zkMe Self-Sovereign Identity
zkMe Self-Sovereign Identity empowers users with full control over their credentials, blending privacy, security, and decentralization to transform how identity verification is performed.
Last updated
zkMe Self-Sovereign Identity empowers users with full control over their credentials, blending privacy, security, and decentralization to transform how identity verification is performed.
Last updated
As an evolution of the roles needed for SSI, zkMe defines Roles with new interactions.
Issuer: In contrast to the traditional SSI concept, zkMe splits the Issuer role into a trusted Credential Issuer that issues verified credentials and verified presentations.
Credential Issuer: Refers to governmental or financial entities or organizations that issue physical or digital credentials (such as Passports or ID cards) to individual Holders. This role is equivalent to the role of the Issuer within the traditional SSI concept.
ZKP Issuer: A unique concept introduced by zkMe, where a trusted issuer program runs locally on the Holder's device. It utilizes trusted cryptographic setups and open-source, audited algorithms to process the Holder's credentials and generate VPs in the form of ZKPs. zkMe enables eligibility proofs, which are ZKPs that the Holder meets the criteria set out by the Verifier to provide access to the requested service. By leveraging the information in VC, eligibility proofs allow for authentication without disclosing the actual information itself to anyone. For example, a proof can demonstrate that the Holder is of a certain age, is a domestic resident, not on a sanctions list, or not a politically exposed person. This innovative approach to identity verification not only improves privacy and security, but also increases efficiency and convenience for businesses and users alike.
The security of a cryptographic protocol is of paramount importance, especially in the case of zkMe network which is based on zero-knowledge proofs (ZKPs). A robust security model is essential to ensure the protocol's resistance against potential attacks. This chapter presents the ideal functionality for zkMe along with its security goals and security proofs.
Holder: This role remains mostly unchanged from the one proposed in the SSI concept. Refers to individuals that hold VC that can be used for various purposes such as accessing services, proving identity, or providing proof of qualifications or certifications. Holder can use their VC to access various services without the need for repeated identity verification. With zkMe, a Holder can trust that their credentials are proven to a Verifier without disclosing private details.
Verifier: Verifiers check the authenticity and correctness of a VP claim without the need for the Holder of the credential to reveal sensitive personal information. The Verifier checks the proof against a set of rules or criteria, such as checking that the proof is cryptographically secure and that it matches the information stored on the blockchain. If the proof is valid, the Verifier can be confident that the information provided by the holder of the credential is accurate without having knowledge of the underlying information itself. The Verifier can check the proof against a set of rules or criteria, such as verifying if the user is of legal age or a resident of a particular jurisdiction, without actually processing the Holder's personal information.
Regulator: The goal of the regulator role in a process, like zkKYC, remains unchanged; materially, it is, however, given a direct role in keeping the data of the Holder private. As the Regulator holds one of three key shards required to uncover a Holder's identity, none of the stakeholders involved (incl. the regulator itself) can remove the veil of Holder anonymity on their own.
zkMe SBT: In zkMe’s model, the verifiable data registry is replaced by an SBT asset stored on public distributed ledgers, pointing towards decentralized storage containing the ZKPs. In contrast to typical SSI implementations, only anonymized VP claims are stored, claims are explicitly designed to not allow for indirect Holder identification, and are only accessible to authorized stakeholders. The zkMe SBT token revolutionizes the way we handle identity and credentials in the web3 ecosystem. The zkMe SBT is the on-chain representation of a Holder's Identity. It contains their DID, ZKP, and one of three key shards used to encrypt and protect the raw data of the holders.
