Do You Need Blockchain for Enabling SSI?
Blockchain and Self-Sovereign Identity (SSI) are often talked about as complementing technologies. But do you really need blockchain to enable SSI?
Before we answer this question, it merits to note that SSI is a digital movement that aims to enable individuals or organizations to have sole ownership of their identity, and to have control over how their data is shared and used. It functions on cryptographic key pairs which can be based on blockchain technologies.
As always, let’s answer this question with an example.
Frank is a traveler who is going on a vacation from Singapore to Germany. As per the existing government norms, he has to be fully vaccinated to board the flight. He is eligible to travel but has to present his vaccination details to the airport authorities to get the boarding pass.
So, there are three parties involved here — the healthcare facility that issued vaccination details (verifiable credentials), Frank, and the airport official who will check the credential. In other words, the healthcare facility is the issuer of a credential, Frank is the owner, and the airport official is the verifier.
Now, let’s get down to the implementation. How can the airport official verify the credibility of Frank’s vaccination, given that the healthcare facility is not in the same network as that of the verifier?
One possibility is to use blockchain technology to store the credential because it is immutable and secure.
Using Blockchain for SSI
No discussion of SSI is ever complete without questions about blockchain. This is because blockchain provides the perfect alternative to centralized repositories as the credentials can be stored on blocks and linked to the larger network.
Since the blockchain network is spread across multiple computers, there’s no single owner. Also, the very nature of blockchain makes it impossible to change data, and this means you have high levels of online security and credibility.
In all, blockchain is a secure way to store and share your credentials and be in complete control of your data at all times, thereby enabling SSI.
That said, blockchain is not the only option for enabling SSI as there are other ways of implementing it such as IPFS, DID anchoring, peer DIDs, public-key cryptography, and more. You can even use gateways to avoid interacting with blockchains directly.
To give you an idea, let’s look at how public-key cryptography is used for enabling SSI.
Using Public Key Cryptography
Public key cryptography secures the communication among entities, and in the process, enables the implementation of SSI.
Here’s a brief workflow of how it works.
The healthcare facility issues the credential and signs it with its private key, and encrypts it with Frank’s public key.
Frank decrypts the credential using his private key and stores it in his digital wallet. When it’s time to present it to the airport authorities, he signs it with his private key and encrypts it with the verifier’s public key.
Finally, the verifier decrypts the credential using its private key and validates both the holder and the issuer using their respective public keys.
As you can see, blockchain is not needed to implement SSI here.
Interplanetary File System (IPFS) is a versioned file system that stores files and tracks their versions. It is a distributed file network where the file URL of the actual file is shared among users.
For example, let’s say the vaccination details are stored in /ipfs/ZTmu48720mlp/vaccinations/frank.txt and this file can be shared directly with the concerned authorities. Here, the URL is similar to HTTP requests, except that the actual file name is used instead of the location where it is stored. Here, the cryptographic hash on the file is a part of the URL, and this is also what secures its contents.
Blockchain is not needed here as well.
Using Peer DIDs
In a peer DID, there’s no network involved. Here, the healthcare center creates a Decentralized Identifier (DID), puts it in a DID document, and sends it directly to the airport authority. Likewise, the airport authority creates a DID, puts it in a DID document, and sends the doc to the healthcare facility
So, both entities create their records and send the metadata of their records to each other, so one can use that metadata to look up the record of the other. This information can also be cryptographically encrypted for security.
Again, no blockchain here.
To conclude, blockchain can be used for enabling SSI, but it is not the only way to implement SSI. The choice depends on the company/developer who is implementing it.
We hope this will get you thinking about enabling SSI using an option that best suits your application or business requirement. For more information on how Affinidi can help, email us.