Please describe your proposed solution
We are seeking 150,000 ADA to fund initial POC development, with the goal of creating a zero-knowledge identity (zkID) wallet that can serve as the foundation for privacy-preserving identity management in DeFi, governance, cross-chain applications and more.
Problem Statement
Current decentralized identity solutions on Cardano lack the ability to provide complete privacy for managing decentralized identifiers (DIDs) and verifiable credentials (VCs). Users are forced to disclose unnecessary personal data during verification, which poses significant privacy risks, especially in applications like DeFi and governance. Additionally, existing wallets are not optimized for user control, selective disclosure, or the integration of privacy-enhancing technologies like Zero-Knowledge Proofs (ZKPs).
Proposed Solution
The zkID Wallet will provide a privacy-preserving wallet for users to manage their DIDs and verifiable credentials on Cardano, leveraging zk-SNARKs through Midnight for secure and private identity verification. This wallet will allow users to store, manage, and selectively disclose identity credentials without exposing sensitive personal information, ensuring privacy in decentralized applications (dApps).
<u>=> Wallet Components</u>:
a. Midnight Sidechain (Privacy Layer)
Midnight is the privacy-focused sidechain of Cardano, enabling privacy-preserving smart contracts with enhanced confidentiality through ZKPs. It will serve as the ZKP engine to ensure that zkID preserves privacy while still meeting identity verification requirements. It includes the following functionality:
- Generation and verification of zk-SNARK proofs.
- Execution of transactions where identity data needs to be shielded.
- Coordination with the main Cardano chain for off-chain data references and verifications.
b. Indentus (Atala Prism-based DID Layer)
Indentus manages the identifiers and VCs:
- Issuance of DIDs and verifiable credentials.
- Integration with trusted issuers (such as banks, governing bodies, universities) to create identity credentials.
- Managing selective disclosure of identity attributes using zk-SNARK proofs generated by Midnight.
- Storing encrypted credentials on off-chain storage solutions while referencing them through the main chain.
c. Aiken Smart Contracts (Execution Layer)
Aiken will manage the identity verification and credential revocation process in a privacy-preserving manner:
- Verification of zk-SNARK proofs generated by users during identity verification requests.
- Logic for managing credential lifecycle (creation, updates, revocation) via smart contracts.
- Minimal gas fees and efficient execution due to Aiken’s resource-efficient nature.
<u>=> Architecture and Process Flow</u>:
Step 1: Identity Issuance (Credential Creation)
- User creates a Decentralized Identifier through Indentus.
- Issuer (Trusted Entity e.g., government, bank or other authority) verifies the user’s real-world identity and issues a VC through Indentus.
- Midnight generates a zk-SNARK proof for the credential, ensuring that the user’s identity is privately verified and the data remains confidential.
- The verifiable credential is stored off-chain as encrypted data, with a cryptographic hash stored on the Cardano blockchain for reference.
- The corresponding DID and reference to the credential are stored on Aiken smart contracts to track credential validity.
Step 2: Selective Identity Proofing (Selective Disclosure)
- When a user needs to prove a specific attribute (e.g., age, nationality) without revealing full identity details, they generate a ZKP using their zkID wallet.
- The ZKP, generated by Midnight, confirms the specific attribute without disclosing the user’s entire credential or personal data.
- The ZKP is sent to a verifier (e.g., a DeFi platform, healthcare service, etc.), who interacts with the Aiken smart contract to validate the proof.
- Aiken smart contracts validate the proof by checking it against the credential’s cryptographic hash and DID stored on the Cardano blockchain.
Step 3: Credential Verification and Revocation
- Verification: If the proof is valid, the smart contract confirms the user’s claim (e.g., age over 18) without revealing any sensitive information.
- Revocation/Update: If a user’s credential needs to be revoked (e.g., if an issuer deems it invalid), the issuer updates the Aiken smart contract, marking the credential as revoked.
- A Merkle tree structure can be used to track revocations efficiently. Each ZKP will reference this tree to ensure the credential is still valid.
- The zkID wallet fetches the updated state and informs the user if their credentials are no longer valid.
<u>=> User Interface (UI) Overview</u>
1. Dashboard:
- A simplified dashboard displaying key information such as the user’s DIDs, active credentials and status of recent verifications.
- Users will have an overview of the number of credentials, their validity and any expiring soon.
2. Selective Disclosure:
- Easy-to-use toggles and sliders that allow users to selectively disclose specific attributes (e.g., proving they are over 18 without sharing their birthdate). The system will guide the user in generating zk-SNARK proofs for these attributes.
- A simple “Generate Proof” button for each credential, ensuring users can create ZK proofs effortlessly.
3. DID and VC Management:
- Issue, revoke, or update credentials directly from the wallet, with clear indicators showing the status (valid, revoked, or expired) of each credential.
- Visual cues for off-chain storage, showing how sensitive data is encrypted and securely stored.
4. Privacy Features:
- Private key management tools to securely store and manage users’ keys for their DIDs and credentials.
- Security alerts for credentials nearing expiration or that have been revoked, ensuring users can take timely action.
5. Integration with dApps:
- A built-in dApp browser for users to interact with DeFi, governance platforms, and other decentralized applications, seamlessly connecting to the zkID Wallet for identity verification.
- When interacting with dApps, the wallet will automatically suggest the most appropriate credentials or proofs to use based on the dApp’s requirements.
=> Why this proposal is unique:
- Unlike current solutions, the zkID Wallet uses zk-SNARKs to enable selective disclosure, allowing users to prove identity attributes (e.g., age, nationality) without revealing unnecessary personal data.
- The zkID Wallet is designed to integrate easily with DeFi and governance platforms, providing users with secure and private identity verification without disrupting existing processes.
- By leveraging Midnight and Aiken, users can manage DIDs and VCs while ensuring maximum privacy and security through zk-SNARKs and off-chain storage.
=> Related Proposal
We have proposed a complementary but independent proposal in the challenge "Developers" (https://cardano.ideascale.com/c/idea/129732)which will develop a protocol to handle the broader infrastructure for cross-chain reputation and credential management, which would allow this wallet to integrate into a wider ecosystem without requiring direct dependencies. Both proposals work independently of each other, but if both are funded, the scope of this POC can be further expanded.