Skip to main content

Verifiable Credential Verification

In order to provide an environment to built compliant applications, D-Chain provides Verifiable Credential Verification (VCV) at the time of transaction and the verification requirements are tailored to the type of transaction performed by users and validators. This granular, real time and un-opinionated design allows for scalable trust and identity framework to be used.

It is important to note that no credential data is provided to the chain, only the derived presentations, credentials are always stored safely by the user offchain (optionally with their chosen SSI agent).

There are 3 layers where verifiable credential verification (VCV) is performed on D-Chain:

  • Validators: On block proposal, validators must present a valid and not revoked verifiable presentation. The presentation must be derived from a credential issued by one of the entities determined by the chain's governance.
  • D-Chain level: The D-Chain governance defines the presentation requirements to execute certain messages on the chain. (See gov for more details).
  • Application Specific: The application can define their own verification requirements and the chain will enforce them.

Application Specific Verification Requirements

For applications deployed on D-Chain, they can register multiple routes (each mapping to specific state transition message) with the chain's VCV module.

As part of the chain's transaction verification process (which typically only handles signature verification), the chain invokes the VCV module will verify the user's presentation against the application's defined requirements.

This allows the application to fully control and enforce the verification requirements.

Block proposer credential verification

D-Chain validators are required to be onboarded by one of the group of trusted issuers to obtain a verifiable credential. The group of trusted issuers and onboarding criteria are determined by the chain's governance rules and can be updated by the governance process.

This extra relation with validators provide high level of commitment from validators as their votes on blocks containing both onchain state transition data and offchain data from auditable sidecars processes.

Furthermore, for certain classification of cryptoassets such as BIS classification of Group 1 cryptoassets, it is expected that all "All entities that execute redemptions, transfers, storage or settlement of the cryptoasset, must: (i) be regulated and supervised, or subject to appropriate risk management standards; and (ii) have in place and disclose a comprehensive governance framework".

D-Chain delivers a network that uses SSI for consensus participants, to support all sorts of cryptoassets and regulatory grade decentralised applications.

ABCI 2.0 introduced methods that allow CometBFT and the Application (D-Chain Application Layer) to interact with *Request and *Response at different stages of the block proposal and validation process.

Each validator is a verifiable credential holder, and are required to selective disclose attributes as verifiable presentation (VP) to the network.

The other validators against governance defined requirements, such as who issued it and if it has been revoked or not. Any violation will result in a reject vote. If 2f+12f+1 of voting power nn where n=3f+1n = 3f+1 rejects, it will result in rejection of the block.

Supported Verifiable Credential Presentation Formats

D-Chain currently supports the following verifiable credential presentation formats:

  • AnonCreds: Zero Knowledge Proof based presentation verification (soon)
  • SD-JWT: Selective Disclosure JWT based presentation verification

These formats are selected for their compatibility with adopted SSI standards, such as European Digital Identity (EUDI) regulations.

Prior Work

The AVIDA - Atomic Verification of Identity for Decentralised Applications protocol is an open source project developed by NYMLAB to provide decentralised applications on blockchains to easily add verification requirements for their users.

This allows developers to focus on their application logic and not worry about the complexities verifiable credentials verification and getting updated trusted issuer data over IBC.

D-Chain implements the this protocol on the chain level.