Sovrin – Privacy and Identity Blockchain for All

2 weeks ago
By CeAnn Simpson
Posted: Updated:

Sovrin’s mission is to create identity for all.  The Sovrin Network is designed to create a lifetime portable digital identity that does not depend on any central authority.  Its governance (the Sovrin Foundation and the Sovrin Trust Framework), scalability (validator and observer nodes and state proofs) and accessibility (minimal cost and maximum availability) create privacy by design.

The Sovrin protocol incorporates a digital token designed for privacy-preserving value exchange and provides economic incentives for all network participants. The Sovrin token will enable a global marketplace for digital credentials of all types and value levels together with ancillary markets for digital credential insurance and permissioned first-party data (direct from the customer/data owner).

Recognised standard formats for digitally-signed credentials, created by the World Wide Web Consortium, and decentralised public blockchains, which provide registration and discovery of public keys needed to verify digital signatures, pave the way for global self-sovereign identity.  Currently, there is no way to verify digital credentials or to verify their source and integrity. Standardized digital credentials enable a worldwide ecosystem of credential issuers, owners, and verifiers to exchange interoperable verifiable claims.  Public key infrastructure (PKI) used in modern browsers relies on a small number of certificate authorities as the roots of trust.  This is centralisation creates a single point of failure risk, such as data breaches and can lead to censorship.  If the system is to work for all identity owners, issuers and verifiers, it must operate as an open protocol, run on open source software and have open governance, like the Domain Name System (DNS).

True self-sovereign identity means that identity is and will always be under the control of the identity owner and that it can never be taken away. Sovrin’s new public blockchain is designed for verifying self -sovereign identity.  Since every transaction in a blockchain has a digital signature that requires a private key, it is an obvious choice to use the blockchain itself for the storage of the associated public key—or any other cryptographic key over which the key owner needs to prove ownership. This is the core idea behind moving from centralized PKI to decentralized PKI (DPKI).

With blockchain, every public key has its own address.  This address is known as a decentralised identifier (DID).  DIDs are the first globally unique verifiable identifiers that require no registration authority. They are stored on a blockchain along with a DID document containing the public key for the DID, any other public credentials the identity owner wishes to disclose, and the network addresses for interaction. The identity owner controls the DID document by controlling the associated private key.

Since DIDs are an open standard, any blockchain can create a DID method defining how DIDs can be registered (written) and resolved (read) on that blockchain.  Control over a DID is asserted entirely using cryptography—by digitally signing the transaction with the blockchain where the DID is registered—no central authority is needed to register the DID, nor to track or manage it.

DIDs will enable true self-sovereign identity—lifetime portable digital identity for any person or for an organisation that can never be taken away. Most importantly, every person and organisation with access to the Internet can prove their ownership of a public key, thereby enabling their claims to be verified.

The Sovrin protocol is based entirely on open standards and open source—the Hyperledger Indy Project.  Sovrin blockchain’s only purpose is identity, and its architecture is designed to address the four major requirements of SSI:

  • Governance: how the network can be trusted by all stakeholders,
  • Performance: how the network can provide self-sovereign identity at Internet scale,
  • Accessibility: how the network can ensure that identity is available to all, and most importantly,
  • Privacy: how the network can meet the strongest privacy standards in the world.

If you imagine every person, organization, or thing needs a collection of DIDs—one for every relationship they have—there would be trillions of DIDs in a global decentralized identity system. Sovrin is designed to achieve this scale. Sovrin’s consensus protocol uses a unique two ring node construction.  The first ring of validator nodes accepts and writes transactions, while a much larger ring of observer notes run read-only copies of the blockchain to process read requests.

Sovrin blockchain is engineered to be able to return a state proof with any response. This is a very lightweight cryptographic proof—capable of being processed on a smartphone—that the response is valid according to the current state of the ledger, which should prevent man-in-the-middle attacks on Sovrin queries.

With accessibility in mind, the Sovrin Foundation has formed the Identity for All Council to help ensure the needs of those who do not yet have a means of proving their identity are met within the SSI framework and that universal access can be achieved.

Privacy is inherent to identity and its protection.  At the heart of Sovrin architecture are three fundamental examples of “privacy as the default setting”:

  • Pseudonymity by default. Sovrin supports pairwise-pseudonymous unique DIDs and public keys. This creates a separate DID for every relationship and therefore is unworthy of stealing as it cannot be used anywhere else. The costs of each of these should be as close to zero as possible, and the network would need to be able to scale to trillions of DIDs.
  • Private agents by default. No personal data is stored on the ledger to prevent correlation, even in encrypted form. Sovrin creates a P2P network of distributed private agents working in parallel with the distributed ledger. Each DID has a corresponding private agent—with its own pseudonymous network address—from which the identity owner can exchange verifiable claims and any other data with another identity owner over an encrypted private channel.
  • Selective disclosure by default. Sovrin verifiable claims use cryptographic zero-knowledge proofs so they can automatically support data minimization. Selective disclosure lets identity owners control how much data is shared in a particular context.  Selective disclosure uses a cryptographic technique known as a zero-knowledge proof (ZKP). A public blockchain for SSI makes it feasible to deploy ZKP as the default for all Sovrin verifiable claims.

Sovrin is the Internet for identity—it can standardize and automate how most identity management functions are handled for consumers and for enterprise. This infrastructure can transform the following markets globally:

  • Identity and access management: Know Your Customer (KYC), and Anti-Money Laundering (AML) compliance alone costs every financial institution an average of $60M annually. The strongest demand for pilots of SSI technology are from banks and credit unions seeking ways to control their KYC and AML costs—and why these organizations are among the first stewards of the Sovrin Network.
  • Cybersecurity: To address the lack of an identity layer within the Internet, we need decentralised PKI to give us strong foundations from which to
  • RegTech: Sovrin can lower compliance costs for businesses and create a better experience for customers.
  • Data integration markets: Data Integration is how computer systems are plumbed together to connect business processes. One of the key issues in data integration is how to establish trusted connections between different systems. The challenge is how to authorize data to flow between the different systems, and how to reliably and securely encrypt and decrypt the data. With verifiable claims, data is conveyed by the person or organization presenting the claim, not via an API. This can reduce the overhead required for business integration and make data sharing much more flexible and simple.

The Sovrin token provides a built-in incentive for the privacy-preserving value exchange of digital credentials. By enabling digital value transfer to take place directly in-line with the exchange of verifiable claims—and by incorporating privacy-preserving zero-knowledge proof technology—the Sovrin token is designed to turn the Sovrin protocol into a digital marketplace for trust.

First, the marketplace can expand to encompass credentials at all levels of value. With a digital token and protocol that can efficiently transfer any amount of value. Anything that can become a measure of trust can now be exchanged for a token of value. Second, credential issuers of all types and sizes can enter the marketplace. Third, this new marketplace can support GDPR compliant privacy preservation.

With the Sovrin token, companies can offer customers a direct incentive to share data with consent. This removes the role of data intermediaries in three ways:

  • Since the data comes directly from the customer, it is fully permissioned.
  • The data is fresher and more valuable than third-party data or inferences.
  • The reward for the data, in the form of Sovrin tokens, would go directly to the customer, building trust, and loyalty.

In my opinion, this project is well thought out in terms of its technical architecture, consensus protocol and market structure.  They have delved deep into all aspects of identity, privacy and data protection.  This layer of the internet is long overdue a modern repurposing to make it fit for the future.

The only questions I have are how the foundation would be funded long-term (I would like to see more token economics), how large enterprises will contribute to the running costs of the network (fee structure and token incentives for each type of participants, their contributions, etc.), how users will be acquired until this is a universally used protocol like DNS (I want to use my DID to earn Sovrin tokens, but my bank does not accept this as proof of identity yet)?  I would like to see more detail around their business model as even not-for-profit companies need to fund their operations and create revenue streams.

Like Field of Dreams, I think if you build Sovrin, they will come: individuals, enterprise, consumers, verifiers. The applications of Sovrin are infinite and necessary for privacy to survive Web 3.0.

Project Score: B+

Related Posts

GDPR, AI and advances in our ability to analyse data faster are transforming industries. Data is...

Making hard things easy for people who lack specific technical abilities is a key goal for any...

In Summer of 2017, the largest data theft ever occurred, when sensitive personal records on over...