Polygon ID offers tools that allow developers to build self-sovereign, decentralized and private identity solutions for users that leverage zero knowledge proofs. Polygon ID was released as open source last March 2023 at ETH Denver. In this presentation, Otto Mora, BD Lead for Americas, and Oleksander Brezhniev, Technical Lead at Polygon ID, will be covering aspects of the did:PolygonID method including: Verifiable presentations leveraging ZK Proofs; How the Proofs are generated; Credential Issuance Methods; and Identity Management Features.
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
PolygonID Zero-Knowledge Identity Web2 & Web3
1. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
SSIMeetup.org
Zero-Knowledge Identity
for Web2 & Web3
Otto Mora
@OttoMorac
2. 1. Empower global SSI
communities
2. Open to everyone interested
in SSI
3. All content is shared with CC
BY SA
Alex Preukschat @SSIMeetup
@AlexPreukschat
James Monaghan
@james_monaghan
Coordinating Node
SSIMeetup.org
SSIMeetup objectives
3. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
Agenda - Polygon ID
● Intro
● Polygon ID: Verifiable presentations leveraging ZK Proofs
● did:PolygonID overview:
○ How ZK Proofs are generated
○ Credential Issuance Methods
○ Identity Management Features
○ Merkle Trees and Claims Revocation
● What is available today?
● Q&A
5. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
Verifiable Presentations leveraging ZK Proofs
Polygon ID is a user-centered proving system which aims to make all interactions Private by default
Credential is an open and
verifiable standard that can
represent any identity
information.
(For example: date of birth
Jan 1, 1983)
Owner of the credential can
prove to another party that a
credential is true, without
revealing any information
beyond the validity of the
credential itself using
zkSNARK cryptography.
Verifier can request any proof of the
information contained in the identity
credential (using the zkQuery
Request Language) and obtain
guaranteed correctness without
access to the private credential.
(For example: is the credential owner
older than 18 years? Y/N)
Verifiable
Credential
7. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
Verifiable Presentation
Issuer
Polygon ID - DID Method supporting VCs
Holder
(Wallet)
Verifier
DID Registry + Claims and Revocations Merkle Tree Roots
Verifiable Credential 1
JSON-LD Iden3 Claim
…
Record identity states
…
Verify identity states
presented match the
ones published
Verifiable Credential 2
JSON-LD Iden3 Claim
Verifiable Credential N
JSON-LD Iden3 Claim
Note: JWZ is Json Web Zero
Knowledge, a form of modified JWT
did:polygonid - Privacy preserving verifiable credentials method, selective and private disclosure of specific data
attributes without revealing the user's main identifier.
JWZ with a Proof of
a zk Query request for
Verifiable Credential 1
Get latest
identity states
JWZ with a Proof of
a zk Query request for
Verifiable Credential 2
JWZ with a Proof of
a zk Query request for
Verifiable Credential N
8. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
Covid Passport ID Personal information ...
...
User
information
Credential
Signature
Proof
generation
and
validation
Finally, the user generates a proof using his wallet.
Verifier validates information by only using the BJJ
signature generated previously by the Issuer.
Participants
Events
Milestone
User provides information
and Issuer validates it and
generates the "credential"
Generated by Issuer using
the Polygon ID technology
User and Verifier
“SIG Method”: Issuance of Credentials with Baby JubJub
(BJJ) Key Signatures
The credential is not
added to the Issuer’s
Merkle tree, instead a baby
jub jub (BJJ) signature is
used which is then verified
upon presentation.
After the initial issuer state
has been published
on-chain; it is free to issue
claims off-chain (similar to
did:ethr).
The credential is not added to the Issuer’s Merkle
tree, instead a babyjubjub (BJJ) signature is added to
the credential.
9. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
By means of a zk Proof one party (the User or
Prover) can prove to another party (the Verifier)
that a given information is known, without
conveying any additional information that is not
essential to an interaction.
The protocol ensures that the zk Proof
information can only be verified by the recipient if
the actual information being proven does exist,
without the need to share the concrete
information.
“MTP Method”: Issuance of Credentials with
Claims Merkle Tree (Merkle Tree Proof)
Covid Passport ID
Unique Root Hash generated based on the information
provided in the Merkle Tree.
Personal information ...
...
The validation of the proof is done against the
Hash published on-chain NO personal
information is shared with the verifier at any time
hence, the privacy is preserved.
This method enables smart contracts to issue
credentials.
User
information
Merkle Tree
Hash
published
on-chain
Proof
generation/
validation
Finally, the user generates a proof using his wallet.
Verifier validates information against hash generated
previously by Issuer or delegated party.
Participants
Events
Milestone
User provides information
and Issuer validates it and
generates the "claims"
(leafs) of the Merkle Tree.
Generated by Issuer using
the Polygon ID technology
User and Verifier
Generated by Issuer using
Polygon ID technology
10. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
did:PolygonID - Identity Management
Profiles for identities: users can have
as many identifiers (or dids) as they like
• Default behavior: anonymous
random identifier generated for each
interaction
• User can decide to select a
permanent identifier for interactions
with a verifier
• Identity Profiles allow users to hide
their Genesis Identifier during
interactions. Instead, users will be
identified by their Identity Profile.
Kevin Wendell Crumb
Hedwig Dennis Patricia The Beast
11. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
Splitting keys from Identities:
did:PolygonID - Identity Management
• Support for multiple keys and key rotation
• Sybil resistance, Proof of uniqueness, and
one-person-one-vote through the use of
nullifiers
• A history of the profiles used is kept by the
user locally in their identity wallet
Hedwig
Profile
12. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
Messaging Protocol
did:PolygonID - Additional Features
• Support for message based communication protocol
(“iden3comm” adapted from didcomm)
• Communication is transport agnostic and does not
need require the usage of https (like Open ID / Oauth
does)
Additional features:
• Smart contracts can verify credentials that were issued off-chain
and on-chain
• Smart contracts can act as issuers of credentials (“MTP” type
credentials)
Communication could take place over bluetooth
13. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
• Claims can be issued by the identity holder (and
added to the claims tree when issued using the
MTP method, more on this later)
• Each claim has a unique “revocation nonce”
which can be used to revoke the claim (more on
revocation later)
did:PolygonID - Claims tree
Claims Tree:
Claims Tree may hold:
• Keys
• Credentials issued
14. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
Identity State Contract:
• Initially identities are in genesis state, where their
state can be proven directly with the identifier.
• The identity states are all published in a "global
identity state tree" (sparse merkle tree) on chain.
Proofs can be provided to demonstrate that one
of the identities is being used without revealing
which one.
• A smart contract is kept up to date with the
information of the identity state (more on this
later). The smart contract also has check of state
transition function, needed to update the identity
state and verify correctness of the transition.
did:PolygonID - Identity State
Global Identity State
Tree (GIST)
ID
State1
ID
State2
ID
State3
Key /
Value pairs
Key: Path to Leaf
Value: Identity State
ID
StateN
ID
State4
ID
State5
ID
State6
ID
State7
…
15. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
The identity state is a hash of the
three merkle trees, which
themselves are a hash of:
the claim tree
the revocation tree
the roots tree
15
Polygon ID Identity State stored on-chain
1
2
3
did:PolygonID - Merkle Trees and identity State
16. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
The revocation tree specifies
which claims have been revoked
The information revealed is only the unique
identifier of which claims have been
revoked.
The revocation tree is composed of the
revocation nonces (unique revocation
numeric identifier for the claims) and is
stored in a public file storage such as
Amazon S3, IPFS, Filecoin or similar).
16
Revocation data stored publicly
did:PolygonID - Claims Revocation
17. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
Contrasting usage of Zero Knowledge Proofs in Identity
Feature Polygon ID Anon creds BBS+
ZK Proof type Groth16 SNARKs (STARKs to be used
in the future)
CL-RSA (requires larger keys for security) BBS+ Signature scheme
Keys Baby JubJub (BJJ, lightweight for
mobile devices)
“link secret” for identity binding,
RSA for CL-RSA signatures
BLS12-381
Selective Disclosure Yes Yes Yes
Predicate Proofs Yes Yes No
Private non-
revocation proofs
Yes, using Sparse Merkle Trees.
Computational and storage efficiency.
Yes, using Crypto accumulators (CKS scheme).
Very computationally heavy and storage
demanding.
No
Credential Issuance Issued in VC format against identifier.
Non-interactive. Can be generated from
a mobile device or a server.
Issued in custom format against link secret
commitment. Requires interaction with identity
holder. Computationally heavy
Issued in VC format
against identifier.
Non-interactive
Blockchain EVM compatible HyperLedger Indy -
On-chain verifiability Yes No No
18. https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup.org
Polygon ID - @OttoMorac
What is available today?
Our
technology
Our
Partners
For Users: For Issuer: For Verifiers:
Polygon ID App Mobile solution to
manage identity, claims and generate
zkProofs.
• Issuer Node
Enables issuers to issue
credentials, revoke /
update credentials, and
manage keys.
Verifier Library Integration
• Proof validation:
-off-chain → libraries in golang +
javascript
-on-chain → smart contracts
(solidity) to interact with
SDKS for Wallet Apps: Mobile SDK in
Flutter, and Javascript SDK.