Digital Twins: what should Web3’s native identity protocol look like?

Web2 users have been producing and consuming content on SNS for years, while they are still limited by the platform where they produce and consume. To use the functions of the platform, users must authorize the centralized third-party platforms to manage large amounts of data. Therefore, the centralized companies have been given enormous power and influence over data and content authority, taking ownership of user data and all user-generated content, which indicates that the user’s identity and data are controlled. The massive amount of user data has become a tool for platforms such as Facebook to make profits. Moreover, many individuals who should have enjoyed the convenience of the Internet have to become “data workers” to serve platform algorithms — Undoubtedly, the coercion of user data and identity violates the mission of the Internet.

Meanwhile, the feature of the monopoly platform of Web2 divides the Internet infrastructure, solidifying the social graph and user relationship. Users can hardly migrate. If the old platform is no longer working for some reason, moving your network to a new platform can be extremely trivial and complex — without the corresponding identity system/mechanism, the data on the platform doesn’t belong to the user, there’s still no way to prove to your friends that “I’m myself” on the platform.

Although Web2 identity is temporary, change is quietly happening. With the growing needs of users, this conception hab being picked up by Web3. A variety of decentralized authentication schemes are emerging as the most native components of the grand architecture, through which users can protect their privacy in a decentralized architecture and prove their existence as “a person with value” through external channels.

A brief history of the identity system

From DID to SSI

Decentralized Identity (DID) is a concept with wide application. W3C provides the standards for it. DID focuses more on technology, emphasizes decentralized technical standards, and realizes distributed registration and identity provision schemes. Its design and philosophy are too old and complex for a rapidly changing world. What’s more, the performance of traditional DID projects is not satisfactory. It takes a lot of user education costs and is limited in practical functions as well.

In the era of Web3, the decentralized identity is given more imagination beyond standards: in addition to being different from web2, this identity is globally unique and permanent. It can be parsed with high human readability and a standard protocol that can be encrypted and authenticated. The features of blockchain, also allow users to take full control of their identity without the need for any centralized third-party involvement. Meanwhile, it also solves the problem of the products of identity, that is, the confirmation, verification, storage, management, and use of user data.

From the perspective of users, such identity and its surrounding system are recognized as Self-sovereign Identity. SSI contains DID.

Wallet address is not identity

Cryptowallets, such as MetaMask logins, are increasingly replacing traditional accounts, making users’ identities unique, permanent, and verifiable. In a sense, the wallet simply replaces the central organization for authentication — the key, or mnemonic phrase.

The current development of wallets mainly focuses on the methods of key management and authentication (such as smart contract wallets). However, it is important to note that authentication, or the wallet, is not the whole identity. This type of authentication is limited to the internal system, but not to the external system. Since the public protocol layer of blockchain can access the data, EVM wallet sacrifices the confidentiality of user data, let alone the confirmation, verification, storage, management, and use of data.

If we simply take the wallet address as a one-on-one Web3 identity, it is similar to only using ID numbers in the physical world. This ID number will be recorded in every place where the user has been in, such as subway, convenience store, office, apartment, hotel, road monitoring, etc. And the identity information can be easily obtained by third parties, which will cause serious privacy leakage issues.

Therefore, the Web3 world needs a separate identity service protocol layer between the user wallet and the third-party dapp.

An attempt at the reputation system

More developers are trying to serialize on-chain data through addresses and produce simple proofs of different values. This kind of proof is also known as “reputation”. Based on verifiable on-chain data, this reputation is independent of the platform and can be applied in different scenarios (actually depending on the communities with different values).

Therefore, “reputation” can be quickly verified as “whether it has made contributions” and “whether they are high-value users” in a community with the same value, such as the badge proof of Project Galaxy and POAP, RabbitHole’s certificate obtained through learning, and Trust Bouns of Gitcoin. They all essentially grant authentication through participation to minimize the possibility of Sybil Attack and leave bots with no chance, since only “human beings” will be really involved in the acquisition of reputation.

It is also argued that the Web3 native identity does not need to accurately restore a real user (allowing for more flexible usage), but rather measures the value of an action. While it is possible to earn “reputation” through manual brushing, the action is still considered as a contribution.

The great challenge of the on-chain social graph

The reputation system is great progress on identity, but the excessive dependence on on-chain data leads to new issues. The data types of identity input are too monotonous — most of them are financial transaction data, which is difficult to produce effective multidimensional social relations from it. Meanwhile, reputation is based on the validation of a social network with the same values. Relying entirely on on-chain history will also make social networks more closed, as the output of this reputation is unfair and will even exacerbate the Matthew effect, leading to the fact that newcomers will refuse to join the social network or adopt its values (see Status as a Service ).

More Web3 social projects are trying to map Web2 social relationships on the chain and add more types of data input ( more than finance) to identities through more scenarios. You can simply be admitted into a certain Discord community by holding the same NFT, migrate your Web2 friends from Twitter via CyberConnect, or get social media information stream from Web2 via RSS3 subscriptions.

However, due to the inherent defects of the infrastructure (lack of storage layer and sharding capability), the non-transactional data itself will not be deployed on-chain. Instead, it will be serialized by various projects /platforms in their own ways and further stored in self-built infrastructure or decentralized storage such as IPFS and AR. This actually takes the old path of Web2 platform with the risk of data leakage and loss to a certain extent. Meanwhile, the social graph is not shared. It is also hard to verify the serialized data of social relationships. Therefore, it is more difficult to combine with each other to obtain a similar multiplier effect on DeFi. Nonetheless, there are still protocols like Lens Protocol that try to cut through the social data layer.

In addition, a permanent, non-selective record of user data is not conducive to social image change — especially in this rapidly changing virtual world, users should have control over what reputation/data is displayed and what is hidden. The more difficult challenges come from multichain/multistandard. As data on different chains are not visible to each other and there are huge differences between their account models, the identity issue on Web3 repeats the fragmentation of platforms/infrastructures from the Web2 era.

SSI has the opportunity to address these issues by running a separate identity data service layer on the chain. As primitives, SSI provides the underlying data building blocks for on-chain reputation systems.

Looking for novel infrastructure

Applications always come before infrastructure, while the inherent flaws of infrastructure cause the problems mentioned above. What kind of infrastructure do we need? First, the storage layer is necessary for data authentication, and general-purpose computing capability enables social logic to occur on the chain, enabling the combination of data verification and business.

The basis of Internet Computer of DFINITY provides the perfect carrier for identity. Here are the features of Internet Computer network: IC is currently the only full-stack blockchain computer that integrates storage, general-purpose computing, and smart contract. Its smart contract is also called a canister. The canisters do not share state through block data but maintain their own internal state independently. Each canister now has 4 GB of RAM and 8 GB of static storage. Canisters call each other through fixed API. The WASM VM in the canisters performs deterministic computing, and the network agrees on the order of calls among canisters. IC canister is the inherent carrier of the data confirmation of identity. It is believed that smart contract/canister with the independent storage and general-purpose computing capacity of IC is the native infrastructure of Web3. The contract can not only store the tamper-resistant business logic but also carry any type of data such as the KYC of identity, social graph, avatar, etc. Canisters can selectively allow other containers to call data through API without worrying about leaking irrelevant data.

Meanwhile, DFINITY has also established an authentication technology called Internet Identity (II) for IC. Users can use hardware that supports webauthn (currently most smartphones and computers do support) to create decentralized IDs in a few seconds through facial scanning or fingerprint identification. Users can easily control their IDs without having to manage usernames/passwords or rely on obscure private keys/mnemonic phrases.

Let’s take the chat service of IC network, Openchat, as an example. After its integration with II, Openchat creates an independent canister for each user to store their chat history and social relationships. Users can also manage their data through self-controlled API. Another example is the decentralized cloud notes in the IC network, Dstar. It uses the “secret synchronous canister” provided by II to synchronize notes across multiple devices, with each notebook as a separate canister. Users can also change their read/write permissions to access the new note-taking service. This truly makes user data portable, which is the foundation of Web3 data ownership.

Compared to Web3 DApp based on other public chains, which requires centralized servers to run complex business logic and store data, the unique underlying architecture of IC makes data migration no longer difficult. It is also conducive to the landing of more businesses on the chain except for transactions. It also provides new input scenarios for data.

In the recent governance of IC, the community’s proposal to support strong Proof of Humanity was accepted. This will provide the Sybli attack ability to IC services, and ModClub offers this kind of service on IC as well.

Any interesting projects here?

From the perspective of native identity services of Web3, IC ecology already has a series of schemes including Identity Labs, AstroX Me, Relation, etc. AstroX Me, for example, helps more Internet users access Web3 by offering Self-sovereign Identity as an easy-to-use multichain smart contract wallet.

AstroX Me abstracts out a more generic identity service. Building on the secure device login of Internet Identity, AstroX Me allows users to log in to II through MetaMask as the secure hardware to use IC ecology. AstroX Me, as an aggregator of multiple devices and identities, significantly lowers the entry barrier for core users.

Building identity services in the Web3 world is just the beginning. AstroX Me aims to become an integrator of Web3 system and will further support Email authenticated logins, as well as the logins of traditional Internet social networking (GoogleID, etc.), thereby introducing an even larger number of ordinary Internet users from the non-encrypted world. AstroX is also working on a unified plug-in, SDK, for the multi-identity login protocol, similar to WalletConnect from Ethereum, to lower the barrier to application development on Web3.

AstroX Me will create a separate identity canister for each user, which can be one’s smart contract wallet and store relevant data about one’s identity.

As a sovereign identity service, AstroX Me allows users to truly control their personal identity, assets, and data. Users can authorize/deauthorize DApps (decentralized applications) to access personal information or encrypted assets to maintain their privacy and identity.

Under the challenge of multi-chain, allowing users to manage multi-chain private key/mnemonic phrases is costly. Astrox Me plans to launch a smart contract wallet that supports multi-chain signature, allowing users to manage multi-chain addresses and services at one time without being exposed to multi-chain private key/mnemonic.

This will apply the ChainKey aggregation signature technology underlying the IC: the network nodes of the IC hold pieces of the private key, and the signatures of these pieces can be aggregated into a unique private key signature by the nodes, which is verified by BTC, Ethereum, and all other blockchain networks using ECDSA encryption algorithms. Based on the address derivation algorithm, Astrox Me can create an Ethereum-compliant address for each canister as its wallet address, and invoke the underlying technology of IC to sign through consensus, which is equivalent to creating an ETH smart contract wallet on the IC.

In the process of implementing the multi-chain smart contract wallet, Astrox Me implements end-to-end integration with the multi-chain nodes to read the multi-chain state and achieve its data availability on IC, so as to serve the smart contract wallet. DFNITY Foundation will complete the integration of BTC, ETH, and IC networks in the near future, which may help Astrox Me to create a multi-chain smart contract wallet. In addition, there will also be an integration of BSC, SOL, AVAX, and other networks in the future.

Summary

Both DID and SSI is essentially designed to avoid all kinds of abuses brought by personal data in the centralized model, such as the abuse of personal information by the data control party, the barrier of various platforms without interlinked data layer, and the loss of control over personal information by users. However, during this awkward transition about infrastructure on Web3, most identity/reputation schemes are not native enough. We still face many weak centralization links and extremely limited social scenarios, which greatly limit innovation.

The innovation of infrastructure will lead to a new explosion of applications, and the unique architecture of IC seems to offer the possibility. Canisters seem to be the perfect vehicle for Web3 identity. Will we create “Digital Twins” with real memory (storage) and thought (general-purpose computing) capabilities on IC?