Distributed ledger for digital identities

There are compelling reasons to develop new solutions for digital identities. The current way to manage passwords, user accounts and federated identities is obviously suboptimal. There are too many potential entry points of attack and identity providers work with consumers’ data to an extent that is often beyond their control. By contrast, SSI is more attractive from a data privacy perspective, as our software engineer Constantin explains. Based on the principle of self-determination, users are free to decide which identity data they want to make available. Or whether they only intend to discretely identify themselves – without third parties finding out about it. At ING, Constantin is working on applications for this promising new approach.

Digital sovereignty

In the previous article in this series, we covered the core idea of SSI. Now we want to delve deeper into its implementation. Constantin is currently developing an SSI application for institutions. This will enable them as issuers (identity publishers) to release credentials (proof of identity) for holders (users), which will be checked by verifiers (identity retrievers). The decentralized storage of the public keys on a hyperledger (Distributed Ledger Technology, DLT) is crucial. Constantin elaborates: “We have a DLT network here, i.e. a blockchain, and we store the public keys of the participating institutions decentrally. Identities are signed with the private keys, and the public keys can then be used to decrypt them.” The approach is based on the open-source project Hyperledger Indy, more specifically on Hyperledger Aries, which was “decoupled” from Hyperledger Indy. Hyperledger Aries is a specialized identity kit, containing an infrastructure for peer-to-peer interactions that access the Hyperledger Indy network. The open source aspect is very important here. “You can’t develop Self-Sovereign Identities and then base that on a tool that isn’t open,” Constantin emphasizes. “Then we would lose users’ trust at that level.”

Positioning in the blockchain landscape

Up to now, certificates have also been managed in public key infrastructures, in which a public key can be assigned to an issuer. But this is handled by central instances. Compared to such “single points of failure”, distributed databases have the advantage of independence. Yet Constantin points out that a distinction must be made. The cryptocurrency Bitcoin is in a completely open network. “With Bitcoin, you don't know how big the network is. That's why Bitcoin relies on a consensus mechanism, where you can only assume with a high probability that a new block has been added to the blockchain by 51 percent of the participants (proof of work).” Hyperledger Indy is different, as the blockchain is “public-permissioned”. Nodes are limited. While anyone can read public keys on the blockchain – e.g. to verify an issuer – writing permissions are restricted. Interestingly, the Hyperledger universe also offers other versions, such as the private Hyperledger Fabric, which is suitable for industrial applications, for example.

The logic of the Byzantine generals

Hyperledger Indy, unlike Bitcoin, relies on a deterministic consensus mechanism: “Redundant Byzantine Fault Tolerance” (RBFT). The name of the algorithm comes from a thought experiment, in which different generals have to coordinate an attack on a city without knowing if they can trust each other. What’s the advantage over the energy-intensive and slow Bitcoin process? Transactions run faster and cheaper. Constantin explains: “When a new block comes into the network, I can be mathematically one hundred percent certain that it’s correct if more than two thirds of the nodes are ‘honest’. The term ‘honest’ comes from the example of the generals and refers to the nodes functioning properly, e.g. not being hacked. This is really a key advantage. In the identity environment, when I store public keys, I want to be sure that a new block is actually finalized in the blockchain. The system also has disadvantages though. It does not scale well. The larger the number of nodes, the slower the transaction speed.” This is not a fundamental problem for SSI, however, because anyone can get the right to act as an issuer on the network, even without running a node. For governance, the limitation of nodes is advantageous because fewer institutions mean less effort.

DID: Protocol for decentralized communication

SSI does require another component. “We want to manage the identities independently of any central authorities,” Constantin clarifies. Therefore, communication via centrally assigned IP addresses is out of the question. The solution lies in a separate W3C standard for decentralized identifiers (DID) and a communication protocol (DIDComm). The identifier refers to a corresponding DID document on the blockchain. The DID document, in turn, contains the user’s public key and internet endpoints, such as ours. Constantin continues, “Users can then use ING’s public key on the blockchain to verify that the signed identity was really issued by ING.” The public DID is used to initiate a connection. At the same time, private peer DIDs are used for verification actions by the holders, which are unique for each connection and do not end up on the blockchain. This is what makes the self-determination of SSI possible. “Any individual connection should not be able to be correlated with another,” Constantin summarizes. In other words, if user X identifies themselves to institution A, institution B will not find out. “This is different from single sign-on solutions, for example, where such information can be collected and used for advertising purposes.” Hyperledger Aries provides the DIDComm protocol as well as an interaction API for the ledger and a secure wallet.

Institutional solution

SSI is based on a mathematically sophisticated methodology with complex cryptographic building blocks. The application must nevertheless be user-friendly and uncomplicated. An example of this is the Lissi Institutional Agent – the easy-to-use application for institutional users that Constantin is involved in. It also has other interesting features. For example, Lissi enables the use of zero-knowledge proofs (ZKP), proof queries that keep the content of the proof secret. ING is driving Lissi forward in collaboration with various partners, who are also developing a wallet, among other things. “It doesn't make sense for everyone to stay in their own sandbox here,” Constantin explains. “At the end of the day, this is all based on Hyperledger Aries.” One example is ING’s participation in the SSI consortium IDunion. The SSI ecosystem also includes Basis ID, which is conceived to enable a digital identity card on a smartphone. At the moment, this still is not possible, but that could soon change. In September 2021, the then German Chancellor Angela Merkel confirmed her intention to work quickly towards practical implementation of digital IDs. ING Germany is also involved in this project.

An exciting IT project at ING

For Constantin, the collaborative aspect is particularly interesting for his development work: “You get to see how other companies are approaching this issue and exchange ideas with them.” This is also necessary with a new, revolutionary topic like SSI, which could be used to implement groundbreaking new applications, such as a digital credit card. For the IT professionals at our digital bank, SSI is just one of many innovative fields. We offer our employees demanding challenges, nurture their growth through generous training budgets, support personal development and enable agile working in a global group.