In the evolving landscape of decentralized systems, the need for secure, privacy-preserving, and user-controlled identities has become paramount. Traditional identity systems are centralized, creating vulnerabilities such as data breaches, identity theft, and lack of user autonomy. The advent of decentralized identity (DID) frameworks, powered by blockchain, offers a solution to these challenges.

This post explores how to build a decentralized identity system on the Ethereum blockchain using ERC720 and ERC735 standards. We will delve into how ERC720 facilitates the management of identity claims and how ERC735 supports verifiable credentials, allowing users to have complete control over their identity data. By implementing these standards, developers can create secure, interoperable, and user-friendly identity solutions that align with Web3 principles.

What is Decentralized Identity?

Decentralized Identity (DID) is a concept where individuals or organizations can create, own, and control their identity without relying on a central authority. Unlike traditional identity systems, which are managed by governments or corporations, decentralized identity is based on blockchain technology, enabling users to manage their credentials and personal information in a secure, private, and self-sovereign manner.

Decentralized identities leverage cryptographic keys and blockchain standards to verify the authenticity of identity-related information. These identities are represented as Decentralized Identifiers (DIDs), which are globally unique identifiers stored on a decentralized network, typically a blockchain. The key components of decentralized identity are:

1. Self-Sovereignty: Users have complete control over their identity and credentials.
2. Verifiable Credentials: Claims about the identity (such as age, name, qualification) are cryptographically signed by trusted entities and verified without intermediaries.
3. Interoperability: DIDs and verifiable credentials are standardized for use across multiple platforms and services.

Why Do We Need Decentralized Identity?

Decentralized identity addresses several limitations of traditional, centralized identity systems:

1. Privacy and Security:
   • Traditional Identity: Centralized identity systems store user data in centralized databases, making them vulnerable to hacking, data breaches, and identity theft.
   • Decentralized Identity: In a decentralized system, users’ data is stored on their devices or through encrypted methods where they control access. Since no single entity stores all the information, the risk of large-scale breaches is reduced.
2. User Control:
   • Traditional Identity: Users’ identities are managed by third parties (e.g., social media companies, banks), which can control, misuse, or even revoke access to their information.
   • Decentralized Identity: Users have full ownership and control of their identities and decide who can access or verify their credentials.
3. Interoperability:
   • Traditional Identity: Users need to maintain different identities across multiple services (email accounts, government IDs, social media profiles), which are not interoperable.
   • Decentralized Identity: One decentralized identifier (DID) can be used across multiple services, and verifiable credentials can be universally recognized and verified.
4. Trustless Verification:
   • Traditional Identity: Verifying identity often requires intermediaries (banks, notaries, etc.), which can be costly, time-consuming, and prone to errors.
   • Decentralized Identity: Verifiable credentials can be cryptographically proven without intermediaries, reducing costs and increasing trust.
5. Censorship Resistance:
   • Traditional Identity: Centralized systems are subject to censorship or revocation by authorities or institutions.
   • Decentralized Identity: DIDs are resistant to censorship, providing individuals greater freedom and autonomy over their digital presence.

In essence, decentralized identity shifts the control of personal data and credentials from corporations and governments back to the individual, creating a secure, efficient, and privacy-focused way of managing identities in the digital age.

What are Verifiable Credentials (VCs)?

Verifiable Credentials (VCs) are digital representations of claims made by an issuer about a subject (e.g., a person, organization, or entity). These claims can be anything from a name, age, academic qualification, or professional certification. What makes these credentials “verifiable” is that they are cryptographically signed by the issuer, allowing anyone to confirm their authenticity without needing a centralized authority.

Key features of verifiable credentials include:

• Tamper-proof: Once issued, credentials cannot be altered without detection.
• Portable: Users can hold and present these credentials across multiple platforms or services.
• Privacy-preserving: Users can share specific parts of the credential (e.g., just a birthdate) without revealing the whole document (e.g., the entire identity card).

Relationship between Verifiable Credentials (VCs) and Decentralized Identifiers (DIDs)

Decentralized Identifiers (DIDs) provide the foundation for verifiable credentials. A DID is a globally unique identifier that is decentralized and can be owned and controlled by an individual or entity. Here’s how the two work together:

1. DID (Decentralized Identifier):
   • A DID is a unique identifier for the subject (the person or entity) who owns the identity.
   • The subject controls the DID using private keys. The DID can be used across different platforms or services without relying on a centralized authority.
   • DIDs are typically stored on decentralized networks like a blockchain, making them immutable and accessible.
2. Verifiable Credential (VC):
   • A VC is a document that contains claims about a subject. These claims are cryptographically signed by an issuer.
   • A VC references the subject’s DID to uniquely associate the claims with that subject.
   • When the subject (holder) presents the credential to a verifier, the verifier can check the issuer’s signature and ensure the credential is valid without needing to contact the issuer.

Example:

Let’s consider a real-world example of how VCs and DIDs work together.

1. Alice’s University Degree:
   • Issuer: Alice’s university issues a verifiable credential (VC) stating that Alice has a degree in Computer Science. The university cryptographically signs this credential and associates it with Alice’s DID (which is a unique decentralized identifier controlled by Alice).
   • Holder: Alice holds the VC in her digital wallet, which securely stores the verifiable credential along with her DID.
   • Verifier: When Alice applies for a job, the employer (verifier) asks for proof of her degree. Alice shares the verifiable credential with the employer, who verifies its authenticity by checking the cryptographic signature of the university. The employer can confirm that the credential is valid, was indeed issued by the university, and is associated with Alice’s DID — without contacting the university directly.

Summary of the Relationship:

• DIDs represent the identity of the subject (e.g., Alice), giving them a decentralized, user-controlled identity.
• Verifiable Credentials (VCs) are the claims or proofs associated with the DID (e.g., Alice’s university degree).
• When Alice wants to prove something (e.g., her qualification), she presents her VC, and the verifier checks it against Alice’s DID for authenticity.

This system provides a trustless way of verifying identity or qualifications without needing centralized entities, while giving users control over their personal data and credentials.

ERC720 and ERC735: Standards for Identity and Credentials in Ethereum

ERC720 and ERC735 are Ethereum-based standards that play a key role in building decentralized identity (DID) systems and verifiable credentials (VCs) on the blockchain. These standards provide a framework for identity management and verifiable claims, allowing Ethereum-based applications to create self-sovereign identity systems. Here’s how each standard works:

ERC720: Claims Registry Standard

ERC720 defines a standard interface for managing identity-related claims (i.e., assertions made by an issuer about an individual or entity). A claim is a piece of information about the subject (DID holder), such as a university degree or a driver’s license, that is cryptographically signed by a trusted issuer.

• Claims Registry: ERC720 outlines how claims can be stored and managed on a decentralized claims registry, allowing multiple entities to issue claims about a subject (identified by a DID).
• Claims Control: The standard allows users to control their claims and decide which claims to share and with whom. Since it is decentralized, users have control over their identity data and are not dependent on centralized authorities to manage this information.

ERC735: Identity and Claims Verification Standard

ERC735 is an extension of ERC720 and focuses on managing claims about a decentralized identity. It defines a standard interface for identity contracts, allowing the verification of claims on the Ethereum blockchain.

• Issuer Signed Claims: ERC735 allows third parties (issuers) to create and sign claims about an identity (DID). These claims are stored in an identity contract, and each claim contains information like the issuer’s address, the type of claim, the data in the claim, and cryptographic proof.
• Claim Verification: With ERC735, the verifier can trust that a claim is valid because it is cryptographically signed by the issuer and linked to a DID. This allows for decentralized, secure, and verifiable credential sharing.

How ERC720 and ERC735 Align with Decentralized Identity and Verifiable Credentials

1. Decentralized Identity (DID)

In a decentralized identity system, DIDs are used to identify individuals or entities in a self-sovereign manner. DIDs allow users to own and control their identity without relying on centralized intermediaries.

• ERC735 enables the creation of decentralized identity contracts on Ethereum. These identity contracts can store and manage claims about a subject’s identity, ensuring that the subject (DID holder) controls their identity and claims.
• ERC720 helps in managing claims by providing a standard for creating and verifying identity-related claims, giving users the ability to manage their digital identity autonomously.

2. Verifiable Credentials (VCs)

Verifiable credentials are digital proofs that represent claims made by issuers about a subject. These credentials are cryptographically signed and can be verified without needing to contact the issuer directly.

• ERC720 facilitates the management of verifiable credentials (in the form of claims). A university, for example, could issue a verifiable credential (claim) that Alice has a degree, cryptographically signing it using ERC720.
• ERC735 then helps to store and verify these credentials. When Alice shares her VC with a potential employer, the employer can verify it through her decentralized identity (DID) using the ERC735 standard without contacting the university.

Example: How ERC720 and ERC735 Work Together

1. Alice’s Identity:
   • Alice’s DID is registered on Ethereum using an ERC735 identity contract. This contract holds various claims about her identity (e.g., her name, qualifications, certifications).
2. Claim Issuance:
   • Alice’s university issues a verifiable credential (claim) that Alice has a degree in Computer Science. This claim is cryptographically signed by the university using ERC720 and added to Alice’s identity contract using ERC735.
3. Claim Verification:
   • When Alice applies for a job, the employer can request proof of her degree. Alice shares the relevant claim (verifiable credential) from her identity contract, and the employer can verify that the credential was issued by the university without directly contacting the issuer.

Alignment with Decentralized Identity and Verifiable Credentials

• Self-Sovereign Identity: ERC735 empowers users by allowing them to manage and control their own identity information, aligning with the principles of decentralized identity.
• Decentralized Claims Verification: ERC720 provides a framework for issuing and verifying claims in a decentralized, cryptographically secure manner, thus enabling trustless verification of verifiable credentials.
• Interoperability: Both ERC720 and ERC735 are built on Ethereum’s smart contract system, allowing for interoperability between different decentralized applications (dApps) and services.

By using ERC720 for managing claims and ERC735 for decentralized identity contracts, developers can create a robust decentralized identity system that enables secure, privacy-preserving, and user-controlled verifiable credentials on the Ethereum blockchain.

Here’s an implementation example involving various smart contracts for a university issuing and verifying certificates (as verifiable credentials) for students using DID and verifiable credentials on Ethereum, based on the ERC735 and ERC720 standards. The following steps will break down how each contract works and their interactions.

1. ERC735 Identity Contract (Student Identity)

The ERC735 identity contract manages claims (verifiable credentials) about a user’s decentralized identity. In this case, the student’s identity will be tied to their decentralized identifier (DID), and claims about their qualifications will be managed here.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract ERC735 {
    event ClaimRequested(uint256 indexed claimId, uint256 indexed topic, address indexed issuer, bytes data);
    event ClaimIssued(uint256 indexed claimId, uint256 indexed topic, address indexed issuer);
    
    struct Claim {
        uint256 topic;
        address issuer;
        bytes signature;  // cryptographic proof that the issuer signed the claim
        bytes data;       // data of the claim, like the student's degree
        string uri;       // URI to fetch claim details if stored off-chain
    }
    
    mapping(uint256 => Claim) public claims;  // mapping of claim IDs to Claim structs
    
    function addClaim(
        uint256 _claimId,
        uint256 _topic,
        address _issuer,
        bytes memory _signature,
        bytes memory _data,
        string memory _uri
    ) public returns (bool success) {
        Claim memory newClaim = Claim({
            topic: _topic,
            issuer: _issuer,
            signature: _signature,
            data: _data,
            uri: _uri
        });

        claims[_claimId] = newClaim;
        emit ClaimIssued(_claimId, _topic, _issuer);
        return true;
    }

    function getClaim(uint256 _claimId) public view returns (Claim memory) {
        return claims[_claimId];
    }
}

Explanation:

• ERC735 is a contract that stores verifiable claims (credentials) about a subject’s identity.
• A claim contains:
  • topic: The category of the claim (e.g., education, work experience).
  • issuer: The entity (e.g., a university) that issued the claim.
  • signature: A cryptographic signature issued by the university proving that it issued the claim.
  • data: The actual claim details (e.g., the degree obtained).
  • uri: If the claim is stored off-chain, this URI points to the storage location.

The University will interact with this contract to issue a degree claim for the student.

2. University Contract (Issuer of Credentials)

This contract represents the university that issues certificates (verifiable credentials). It will sign claims about the student and interact with the ERC735 contract to store the claims.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import "./ERC735.sol";

contract University {
    address public universityAddress;

    constructor() {
        universityAddress = msg.sender;
    }

    function issueDegree(
        address _studentIdentity,
        uint256 _claimId,
        string memory _degree,
        string memory _major
    ) public returns (bool success) {
        require(msg.sender == universityAddress, "Only the university can issue claims");

        // Create the degree claim (this is a simple example with no cryptographic signature)
        bytes memory degreeData = abi.encode(_degree, _major);
        bytes memory signature = "UNIV_SIGNATURE";  // Mocked signature

        ERC735 studentIdentity = ERC735(_studentIdentity);
        return studentIdentity.addClaim(_claimId, 1, universityAddress, signature, degreeData, "");
    }
}

Explanation:

• University Contract issues the degree (verifiable credential) to the student’s DID (represented by their ERC735 identity contract).
• The university contract calls the addClaim function on the ERC735 Identity Contract to store the degree information.
• It creates a claim (degreeData) that includes the degree name and the major, then “signs” the claim with a mock signature (signature).

In a real-world application, the signature would be generated by cryptographically signing the claim data with the university’s private key, providing tamper-proof proof that the university issued the claim.

3. Employer Contract (Verifier of Credentials)

This contract represents an employer who verifies the student’s credentials during the job application process. The employer retrieves the student’s claims from the ERC735 Identity Contract and verifies the signature to ensure the claim is valid.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import "./ERC735.sol";

contract Employer {
    function verifyDegree(
        address _studentIdentity,
        uint256 _claimId,
        address _expectedIssuer
    ) public view returns (bool verified) {
        ERC735 studentIdentity = ERC735(_studentIdentity);
        ERC735.Claim memory claim = studentIdentity.getClaim(_claimId);
        
        // Check if the claim was issued by the expected university
        require(claim.issuer == _expectedIssuer, "Claim not issued by expected issuer");

        // Here, we'd typically validate the cryptographic signature (mocked in this case)
        require(keccak256(claim.signature) == keccak256("UNIV_SIGNATURE"), "Invalid claim signature");

        return true;
    }
}

Explanation:

• The Employer Contract retrieves the student’s claim from the ERC735 Identity Contract by calling the getClaim function.
• It checks whether the issuer of the claim (university) matches the expected issuer and whether the signature is valid (mocked in this example).
• If both checks pass, the employer considers the claim valid, meaning Alice’s degree is verified.

How They Work Together

1. Issuance:
   • The University Contract issues a degree claim (verifiable credential) to a student by interacting with the student’s ERC735 Identity Contract. This claim contains the degree information and is signed by the university.
2. Storage:
   • The claim is stored in the student’s ERC735 Identity Contract as part of their decentralized identity (DID). The student controls access to their claims.
3. Verification:
   • When a student applies for a job, the Employer Contract retrieves the degree claim from the student’s ERC735 Identity Contract. It verifies that the claim was issued by the university and that the claim is valid by checking the cryptographic signature.

Key Takeaways:

• The ERC735 Identity Contract represents a student’s decentralized identity and stores verifiable credentials (claims) issued by the university.
• The University Contract issues and signs verifiable credentials (degree claims) and interacts with the ERC735 Identity Contract to store them.
• The Employer Contract retrieves and verifies these claims when evaluating the student’s credentials during a job application.

Conclusion

The combination of ERC735 and ERC720 provides a decentralized and secure mechanism for managing DID (Decentralized Identity) and Verifiable Credentials (VCs) on the Ethereum blockchain. By utilizing these standards:

• ERC735 serves as the identity management contract, where students (or any users) store their verifiable credentials linked to their decentralized identifiers (DIDs). This contract enables individuals to have full control over their identity, allowing them to manage and share claims as needed.
• ERC720 offers a flexible framework for issuing and managing verifiable claims. Institutions like universities act as trusted issuers by cryptographically signing claims (like degrees or certifications) and issuing them to individuals, ensuring the integrity and authenticity of these claims.
• The smart contract system facilitates seamless and trustless interactions. Students can hold, share, and manage their credentials autonomously, while employers or other verifiers can validate these claims without contacting the issuer directly, thanks to cryptographic signatures.

This approach aligns with the principles of self-sovereign identity, enhancing user privacy, data security, and trust in the credentials. It demonstrates how blockchain technology, particularly Ethereum, can be leveraged to build decentralized identity solutions that can replace centralized identity systems, offering greater control to individuals while ensuring transparency and security for verifiers.

With this solution, the university, students, and employers form a secure and decentralized identity ecosystem where credentials are verifiable, trustless, and universally portable across multiple platforms or services.