DID and ZKP in social networks

1 Introduction

The key terms in this article are:

• Decentralized Identity (DID, decentralized identity) or self-sovereign identity (SSI, self-governing identity): is an open standards-based framework that uses autonomous, independent identifiers and verifiable certificates to achieve trusted data exchange.
• Credential / Attestation / Verifiable Credential (VC) / POAP / SBT: A document pointing to detailed qualification information on Web2 or blockchain. Can be issued by an authority, or self-issued.
• Issuer: An entity, institution, or organization that issues credentials, certifications, or qualifications.
• Verifier: An end user who queries credentials and conducts terminal marketing or participates in activities for that identity.

For example: "XYZ studio wants to airdrop NFT to all Uniswap v3 LPs", then:

• Verifier: For XYZ studio, the terminal participation activity it wants to devote to is: airdrop.
• Credential: Uniswap V3 NFT held only by Uniswap LP.
• Issuer: The issuer of Credential is Uniswap Labs.
• DID: A digital wallet participating in the Uniswap protocol.

When Verifier queries all Uniswap V3 LP NFTs on the chain, Verifier can know all public wallet addresses-it can be regarded as a "verifiable data registry".

2. Identity, Verifiable Credential and social network in Web2

Meta, Twitter, Instagram, Reddit, Quora, Weibo, TikTok are all social media platforms. They combine user identity, content, and social networking in a clean pre-packaged platform that is easy to use and subsequently a great place to get personal data about users like their hobbies, activities, locations, interests, etc.
The business model is simple - sell anonymous user data to advertisers, who will use the information to run smarter campaigns. Meta and Google also enabled an auction model that enables marketers to bid on ad slots.
It’s a highly profitable business strategy for platforms — the top social media companies in the U.S. earn an estimated $181.1 billion through advertising. 81% and 97.9% of Google's and Meta's total 2021 revenues will come from this channel, respectively.

When that revenue is at stake, no company is incentivized to open-source their identity database and make it more user-friendly. This is where the Web3 idea of ​​a decentralized, transparent, tamper-proof and privacy-preserving social solution comes into play.

3. Evolution of Web3 social infrastructure

Some of the main principles of social infrastructure on the blockchain are illustrated in the diagram below. Data ownership is critical for end users to have full control over their digital identities.

• 1) Ownership and tamper-proof:
  • Users own their own identities and are the only individuals who can modify their identities.
  • Has basic access control features.
  • Users know who has accessed their data.
• 2) Privacy: Users can store their data privately, avoiding human flesh searches, unless users choose to disclose certain information.
• 3) Verifiability:
  • Third parties can verify that their marketing is for actual users and not bots.
  • Third parties can verify the characteristics of their target customers.
  • A third party can verify the trustworthiness of the credential issuer.
• 4) Accessibility:
  • Third parties have access to all data predefined by individual users.
  • For dapp developers, social network and user attestation data is easy to use and build on.
• 5) Fun: Social networking is fun for users and has a fundamental entertainment angle.

3.1 Status Quo of Web3 Social Infrastructure

The current on-chain social data market is divided into:

• 1) dStorage solutions: such as creamic, IPFS, Filecoin, etc.
• 2) Social Graphs solutions: such as LENS, CyberConnect, DeSo, etc.
• 3) SBT (Soulbound Token) + Social Graph solution: such as Project Galaxy, Sismo, etc.
• 4) Applications/Front-ends/Credentials/SBTs/POAPs solutions: such as DeBank, OpenSea, LearnWeb3, POAP, etc.
  
  The key challenges for industrial applications are:
• 1) Lack of on-chain data granularity:
  • Data on the chain, such as wallet holdings (ERC20 & NFT), transactions, dApp interaction, transaction frequency, etc., are the main data collected.
  • No personal data is accessed except to analyze the type of NFT purchased by the wallet.
• 2) Lack of privacy protection means to introduce off-chain data into the chain:
  • If Ceramic introduces off-chain data into the chain, it will expose user data to the public query of the blockchain.
• 3) Lack of user retention on social networks, such as apps that continue to spread the social graph.

3.2 The role of ZKP in social infrastructure

A key challenge in bringing user data from social media networks such as Meta or Twitter on-chain is the lack of privacy. Even encrypted data stored on multiple anonymous nodes is at risk of being hacked or decrypted.

ZK-based applications can:

• Support trusteless authentication of user data
• Privacy protection user data

Using ZK verification in the DID system, in the form of ZK attestations or credentials, users can introduce more granular social data to the chain, so as to achieve trustless verification without leaking too much data or introducing a centralized database.

4. Existing ZKP + DID and ZKP + Social Network

4.1 Earthquake

Based on user/wallet interaction, Sismo supports user claim ZK attestations

Leveraging Sismo's SDK, developers can now use Sismo attestations to target user groups.

The Sismo alpha version (unaudited at the time) launched in August 2022 supports users to mint their ZK badges on the Polygon network. However, these attestations are for the Ethereum activity of the wallet.
The following figure is an example of Ethereum Power Users ZK Badges, each attestation/badge is non-transferable SBT (ERC1155).

4.2 First Batch

First Batch is positioned to introduce off-chain social data such as Discord, Twitter, and Reddit to the chain.
First Batch uses Twitter's OAuth to index users' off-chain data, which runs in its AI system. AI will tag user profiles with attestations such as "coffee lover," "sports fan," and even "Nespresso" and "Lakers fan."

Without revealing the true identity of the end user, dApp developers can interact with the smart contract layer to convert these tokens into ZK attestations on-chain.

4.3 Trinsic ID

Trinsic's flagship products include:

• Credential API for issuers;
• Provider API for customers: accessible VC (Verifiable Credential).
• Wallet API for users and customers: used to hit key user groups and lead some on-chain participation - such as airdrops.

For using Trinsic:

• End users must create a Trinsic Studio digital wallet and generate credentials within that wallet.
• Along with credentials, users must generate authentication policies that represent various data points, such as "user is over 21 years old".

4.4 Notebook Labs

Notebook allows users to set up "notebooks" about their being human, as well as other personal data such as name, address, social security number (optional), country of residence, etc. User notebooks are stored on an AWS server.

If a user wants to prove that he is human, he proves that his wallet address is associated with his notebook. The client generates a proof: it has a leaf node in the merkle tree, and sends the proof to the verification smart contract.

The app will be a great way to pre-approve KYC AML and easily integrate it into dApps in the future. Using ZK-based DID can well protect user privacy and allow users to control and edit their data without storing the entire data on-chain.

4.5 Humannode

Humannode is an L1 chain resistant to Sybil attacks, and its basic consensus layer adopts: proof of uniqueness + proof of existence. Humannode is a substrate chain compatible with EVM. Each node has the same voting authority and a blacklist is set for malicious behavior. As of August 2022, the team claims to have collected data on more than 10,000 humans.

The Humannode team specializes in encrypted biometric authentication, combining encrypted secure matching and liveness detection mechanisms to verify the uniqueness and existence of real humans. It uses ZKP to provide proof of uniqueness and liveness for the protocol.

4.6 Polygon ID

Polygon announced its Polygon ID product in August 2022 and is similar to Sismo. Polygon ID focuses on attesting wallet behavior on the polygon chain and helps generate ZK proof as a verification mechanism. Its core products are:

• Identity App on the client side
  

• ID client toolkit with related API

• SDK for developers, dApps, customers to integrate
  

4.7 Worldcoin

Worldcoin, developed by Open AI co-founder Sam Altman, is positioned as:

• Provide privacy protection for proof of personality protocols
• With Semaphores (ZK tools developed by Ethereum AppliedZKP)

It has developed a hardware product called Orb to collect iris images of human eyes and convert them into short digital codes, so that it can be verified whether the human has been registered. If not registered, they can receive their corresponding share of free Worldcoin.

5 Conclusion

Social infrastructure is key to building any form of sustainable social network or application on web3. Privacy, security, and data ownership are key in the infrastructure space, and there are multiple companies working to address this issue. Almost all companies focused on privacy in the context of identity rely on zero-knowledge proofs as a source of verification.

As the industry evolves, the key challenge for these companies will be to capture the market - which is primarily user data and can only be scaled through social apps that require users to "sign up". Worldcoin is an exception to their going to market, but otherwise; all companies are actively competing for developer and dApp attention. Creating a functional SDK for self-developed developers is critical for these infrastructure providers. They may have some gamification on their front end, but on a limited scale due to mass user migration of the concept of "entertainment", "content" or "speculation" in cryptocurrency.

References

[1] Ishanee Nagpurkar August 2022 Blog Zero Knowledge in DiDs and Social Networks