Identity Verification Methods in MCP v2
As a key component for the vision of Litentry, MCP is an pilot off-chain version for the decentralized identity aggregation. Although it’s a centralized service, it still inherits the verifiability of on-chain identity and tends to take the most transparent identity verification methods for the attestation of a user’s ID graph ownership.
Web3 address verification
MCP verifies cryptographic address by validating signatures. The user will be asked to sign a message that claims its joint ownership over a new address and the underlying ID graph that the address is being linked to with the wallet of that new address, and the user session for the ID graph.
Example message:
Linking my address 0x8021c9a13a149e214ac8db7b5cc5382376bf5b18 on BSC with my address 0x6e97a66f5d57476582f6c130d2e00a25ee52e0b8 on EVM, and my json web token is eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkaWQiOiJkaWQ6bWNwOjB4NmU5N2E2NmY1ZDU3NDc2NTgyZjZjMTMwZDJlMDBhMjVlZTUyZTBiODpldm0iLCJhZGRyZXNzIjoiMHg2ZTk3YTY2ZjVkNTc0NzY1ODJmNmMxMzBkMmUwMGEyNWVlDWJlMGI4IiwiY2hhaW4iOiJldm0iLCJpYXQiOjE2NTUxMzgwMTUsImV4cCI6MTY1NTM5NzIxNX0.ZGaxearqkyu_00iqnk0ytB5YNgNEJqYh85VnfNRzcVU in mycryptoprofile.io, and the challenge code is: 2811944a0ffe2bd1ca587a2b2273ddf0.
Web2 Account Verification
The verification method of the Web2 platform account varies from platform to platform.
For public social media platforms
(Twitter, GitHub, Discord, etc.)
We adopt a public declaration method to verify identity, that is, a user needs to use his social network account to publicly declare the association of an crypto address to prove his control over the account and his willingness of linking this account to an ID graph.
Example message:
Linking my account Alice111 on Twitter with my address 0x6e97a66f5d57476582f6c130d2e00a25ee52e0b8 on EVM in mycryptoprofile.io, and the challenge code is: 370d30e57ecd8a3e32fafa6a21326ca8. #LitentryVerifyMyAddress
It is worth noting that this declaration message will expose one of the user’s addresses. In order to achieve verifiability, we did this tradeoff and this privacy flaw is unavoidable in the version. This will be solved in the subsequent versions when MCP integrates with the Litentry Parachain and the declaration message will be encrypted by the Litentry TEE.
💡Workaround: to avoid exposing your address in Web2 account verification, you can create a new address in your wallet and link it to your ID graph, and then use this new address to link your Web2 account. MCP allows controlling your account using any crypto address in your ID graph.
However, in order to achieve better data availability, the adoption of the OAuth authentication scheme for the Web2 platforms is also being discussed.
For privatized and semi-privatized platforms
(Discourse, Gmail, Mastodon, etc.)
MCP uses verification code to verify user identity. Because privatized and semi-privatized platforms usually have their own independent account systems, we have no way to complete verification through public statements but to make compromise. The verification code method will require users to receive and reply to a verification code sent by us.
The decentralized version of this identity verification method is also being researched.
About My Crypto Profile
My Crypto Profile (MCP) is the PoC of the Litentry Aggregated Identity vision, providing a Web3 identity management product designed to allow users to aggregate and manage their identity data across blockchains and systems, while providing data access for 3rd party dApps to leverage user identity without compromising user privacy and anonymity.
