The Web3 Identity Landscape is Evolving
The identity landscape within Web3 is experiencing significant advancements in adoption and the development of new identity primitives. This evolution includes innovative privacy mechanisms that leverage zero-knowledge proofs, along with the rapid adoption of the Decentralized Identifier (DID) stack, and the utilization of technologies such as Transport Layer Security (TLS), Multi-Party Computation (MPC), and Trusted Execution Environments (TEE).
Identity information can be acquired from a variety of sources with these systems, including Web2 accounts, webs of trust, KYC protocols, on-chain reputation, Proof of Humanity protocols, and Web3 social networks, among others. While each solution addresses distinct challenges, standardizing these protocols for interoperability is crucial for advancing the identity space in Web3. The Gitcoin Passport, for example, has merged these isolated identity data points into a cohesive identity score. Organizations can use this score to gate access for participants based on set thresholds, tailored to their access and security needs.
As the use of diverse identity tools and cryptographic primitives to develop identity solutions continues, building on the pillars of self-custody and selective disclosure, will rightly propel this space forward. Building on these principles will also set a precedent outside of crypto in other sectors, including finance, education, science and logistics, in managing data more securely and efficiently.
Holonym V1: Addressing Sybil Resistance in a Privacy-Preserving Manner
Holonym, which began as a hackathon project 2 years ago, has effectively positioned itself within the identity space, emphasizing privacy, self-custody of data, and scalability. As of this writing, Holonym has completed almost 100k verifications, with more than 50k credentials in the anonymity set. The protocol leverages zero-knowledge proofs to allow users to prove facts about themselves on-chain and import identity attributes while remaining safe from tracking and data breaches. Although Holonym is modular enough to plug in with almost any type of identity issuers, the protocol started with fairly standard credentials - verified phones with real history and screened for malicious activity and support for Government IDs from 190 countries.
SybilGovID is a zk-KYC proof of identity generated from a valid Government ID that offers strong rigor and high Sybil resistance. Government IDs, which are relatively universal, can serve as off-chain attributes that we import with Zero Knowledge proofs to minimize leakage of sensitive information. Holonym utilizes these credentials to create on-chain proofs for selective disclosure. The prevailing identity verification landscape in Web3 tends to favor users who engage in numerous on-chain transactions and depend on social attestations, which may lead to centralization issues. Consequently, it is most effectively utilized by those with a strong technological background, limiting accessibility of Web3 to wider demographics. However, the use of Government IDs broadens accessibility, allowing newcomers to mint their Holo ID for identity verification. This lowers the barrier to entry while ensuring privacy. Importantly, this method not only assures privacy but also offers robust Sybil resistance, leveraging the widespread and global acceptance of government IDs for critical functions ranging from opening bank accounts to availing subsidies—a testament to their proven effectiveness in real-life scenarios. This credential not only verifies the validity of the GovID but also includes AML screening, signaling identity and reputation. Its scalability and strong resistance to Sybil attacks make it promising for scenarios requiring high levels of trust, such as airdrops, rewards distribution, digital civic engagement, voting, and wallet recovery.
SybilPhone allows users to prove ownership of a phone number with a significant call history. This credential offers adequate rigor at a lower cost than SybilGovID and can be scaled up easily. SybilPhone is particularly useful for filtering out bots. Both credentials are issued as Soulbound Tokens (SBTs), facilitating token gating, allowlisting and reputation scoring.
Despite decent adoption rates of both credentials, there are a few limitations of the V1 architecture that have been addressed in newer releases. The time to generate proofs has increased substantially after Holonym crossed 30k verifications, making it impractical and certainly a UX turn off for any user, this has been solved by Holonym V2 by removing the need for a Merkle Tree anonymity set. Secondly, Holonym's architecture incorporates a third-party identity provider to verify facts about a user's government ID. Although Holonym requests the deletion of this data post-verification, the certainty of data deletion remains unverified. Despite the identity provider's inability to track users on-chain based on the verified credentials, the ideal scenario for data privacy is self-custody, where credentials do not leave the user's device. Holonym v3 implements strong privacy protections through self-custody.
Holonym V3: Setting the Gold Standard for Privacy with improved UX
The common narrative in web3 is to onboard the next billion users through better UX. In that direction, if Holonym wants to bring the next billion “real” people to web3, the proof has to be generated instantly and seamlessly on consumer devices. V3 enables faster proofs to be generated, in mere milliseconds, without compromising on privacy and security. In fact, V3 enables better privacy by enabling NFC based verification for NFC compatible Govt IDs such as ePassport, Aadhaar, and other cryptographically signed credentials. In a very basic sense, V3 enables Holonym not to read any data pertinent to the credential, and enables the Government to become issuers in a privacy-preserving manner, making the process entirely trustless.
VOLE-Based ZK Proofs
Holonym v3 marks a significant advancement towards self-custody by transitioning from zk-SNARKs to focusing on information-theoretically secure ZK proofs based on VOLE (Vector Oblivious Linear Evaluation). This architecture ensures that proofs are generated client-side on consumer hardware, such as laptops or mobile phones. While zk-SNARKs are limited to simple computations on these devices, VOLE-based ZK proofs significantly enhance prover efficiency by 1000x compared to zk-SNARKs. This improvement enables the protocol to verify arbitrary facts about credentials from various sources such as NFC-based passports, Aadhar, email ownership through DKIM signatures, web account ownership through JWTs, and potentially even Ethereum state trees, all on consumer hardware. This efficiency also opens the door to producing privacy-preserving proofs on device-siloed biometrics to detect liveness with AI.
How this Fancy Math (Zero Knowledge) Enhances User Experience and Privacy
For starters, Zero-Knowledge Proofs allow one party (the prover) to prove to another party (the verifier) that a statement is true, without revealing any information beyond the validity of the statement itself. In the context of ePassports, ZKPs can be used to verify identity or age without revealing the actual data or document to the service provider, with proofs being computed on consumer devices. Here are some examples:
Age Verification: Without revealing the date of birth, a ZKP can verify that the passport holder is above a certain age. The application can use the date of birth from the ePassport’s metadata to calculate the age and then generate a proof that the age exceeds a specific threshold, all without revealing the actual date.
Nationality or Residency Verification: A ZKP can prove that the individual holds a passport from a specific country or region without disclosing the passport number or the individual’s name. This is useful for services restricted to certain nationalities or residents, for example digital voting, health insurance, and other civic rights or privileges granted to legal residents.
Authentication: Or, is this document real? Using the digital signature and certificate for Passive Authentication, a ZKP can prove that the passport is genuine and has not been tampered with, without needing to expose the digital certificate itself.
Selective Disclosure: For applications requiring specific attributes (e.g., name for booking, but not the entire passport details), ZKPs can prove that the data matches the encrypted information on the chip without revealing the full details.
Holonym V3 Powers a New On-Chain Identity Economy
Private Identity Proofs: V3 enables full KYC verification without disclosing one's identity via photo or video to a third party. Users can verify their passports through NFC directly on their devices, eliminating the need for a third-party identity provider and significantly reducing minting costs. This method is resistant to AI challenges in eKYC, and you wouldn't have to scan your eyeballs to prove your identity.
Private Web Account Proofs: Users can now prove ownership of specific online accounts (e.g., email, web accounts) with selective disclosure. These identity data points, while not containing Personally Identifiable Information (PII), provide strong identity verification signals. VOLE-based proofs streamline the process of creating arbitrary proofs, expanding Holonym’s DID stack capabilities. This method also simplifies the user's task of introducing arbitrary facts as on-chain proofs.
Organizations/dapps: As in V1, organizations can enjoy the features of not needing to keep user data secure on their servers, onboarding unique persons to distribute rewards, enable one-person one-vote, unlock access, geogating, and more. All this through a seamless experience. Now that Holonym is part of Silk, dApps can onboard users through Web2 UI with email/oauth logins, and identity verification through Holonym.
Private State Proofs: V3 allows for the efficient proof of Ethereum state for private smart contracts. This means a user can privately prove they have funds on one chain as a pre-condition to execute an action on another chain. These state proofs add a new dimension to DeFi with privacy. You can keep your collateral on one chain but privately take out a loan on another chain without any links between the two accounts.
Private Cross-Chain Abstraction: It enables the provision of state proofs about any message from any blockchain ecosystem privately. This is particularly useful for seamlessly bridging funds between chains without revealing the source or destination of these funds. This can be done with ZK KYC as a precondition to curtail bad actors hiding from enforcement.
