Complete SSI with MPC and blockchain
In previous articles we have discussed how secure multiparty computation (MPC) and public blockchains can enhance digital identity for verification and self-sovereign identity (SSI) in particular.
It is now time to take a deeper look into how Partisia Blockchain and its MPC capabilities enhances SSI to cope with the unsolved challenges around private data activation.
This is a great opportunity for SSI builders to pick up cutting edge privacy technology and leverage our support to launch the next billion dollar digital identity business.
For the best teams, we offer grants and dedicated support directly from our core team. Apply for grants here.
Now, let’s get into it!
Background: current SSI is an incomplete solution
SSI revolves around issuers such as KYC providers that issue verifiable credentials (VCs) to users who store the identity data on their own hardware – therefore “self-sovereign” – typically in an identity software wallet on the phone. Verifiers are the third-party who can receive various types of identity data presentations from credentials such as proof of country and birthdate from a KYC credential. Presentations of VCs is the equivalent of showing physical credentials such as a passport, but in a digital and secure manner.
Presentations are generated in identity wallets by the users themselves and the exchange of them are facilitated by a secure connection that is often managed by a centralized service called an agency.
The idea about SSI becomes really powerful when users receive and hold multiple VCs from multiple issuers that make up entire digital identities, which is entirely owned and managed by the user at first. The complete identity data simply will not rest anywhere else besides on the users own hardware, until the users chose to present the data which in addition can be protected with privacy features such as selective disclosure and zero-knowledge proofs e.g. you only show jurisdiction and prove that you are more than 18 years on from a complete KYC credential that contains much more information than what’s needed for the verifier.
Notably, VCs are inherently more secure than traditional credentials, such as physical driver’s license, because digital signatures make them tamper-resistant and instantaneously verifiable. Moreover, VCs are digital, portable and reusable, which cuts cost and makes everything much more convenient for users.
However, as much as SSI offers users true ownership of identity data, it also poses challenges in regards to privacy and compliance when activating the data through presentations for verifiers, backup and storage.
Data activation through VCs presentations
In its current form, SSI does not have strong enough privacy when activating the data through presentations because once a VC has been presented to a verifier, regardless of using privacy features such as selective disclosure and zero-knowledge proofs, the data rest with the verifier in a black box that users cannot control. How data is handled from there would rely on trusting the verifiers to comply with regulations such as GDPR, potential auditing from authorities, and any specific agreements with the users. Furthermore, there is a lack of frameworks and standards for compliant, provable and transparent data monetization which is needed to encourage mass adoption.
Backup and storage of SSI
Another major issue with SSI in its current form is that users are only left with two options for backup of identity data that either compromise security or privacy. One option is to backup and store identity data on another piece of self owned hardware resulting in multiple self-sovereign controlled backups. However, in reality, this is not convenient for users and if hardware is lost, so is the data.
The second option, which is by far the most convenient and popular, is to store identity data externally with a third party, such as a cloud service. This way, users will unlikely lose the data itself and can always access it. However, relying on centralized external services can result in compromising privacy and giving up control because there’s little transparency in how data is stored and manipulated.
Another profound problem with SSI in its current state is the reliance on intermediaries, often known as agencies or agents, to establish connections between parties and facilitate the exchange of VCs.
Partisia Blockchain SSI framework
Partisia Blockchain has as the world’s first L1 operationalized MPC for general computation on a public blockchain, which means that one or multiple data sources can allow others to compute on the data while it stays encrypted and operate under predefined rules expressed in smart contracts. This is also known as confidential compute and several privacy enhancing technologies (PETs) share this capability. However, MPC is superior when computing on multiple inputs and quantum resistance is a hard requirement.
Confidential compute opens up an ocean of new use cases such as private voting, RWA ownership verification, supply chain provenance, GDPR compliant data analytics across multiple data silos, and very importantly for this article enhanced and complete privacy in SSI.
MPC protected data activation
Partisia Blockchain and its MPC capabilities allows a user with an identity wallet to encrypt identity data with secret sharing encryption and then share it with a network of MPC nodes that will not be able to read the original data because the secret shards are distributed amongst the network. There is simply no way to reconstruct the secret and read the original data unless individual secret shards are collected based on a threshold, which is protected by MPC and a collateralized non-collusion security model. Furthermore, secret sharing encryption is by default quantum resistant, so it is not possible to brute force a secret with a supercomputer unlike other PETs like fully homomorphic encryption (FHE) that relies on public key encryption.
This also means that MPC allows for users to have data stored in a “self-sovereign” external network which can function as back-up or simply storage, but more importantly, a private SSI platform to activate the data against a verifier’s request through private verifications and standard privacy features. Partisia Blockchain natively supports multiple standards and can produce presentations for private verification, but also across private and public blockchain for various purposes.
Private verification is really what sets MPC enhanced SSI apart from the current SSI e.g. during the recent pandemic, many attempts were made to create a Covid-19 passport so citizens could prove they were either vaccinated or tested negative while preserving privacy in the claim. Zero-knowledge proofs are good for this, but limited to only presenting yes/no results to a verifier without extensive physical verification, such as ID cards, which would compromise SSI principles.
In collaboration with HES-SO Valais-Wallis, Partisia Blockchain developed a solution where identification is reduced to matching an individual’s face with an image of the person’s face powered by MPC in order to increase security and privacy. The Partisia Blockchain ensures trustworthy information is broadcasted to the verifier and MPC ensures that the private information about the citizen is used only for matching and kept hidden for the verifier.
While MPC is powerful for verification, the idea about having identity data in a private secure network is also useful for use cases that revolves around private AI, e.g. identity data can remain encrypted while a private AI model compute on it and only when the user received the output it can be decrypted incl. the result from the AI model.
Very significant for the above solutions is that the agency is left out so the secure connections and data presentations are managed directly from the MPC clusters where the data privacy is protected and data managed completely on the users’ terms.
Confidential compute on multiple identities
As aforementioned, MPC is powerful when it comes to computing on multiple inputs while preserving privacy. This unlocks a massive potential for compliant and private data analytics on multiple users data combined for use cases such as healthcare data for pharmaceutical R&D and data aggregations for monetization where users are rewarded, but didn’t give up privacy.
The concept is the same as for a single user data where secret sharing encryption is performed and the secret shards are distributed to MPC clusters. However, for multiple users the MPC nodes are able to combine and compute on the data while never understanding the complete input and share encrypted outputs which can only be decrypted and understood by selected users as predefined in zk smart contracts.
Partisia Blockchain SSI framework
DID/SSI is a large stack of different technologies and this article has only covered how to enhance SSI which is the lacking component to offer compliant end-to-end solutions on top of the existing stack. Together with our partners, we are also building out a significant amount of the fundamental DID/SSI component such as agency, mobile SDKs, identity wallets, standards, DID method, DID resolvers, onchain DID documents, definitions and schemas, trusted registries and more.
Reach out to us for a conversation and learn more about our technologies.
Stay updated: Website • X • Discord • Telegram • LinkedIn • Facebook • Instagram • GitLab • Medium • YouTube