Identity Validators
In the HP SSI framework, Identity Validators (Issuers) are the entities that check the private data submitted by users and issue verifiable credentials (VCs) if these data are proven to be valid against the respective claims of the VCs. Identity Validators are considered trusted entities since they are ultimately responsible for the authenticity of the issued VCs (similar to the role of the sequencer in zero-knowledge rollup applications).
Given the Issuers’ privileged access to user PII, a fully decentralized, permission-less approach where anyone can become an Issuer may not be desirable from a privacy perspective. That said, some degree of decentralization may still help reduce the reliance on a single trusted agent without too much sacrifice to user data safety, and we are actively exploring methods that will partially decentralize the VC issuance process in Phase 2.
In Phase 1:
Humanity Protocol Core Platform processes the palm signatures collected by the Human Recognition Module and issue unique-human VCs if and only if the palm signatures passes the unique human test (i.e. belong to a human and are dissimilar to all existing palm signatures in the PoH universe).
HP Core Platform is also responsible for producing the zero-knowledge verifiable presentations (VPs) used in the customized queries from third-party applications (for human uniqueness, zero-knowledge proof of non-membership of the User in the HP).
In Phase 2:
Humanity Protocol targets to appoint a diverse set of Identity Validators that are required to hold a significant stake in Humanity Protocol through the staking of $HP tokens. These Identity Validators are accredited institutions that have the authority to issue VCs pertaining to their respective claims. For example, a licensed financial institution would have the credibility to verify a user’s KYC data, whilst a university can attest to the fact that a user was in fact a student and has completed a specific degree.
Identity Validators will have a fixed term that will be determined via the HP Governance process, which opens up nominations (including self-nominations) of candidates and conducts network-wide elections.
Identity Validators validate a user’s credentials (in off-chain manner if appropriate) and issue relevant PII VC. For example, an education institution issues education VCs regarding a user’ graduation status from itself, and has no authority in/access to the same user’s other credentials such as driving license status. Phase 2 will also support more complex verifiable presentations (VPs) involving both non-PII and PII VCs, requiring the collaboration of both the HP Core Platform and Identity Validators in the production of these complex zero-knowledge VPs. Whenever possible, sharding of the PII VC metadata will be implemented to reduce the concentration risks for data storage.
Phase 2 Identity Validation Consensus Mechanism
In Phase 2, for settings where multiple Identity Validators are capable of validating the same User claim (e.g. age, geographical location), the VC issuance process will include a consensus mechanism involving multiple Identity Validators. Here HP utilizes a hybrid on and off-chain approach to produce proof of virtual identities and asset ownership that can meet the standards of real-world KYC applications. In other words, Identity Validators conduct their verification off-chain using their proprietary technologies, and only upload the verification results (in standardized format) on-chain without revealing the verification process.
We believe this is the best response to the ever-changing regulatory landscape and advances in potentially malicious counterfeit technologies and ensures that HP “verified account” is a reliable indicator — perhaps even a coveted status — that can be used in real-world applications requiring robust KYC checks.
Off-chain validation also drastically improves scalability to support future network growth. We expect the average completion time for a PII VC issuance case to be <1 hour.
The following is an illustration of the steps involved in the issuance of unique human VCs by Identity Validators (assuming a quorum of 5 Identity Validators):
User’s VC encrypted metadata is uploaded to a dedicated storage space associated with the User on HP’s IPFS decentralized storage. This creates a issuance case.
For a set period of 2 hour, User will grant access to 2 randomly selected Identity Validator Nodes to the issuance case by sharing the decryption key (key access will expire after the time limit)
Within the time limit, Identity Validators independently conduct their validations off-chain using their proprietary technologies, and establish a Yes/No/Uncertain status to the following identity claims:
User under review is a real person (or entity)
Personal data under review are valid and authentic
Personal data under review belongs to the user who is under review
If all identity claims are “Yes” by consensus, the Identity Validators will update the cryptographic accumulator (encrypted database of existing users), mint the unique-human VC/produce zero-knowledge proofs of the claims, and broadcast the updated account status to the entire network.
If the Identity Validators arrive at different conclusions above, 3 additional Identity Validators will be given the issuance case. Combining the results of both rounds, a simple majority of three decides as to whether the issuance is successful or not. Identity Validators who are in the minority will see their HP stake partially slashed.
Last updated