to the slides?

Kyle Den Hartog: Yeah seems like a cool proposal

Michael X Shea: thx~

Oliver Terbu: Yes, will be provided in the notes

Tobias Looker: Thanks!

balazs (DIF): Thanks!