zkMe DID Method

zkMe DID Method

The zkMe DID method library uses Ethereum addresses as fully functional DID's or Decentralized identifiers. Third-party users can use this to create zkMe DID identities. It allows the controller to perform actions like resolve, update, and delete by encapsulating the zkMeDID registry and zkMeDID resolver. The DID identifier allows the controller to resolve the DID document for usage in different scenarios.

Preface

The zkme-did method specification is in compliance with the DID requirements specified by the W3C Credentials Community Group. For a more detailed understanding of DID and other DID method specifications, please refer to this resource.

Abstract

The zkMe DID method allows any Ethereum key pair account to become a valid identity. For registration of the DID Document, a smart contract has been deployed on Zetachain testnet (more are coming) address specified at registry-contract (zkMe GitHub).

Target System

The zkme-did-registry contract currently is deployed on

  • ZetaChain Athens-3 Testnet

DID Method Specific Identifier

For the zkMe DID representation, the MSI (Method Specific Identifier) is an Ethereum address, which can also be called a Hex-encoded secp256k1 compressed public key.

The DID URI for zkMe specific DID method is: 'zkme'. A DID URI on Zetachain testnet will entail a prefix of order "did:zkme:testnet".

DID looks like on Zetachain testnet

did:zkme:testnet:0x2acE1D0d919293D10Ef7611bC768F5386d908fc2

DID looks like on Zetachain mainnet

did:zkme:0x2acE1D0d919293D10Ef7611bC768F5386d908fc2

DID On-Chain

Every DID on the chain has the same structure, defined as:

struct zkMeDID {
        address controller;
        uint created;
        uint updated;
        string doc;
}

Where,

  • controller: the address of the person who creates and manages the DID.

  • created: holds the timestamp of the block when DID was created.

  • updated: initially holds the timestamp of when the DID was created, but is updated if the controller updates the DID on the chain.

  • doc: holds the entire DID document in the form of a string.

Transaction Fee

To register a DID on the Zetachain platform, a small fee in the form of gas will be required. This gas fee is paid in Zetachain's native token, the AZETA token.

Transactions involving Create, Update, and Delete operations will require a transaction fee.

DID Operations

To create a zkMe DID, the user is required to either hold a public key or an Ethereum wallet.

Next, the user will initiate a call to the registerDID function with the generated DID URI and other parameters such as contract address and RPC URL (for chain identification). The function will create a corresponding DID Document in the format below and log it on the chain.

{
        "@context": "https://w3id.org/did/v1",
        "id": "did:zkme:testnet:0x2acE1D0d919293D10Ef7611bC768F5386d908fc2",
        "verificationMethod": [{
                "id": "did:zkme:testnet:0x2acE1D0d919293D10Ef7611bC768F5386d908fc2",
                "type": "EcdsaSecp256k1VerificationKey2019",
                "controller": "did:zkme:testnet:0x2acE1D0d919293D10Ef7611bC768F5386d908fc2",
                "publicKeyBase58": "7Lnm1frErwLwwZB1x2XbweLauYJpAZBjGxAXk55u248DEGGKF62apu9QuekaE3d7jMUUeHjk2F4sSYqKF3oeQ6b3ZLuMb"
        }]
}

Register

Register of DID is done by logging the transaction on the zkme-did-registry smart contract, by invoking

import { registerDID } from "zkme-did-registrar";
const txHash = await registerDID(did, publicKey, signerOrProvier, url?, contractAddress?);

The function returns a txhash and DID uri on successful execution.

Update

The DID controller requests for the update functionality, if the controller wishes to edit the did doc store on the ledger using

import { updateDidDoc } from "zkme-did-registrar";
const txHash = await updateDidDoc(did, didDoc, signerOrProvier, url?, contractAddress?);

Delete

The owner of a DID document has the authority to control the instance of the document on the chain. To maintain true ownership, the network allows the user to delete their instance of the DID document from the blockchain at any time. It's important to note that only the owner or controller of the DID document will have permission to delete the instance.

To remove the instance of DID from the ledger, use as follows

import { deleteDidDoc } from "zkme-did-registrar";
const txHash = await deleteDidDoc(did, signerOrProvier, url?, contractAddress?);

Resolve

To resolve a DID, you need to fetch the DID document registered on the chain. When you query the resolver with a DID, it returns the associated DID document. The resolver sends out a query to fetch the registered DID document from the chain. This document can then be used for signing or verification purposes.


Security Considerations

To improve security, all transactions to register, update, or delete a DID on Zetachain are signed using key pairs generated by the secp256k1 algorithm. If there are any vulnerabilities in this algorithm, they could also be reflected in the zkMe DID method protocol. Additionally, to further enhance security, the zkMe DID method implementation only stores the DID document on the blockchain with valid timestamps.

Privacy

In terms of privacy, a DID is pseudonymous. However, the user needs to note that since the DID zkMe is registered on a decentralized chain, it can not be fully revoked. Additionally, once a DID document is registered, only the owner of the DID can update or revoke it as a privacy measure.

Reference Implementation

The users who wish to have a DID on ZetaChain, are expected to use the reference implementation of zkme-did-registrar and zkme-did-resolver to register and resolve zkMe based DID's on the chain.