irma.png

Compare and Contrast — IRMA vs Verifiable Credentials

Do you need a Distributed Ledger Technology (DLT) for an SSI implementation? IRMA vs VCs can answer this question
image
Affinidi
Nov 15, 2021
  • Self-sovereign identity, the next step in the evolution of identity management, revolves around empowering users to own their identity and control how it is shared.

Given the many concerns revolving around privacy and data sharing that exist today, SSI is being increasingly seen as a potential solution for secure sharing, privacy, and interoperability in the digital world. As a result, the last few years have seen the development of many systems and frameworks to bring SSI closer to reality.

In this article, we will be comparing two such SSI-based systems, namely, “I Reveal My Attributes” (IRMA) and Verifiable Credentials (VCs).

What is IRMA?

IRMA was founded by the Digital Security Research group at the Radboud University in the Netherlands. The aim of this group was to create open, secure, and privacy-friendly systems that would give users complete control over their identity. This pilot project was called IRMA and it was based on the Idemix technology.

Idemix is a public-private key pair where the private key is used by the issuer to sign a credential and the public key is used by the verifier to establish that the credential is signed by the issuer and hence is authentic.

What are Verifiable Credentials?

Verifiable credentials, or VC in short, are tamper-proof credentials that can be verified cryptographically.

There are three essential components of verifiable credentials, and they are:

  • It is machine verifiable
  • It is secure and tamper-proof
  • Has been issued by a competent authority.

Underlying Cryptography

Both IRMA and VCs can use Zero-Knowledge Proof as their cryptographic foundation, but they use different cryptographic frameworks. While IRMA uses Idemix, many VC implementations rely on the Charm framework.

Idemix is a Java library while Charm is a Python API that works well for key pairings and signature schemes. The Charm Framework uses a hybrid design that combines mathematical operations in the C language with crypto modules written in high-level languages.

When you compare the two, Charm is a more advanced crypto framework that supports rapid prototyping. It also reduces the development time and allows the components to be reused. It comes with standard APIs as well that are conducive for digital signatures and encryption.

Schemas

The schemas used by IRMA and VCs are vastly different too, as VCs use the more popular decentralized identifiers (DIDs), a type of identifier to enable digital identity. The advantage with DIDs is that it gives users complete control over the usage of verifiable credentials, but the disadvantage is that it lends to the creation of different custom schemas.

Here’s how a VC schema looks like.

{ "type": "https://w3c-ccg.github.io/vc-json-schemas/schema/1.0/schema.json", "modelVersion": "1.0", "id": "did:work:MDP8AsFhHzhwUvGNuYkX7T;id=06e126d1-fa44-4882-a243-1e326fbe21db;version=1.0", "name": "PassportCredentialSchema", "author": "did:work:MDP8AsFhHzhwUvGNuYkX7T", "authored": "2018-01-01T00:00:00+00:00", "schema": { "$schema": "http://json-schema.org/draft-07/schema#", "description": "Passport", "type": "object", "properties": { "PassportNumber": { "type": "number", } “DateofIssue": { "type": "date", } “FirstName": { "type": "string", } “LastName": { "type": "string", } }, "required": ["passportNumber", “dateofIssue”, “firstName”, “lastName”], "additionalProperties": false }, "proof": { "created": "2019-09-27T06:26:11Z", "creator": "did:work:MDP8AsFhHzhwUvGNuYkX7T#key-1", "nonce": "0efba23d-2987-4441-998e-23a9d9af79f0", "signatureValue": "2A7ZF9f9TWMdtgn57Y6dP6RQGs52xg2QdjUESZUuf4J9BUnwwWFNL8vFshQAEQF6ZFBXjYLYNU4hzXNKc3R6y6re", "type": "Ed25519VerificationKey2018" } "proof": { "type": "RsaSignature2018", "created": "2020-09-14T21:19:10Z", "proofPurpose": "authentication", "verificationMethod": "did:example:ebfeb1f712ebc6f1c276e12ec21#keys-1",

"challenge": "1f44d55f-f161-4938-a659-f8026467f126",
"domain": "4jt78h47fh47",
"jws": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..kTCYt5      XsITJX1CxPCT8yAV-TVIw5WEuts01mq-pQy7UJiN5mgREEMGlv50aqzpqh4Qq_PbChOMqs LfRoPsnsgxD-WUcX16dUOqV0G_zS245-kronKb78cPktb3rk-BuQy72IFLN25DYuNzVBAh
  4vGHSrQyHUGlcTwLtjPAnKb78"

} }

IRMA’s approach to schemas is a stark contrast to VC. It uses a more centralized approach and IRMA has published its schemas on GitHub. Those wanting to create new schemas have to reach out to IRMA and add it to their list.

IRMA uses such a centralized approach because it finds no immediate need to decentralize the creation of new schemas at this point.

Here’s how the Schema Manager looks like in IRMA

SchemeManager +-- IssuerName | +-- Issues | | +-- CredentialName | | +--- description.xml | | +--- logo.png | +-- PublicKeys | | +-- 0.xml | | +-- 1.xml | +-- PrivateKeys (need not be present) | | +-- 0.xml | | +-- 1.xml | +-- description.xml | +-- logo.png +-- description.xml +-- index +-- index.sig +-- pk.pem +-- timestamp

As you can see, the schema creation process of each of these frameworks comes with its share of advantages and disadvantages, so there’s really no better one. Just depends on the implementation and developer preference.

Real-world Implementations

At the time of writing this piece, IRMA has three known implementations in the real world.

  • Age verification in liquor stores in Almere, Netherlands
  • A consortium of e-health companies called nuts.nl that identify and authenticate users using IRMA
  • A work-in-progress (WIP) implementation to mitigate fake news using digital signatures.

VCs, on the other hand, have many implementations. Here’s a look at some real-world implementations of participants in Affinidi’s PoCathon and some possible VC use-cases that are waiting to be implemented.

Here is a table that summarizes these key differences.

Comparison at a Glance

To learn more about building VC-based applications, check out our Developer resources. You can also join our mailing list to stay abreast of exciting developments at Affinidi.

Get an email whenever Affinidi Publishes!

Subscribe