Overview of the European Digital Identity Wallet & Initiative

Introduction

The president of the European Commission, Ursula von der Leyen, noted:

“Every time an App or website asks us to create a new digital identity or to easily log on via a big platform, we have no idea what happens to our data in reality. That is why the Commission will propose a secure European e-identity. One that we trust and that any citizen can use anywhere in Europe to do anything from paying your taxes to renting a bicycle. A technology where we can control ourselves what data is used and how.” [1]

This identity is envisioned to live in a digital wallet (henceforth the European Digital Identity Wallet or the EDIW) available on a mobile and other devices providing a convenient and safe way to manage the amount of information one wants to share with applications that require it.

The eID has a wide range of applications that will reduce the burden of documentation handling for Europeans. Examples include the opening of bank accounts, the use of medical prescriptions across Europe, university applications, providing birth, medical, and other certificates, or just proving one’s age.

Envisioned EDIW Functionality

Overview

In short, EDIW should allow users to store and manage identity data credentials and attributes. It should have a transaction history feature that tracks all transactions executed through the wallet, and it should allow for ZKP verification of claims inferred from personal data identification or attestation of attributes without having to provide the source data.

Furthermore, EDIW should also allow for electronically identifying and authenticating users online and offline across borders for accessing public and private services, and ensure the highest level of security for personal data used for identification and authentication, irrespective of whether such data is stored locally or on cloud-based solutions. It should technically enable the selective disclosure of attributes to relying parties, thereby reinforcing user control, convenience, and personal data protection.

In Detail

1. EDIW: ‘European Digital Identity Wallet’ means a product and service that operates like electronic identifications means and that allows the user to store and manage identity data credentials and attributes linked to her/his identity, to provide them to relying parties on request, to create qualified electronic signatures and seals, and to use them for identification and authentication, online and offline, for accessing public and private service in accordance with Article 6a; (p 26–27, Article 3 — paragraph 1 — point 42 2)
2. Transaction history: The European Digital Identity Wallet should have the function of transaction history embedded into the design. Such a function should allow the user to track all transactions executed through the wallet, with at least the following data: the time and date of the transaction, the counterpart identification, the data requested and the data shared. That information should be stored even if the transaction was not concluded. The information contained in the transaction history should be nonrepudiable for any legal purpose. Such a function should be active by default. (p 12, Recital 6a, 3)
3. ZKPs for privacy and selective disclosure: Zero Knowledge Proof (ZKP) allows verification of a claim without revealing the data that proves it, based on cryptographic algorithms. The European Digital Identity Wallet should allow for verification of claims inferred from personal data identification or attestation of attributes without having to provide the source data, to preserve the privacy of the user of the European Digital Identity Wallet, while presenting a proof with legal effect. Such an approach would allow the holder to demonstrate, for example, that he or she is an adult or where he or she is located if that information is needed to access a certain service. In addition, ZKP could help fight against bots and disinformation attacks, as platforms could verify that an action on their platform (content, vote, comment, etc.) is executed by a real person located in the Union, while preserving the right to anonymity. (p 12, Recital 6b, 4)
4. Security and convenience: It is necessary to set out the harmonised conditions for the establishment of a framework for European Digital Identity Wallets to be issued by Member States, which should empower all Union citizens and other residents as defined by national law to share securely data related to their identity under the sole control of the user and to receive securely the data in a user-friendly way. Technologies used to achieve those objectives should be developed aiming towards the highest level of security, user convenience and wide usability. Member States should ensure equal access to digital identification to all their nationals and residents. (p 13, Recital 7, 5)
5. Online & offline use: All European Digital Identity Wallets should allow users to electronically identify and authenticate online and offline across borders for accessing a wide range of public and private services. Without prejudice to Member States’ prerogatives as regards the identification of their nationals and residents, Wallets can also serve the institutional needs of public administrations, international organisations and the Union’s institutions, bodies, offices and agencies. Offline use would be important in many sectors, including in the health sector where services are often provided through face-to-face interaction and ePrescriptions should be able to rely on QR-codes or similar technologies to verify authenticity. Relying on the level of assurance “high”, the European Digital Identity Wallets should benefit from the potential offered by tamper-proof solutions such as secure elements and state of the art encryption, to comply with the security requirements under this Regulation. The European Digital Identity Wallets should also allow users to create and use qualified electronic signatures and seals which are accepted across the EU. (p 15, Reticital 9, 6)
6. Storage and authentication: European Digital Identity Wallets should ensure the highest level of security for the personal data used for identification and authentication, irrespective of whether such data is stored locally or on cloudbased solutions, and taking into account the different levels of risk. Using biometrics to identify and authenticate should not be a precondition for using European Digital Identity Wallet, notwithstanding the requirement for strong user authentication. Biometric data used for the purpose to identify and authenticate a natural person in the context of this Regulation should not be stored in the cloud. Using biometrics is one of the identifications methods providing a high level of confidence, in particular when used in combination with other elements of authentication. Since biometrics represents a unique characteristic of a person, the use of biometrics requires organisational and security measures, commensurate to the risk that such processing may entail to the rights and freedoms of natural persons and in accordance with Regulation 2016/679. Storing information from the European Digital Identity Wallet in the cloud should be an optional feature only; active after the user has given explicit consent. Where the European Digital Identity Wallet is provided on the smartphone of the user its cryptographic material should be, when available, stored in the secure elements of the device. (p 16–17, Recital 11, 7)
7. More on security: When accessing public and private services cross-borders, authentication and identification of a user of the Wallet should be possible. The receiving Member States should be able to unequivocally identify the user upon their request in those cases where identification of the user is required by law. In order to ensure high-level of trust and security of personal data, different technical solutions should be considered, including the use or combination of various cryptographic techniques, such as cryptographically verifiable identifiers, unique user-generated digital pseudonyms, self-sovereign identities and domain specific identifiers using state of the art encryption technology. (p 17, Recital 17, 8)
8. More on selective disclosure and privacy: The design of the European Digital Identity Wallet should technically enable the selective disclosure of attributes to relying parties. Privacy by design should become a standard design feature of the European Digital Identity Wallet, thereby reinforcing user control, convenience and personal data protection including minimisation of processing of personal data. In general, insofar as personal data are concerned, the processing of such data should rely upon the grounds for processing provided in Article 5(1), point ©, of Regulation (EU) 2016/679. (p 21, Recital 29, 9)
9. Non-qualified attestations: Authentic sources that are users of a European Digital Identity Wallets should be able to issue non-qualified electronic attestation of attributes directly using the European Digital Identity Wallets. Alternatively, they should be able to use any trust service provider compliant with the technical specifications and standards of the European Digital Identity Wallets framework to issue electronic attestation of attributes on their behalf. Non-qualified attestations of attributes do not receive the same assumption of high level of assurance as the qualified electronic attestation of attributes, but they nevertheless provide the potential for many use cases (e.g. fidelity credentials, club membership credentials, coupon credentials, etc.) providing for the necessary flexibility and anticipating future evolution of the framework, including increasing the overall usability of the framework for the users of the European Digital Identity Wallets. (p 22, Recital 31a, 10)
10. Validation of attestations and ZKP: …request and validate electronic attestation of attributes, including person identification data, or zero knowledge proof inferred from them; (p 33, Article 6a — paragraph 4 — point a — point 2, 11)
11. Anonymity and selective disclosure: …provide a mechanism to ensure that the relying party is able to anonymously authenticate the user and to receive electronic attestations of attributes that can be validated in the form of selective disclosures and minimise the processing of personal data; (p 36, Article 6a — paragraph 4 — point d, 12)
12. Security and backups: …provide a recovery mechanism for the user to safeguard the content of the European Digital Identity Wallet, including person identification data, attributes, electronic attestations of attributes and credentials, in the case of unavailability, loss or stealing of the corresponding device, such safeguard mechanism preserving authenticity, confidentiality, integrity and privacy; (p 37 Article 6a — paragraph 4 — point e a (new), 13)
13. Security: The European Digital Identity Wallets shall be issued under a notified electronic identification scheme of level of assurance ‘high’ and shall ensure cybersecurity by design. In particular, European Digital Identity Wallets shall provide the necessary security functionalities at the state of the art and offer resistance to skilled attackers, ensure the confidentiality, integrity and availability of the content of the European Digital Identity Wallet, including person identification data, attributes, electronic attestations of attributes and credentials and request the secure, explicit and active user confirmation of its operation. (p 40, Article 6a — paragraph 6, 14)
14. Data ownership and management: The user shall be in full control of the European Digital Identity Wallet and its own data. The issuer of the European Digital Identity Wallet shall ensure that it is built on privacy by design principle. In particular, the EDIW shall have the following features:

a) for issuers of the European Digital Identity Wallet it shall be technologically impossible to receive any information on the use of the Wallet or its attributes. For the purpose of protecting user data against loss or corruption, encrypted synchronization and encrypted backup functions shall be permitted, with the previous explicit consent of the user. The issuer of the European Digital Identity Wallet shall not combine person identification data and any other personal data stored or relating to the use of the European Digital Identity Wallet with personal data from any other services offered by this issuer or from third-party services which are not necessary for the provision of the Wallet services. Personal data relating to the provision of European Digital Identity Wallets shall be kept physically and logically separate from any other data held. If the European Digital Identity Wallet is provided by private parties, the provisions of Article 45f, paragraph 4, shall apply mutatis mutandis;

b) for issuers of the electronic attestation of attributes it shall be technologically impossible to receive any information about the use of these attributes and about the use of the European Digital Identity Wallet;

c) for relying parties it shall be technologically impossible to receive any information other than that that the user has consented to. (p 41–43, Article 6a — paragraph 6, 15)

Summary

A number of considerations across multiple dimensions were made in the extracts of the proposal above, including:

1. Availability of full transaction history to users;
2. Privacy by design and high level of security for each wallet issued by each Member State;
3. Selective disclosure of attestations of attributes in a fully private manner through ZKPs;
4. Ability to use the wallet online and offline alike;
5. Data storage design, related to personal data utilized for authentication and identification, should ensure the highest level of security irrespective of whether data is stored in a cloud-based solution or locally;
6. Issuers of electronic attestation of attributes should be unable to receive any information about these attributes and the use of EDIW and relying parties should be unable to receive information other than the one the user consented to;

Galactica Network

Brief

Galactica Network is a layer-1 protocol with zkKYC-powered Sybil Resistance. zkKYC eliminates the need for a user to share any personal information with a regulated business for the purpose of KYC, yet it provides the transparency to allow for a customer to be identified if that is deemed necessary by a designated governing authority such as law enforcement. This approach makes it possible to combine regulatory compliance for applications and achieve full privacy for users.

Implementation of EDIW using Galactica Network

1. Storing and managing identity data credentials and attributes

a) Galactica Network’s zkCertificates hold ID credentials and attributes;

b) Managed in the Galactica Snap for Metamask:

• Self-managed wallet;
• Data stored locally on the user’s device;
• Secured by an Ethereum key;
• Optional encrypted cloud backup;

c) Online and offline verification is possible.

2. Transaction history

a) Available by default — blockchain as a decentralized ledger;

b) Block explorer representing the ledger data in a comprehensible format.

3. Selective disclosures and attestations

a) Zero-knowledge proofs (ZKPs) based on zkCertificates;

b) Verifiable proof for disclosures and attestations without sharing/disclosing any source data.

4. Online and offline authentication

a) Sign-In with Galactica Network using the EIP-4361 standard;

b) Can be combined with zero-knowledge selective disclosures and attestations.

5. Security

a) Tendermint consensus algorithm for on-chain security;

b) Fraud proof through digital signature using EdDSA;

c) Verification secured by ZKP and comparison with Merkle tree root hashes.

Challenges of using Galactica Network for EDIW

1. GDPR Right to erase (‘right to be forgotten’): Because blockchains are designed as distributed append-only ledgers, the deletion of previously published data is not part of the base technology. The following approaches solve this problem.

a) Check if Galactica Network satisfies exception criteria, such as:

i. Being obligated to keep data for financial security and fraud investigations

ii. Providing enough public interest to keep data for allowing persistent reputation, financial accountability or societal substrate

b) Making personal data unavailable for third parties. For example, default encryption between parties exchanging personal data would allow for deletion of decryption keys.

c) Changes in the blockchain protocol to allow erasing the history, such as ZK validated check-points.

2. Network fees could be a barrier to using the system

a) Solutions for fee-less and proxied transactions exist on Ethereum and can be integrated on Galactica Network.

b) Side-chains could operate on another model while utilizing Galactica Network features.