3E/ Better DID Mehtods with Zero Knowledge Proofs (ZKPs)? - Privacy Preserving, Globally Verfiable DIDs
Better DID Methods with Zero Knowledge Proofs (ZKPs)? - privacy preserving, globally verifiable DIDs
Convener: Rouven Heck, Martin Riedel
Notes-taker(s): Oliver Terbu
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
David Huseby: 😂
Oliver Terbu: Pls raise hands if you have questions
David Huseby: too many fucking did methods; most will never be used
Tobias Looker: Haha too true
David Huseby: running a universal resolver is way too hard
mitfik: 77 is not a lot ;)
Oliver Terbu: We have so many, so I need to create a new to rule them all
bsuichies: Is there a link to this presentation?
mitfik: but so true and hoping that KERI would solve that by going into did: without need for a method
David Huseby: any ledger that requires significant resources to be able to resolve DIDs against them are no better than a corporate identity silo
Oliver Terbu: @bsuichies: yes, will be provided
Tobias Looker: IMO the DID method registry is more of a social tool, to get people thinking about the same stuff together in one room
mitfik: KERI is blockchain is DLT less :)
Kyle Den Hartog: “BuT HaVinG mORe DiD MetHOds MaKeS thEm MoRE DeCENtrAliZeD”
David Huseby: there will be one did methods everybody will use because it will have preferential attachment; like how google won
From By_Caballero: ^ :(
mitfik: KERI is globaly verifiable is matter of witnesses around
From By_Caballero: did:wtf
David Huseby: the cost of supporting another did methods will be enough that implementors of VC systems will only support one, maaaaybe two.
balazs (DIF): fair point
David Huseby: and they won’t be any methods that require running a full blockchain node
bsuichies: @david: define implementors of vc systems
David Huseby: so not bitcoin. not ethereum. not Indy. not any shitcoin. Any engineers building systems that accept verifiable credentials/containers for authentication/authorization
bsuichies: @rouven someone is stealing your furniture!
From Tobias Looker: Hahaha
David Huseby: for example a covid credential checking device+system for airport security
bsuichies: verification or issuance? or both?
David Huseby: both
Oliver Terbu: Airport security will use digital travel creds (DTC). I was just on a call where ICAO presented that.
David Huseby: the VC economy is about accepting VCs and then monetizing credential issuance; @Oliver there is no winner yet
Oliver Terbu: I know
David Huseby: I know of at least six different efforts that have different levels of government and corporate support
Oliver Terbu: ICAO issues passports; Ok, not ICAO
bsuichies: so if keys remain in hardware, wallets are going to be the critical element.. seems pretty difficult in an open standards, interoperable world
Ryan Faulkner: keys remaining in hardware will have implications for portability :/
bsuichies: yeah, we're basically back to individual apps and siloes
Nader Helmy: yeah that's a difficult one. rotate everything everytime you move?
By_Caballero: MPC and threshold signatures, easy! <ducks>
bsuichies: how is an issuer going to prevent issuance to a wallet that he does not approve of, if the wallet is properly interoperable
Dan Bachenheimer: ICAO issues ePassports and will issue DTCs; they both require a centralized PKD and they both can be used to create a derived credential; specifically, a verifiable credential
Nathan_George: My device management and message routing shouldn’t be my peer’s concern
Charles Cunningham: Keris rotation model would allow you to rotate and identifier to another hardware module, so to say, by rotating to the keys within
Oliver Terbu: ICAO standardizes passports through ISO and provides guidance/regulations. The countries are issuing passports.
By_Caballero: your freedom to swing your fist ends at my security needs and nose, nathan
camparra: Shouldn’t you also be adding changing crypto algorithms for keys?
Oliver Terbu: My hope would be that they choose VCs as their DTC containers
balazs (DIF): that would be HUGE! @oliver
Nader Helmy: +1 Charles, I think the difficult part would be enforcing that on a policy level as well as technical one, and do so in an interoperable way
bsuichies: zero-trust wallets
Nathan_George: @By_Caballero my point is that device rotation and message routing can be strongly correlating, I need the ability to limit that leakage, but yes, you still need to know “it is me”, but granularity beyond that is dangerous to the entity model
camparra: Eh that’s cool and all but you have to be able to upgrade crypto
Dan Bachenheimer: ISO standards wrt ICAO define air interface protocols, security, and biometric quality
camparra: KERI doesn’t do that
By_Caballero: @Nathan, I was kidding, but your clarification was super useful, thanks!
camparra: Nor do most wallets
Oliver Terbu: @Dan: yes
bsuichies: Observation: in the physical world the wallet is not secured, and the credentials and tokens are secured
bsuichies: that's pretty scalable. and portable
Kyle Den Hartog: For encryption keys we could use the tree-kem structure being developed for MLS to agree on a symmetric key, but that’s a rabbit hole for another day :)
Andrew Whitehead: treekem does seem nice, especially for smaller groups
camparra: That’s assuming symmetric key encryption will forever hold it’s security @kyle
Kyle Den Hartog: Symmetric is unlikely to be broken by quantum computers because most ciphers are just one-time pads with a way to consistently expand the key
bsuichies: @kyle: 5 dollar wrench
Kyle Den Hartog: The unsolvable problem best left out of scope
Tobias Looker: Yeah lots of the ZKP’s schemes have a massive amount of public parameters required on setup too
Tobias Looker: Which is something that many people tend to ignore the complexity it introduces
Oliver Terbu: @David: could you pls lower your hand
David Huseby: yup
Oliver Terbu: ty
By_Caballero: ^FFR I believe multiple people can claim host simultaneously, and hosts can lower people's hands for clarity of queue :D
Oliver Terbu: :)
By_Caballero: but then you can't raise your own hand, which gets complicated if you're an opinionated host :D
David Huseby: still not scalable ; )
Oliver Terbu: Ack jonathan
Rouven Heck: Not on Bitcoin ;)
David Huseby: true. ; I keep coming to the conclusion that bitcoin is only useful for two things: 1) storing data that cannot be changed by governments/corps and 2) a cryptographically secure source of “not before” time stamps for things like non-revocation proofs.
mitfik: why Bitcoin and noth Eth? or overall permissioneless ledger ?
Jordan McKinney: All of which (and more) can be done on Ethereum
Oliver Terbu: +1 eth
David Huseby: 🤷🏻♂️ incentive structures are different
mitfik: so you saying that Bitcoin have the "best" incicentive ? ; for that specific purpose?
David Huseby: no. but bitcoin is simpler. that’s more attractive to me for security things ; I don’t know which incentive structure is better.
Jordan McKinney: Imo bitcoin security is long-term unsustainable, which is a problem
David Huseby: I’m not a bitcoin shill. not going to argue for them. not sure I understand how you can to that conclusion tho ; how you came to that conclusion...
I wrote several posts on the issue ^ ; That’s the first ; Tl;dr hard cap on issuance means all miner revenue has to come from fees which are much lower, less certain, etc
By_Caballero: breaks are optional-- something tells me this group is gonna stay until the bottom of the hour and have to be hosed down like rabid dogs :D
Oliver Terbu: yep, 3 slides left, then we could use the remaining time for all the rabbit holes :)
By_Caballero: sorry, i think I just had a stroke when martin said "recursive"
John Hopkins: What are some of the active implementations?
Kyle Den Hartog: Loopring has been working on one for DEXs ; It’s not DID focused, but does build on the ZKRollup structure ; This zksync? https://github.com/matter-labs/zksync
Steven Wilkinson: https://minaprotocol.com/docs/snapps
Kyle Den Hartog: Has anyone looked to build a smart contract with go then? ; At least that you’ve heard of? ; Sorry, not with go with Hyperledger fabric and chaincode ; Thinking about it in the case of securekey
Oliver Terbu: I guess we don’t need the raise hand feature anymore
John Hopkins: quick clarification on terminology when we say rollup, do we just mean any sort of layer 2 network?
Rouven Heck: please ping us - if you are interested to follow up, or want to discuss anything in more detail in futures session: firstname.lastname@example.org ; email@example.com
Jordan McKinney: I believe “rollup” is a specific method of taking a large collection of transactions and created a proof that sort of “contains” all the transactions in a compressed way. The transaction data is not actually contained in the roll-up, so I don’t mean a literal compression. The act of collecting tx’s and creating the rollup can all be done off-chain though, so that is essentially layer 2 and chain agnostic I think
By_Caballero: :flex emoji:
By_Caballero: whoa john is calling from another room in rouven's house
Kyle Den Hartog: Vitalik " ; “The etheream guy” ; ethereum*
Tobias Looker: Thanks guys cool proposal!
Jeff Orgel: Thx!
Tobias Looker: Do you have a link to the slides?
Kyle Den Hartog: Yeah seems like a cool proposal
Michael X Shea: thx~
Oliver Terbu: Yes, will be provided in the notes
Tobias Looker: Thanks!
balazs (DIF): Thanks!