Developing a DID Aggregator on Blockchain (Part Ⅱ)
Technical Architecture of the Litentry Protocol
Overview
The Litentry Network provides privacy-first, decentralized identity aggregation computing services. Litentry Network abstracts away the complexity of the blockchain consensus layer and undertakes the calculation of the format-agnostic DID data for multi-network identity aggregation. The identity aggregation layer enables decentralized applications to get trustless identity-related & credit-related data. To get a better understanding of why aggregated identity is needed, please refer to the Part Ⅰ of this article.
The identity aggregating services could be used for collateralized lending, insurance rate calculation in DeFi, voting power calculation in DAO governance, and accreditation in KYC required services (for example, prevent BOT from Airdrop or IDO), etc.
Litentry Network is different from blockchain oracles like Chainlink, because it adds an additional computing layer which computes high-level data. Currently, Litentry is used mainly for identity-related data computation, but the architecture has the potential to solve any kind of high-level data computation request.
Terminology
Decentralized Identity Aggregation
The aggregation of different accounts and identity data of the same person on different platforms and blockchains in a decentralized manner. Litentry is the first one to provide decentralized identity aggregation service. The decentralization is provided by a public blockchain to ensure the integrity and credibility of DID data.
Data Registry
Regardless of the specific technology used, any system that supports recording user identities and returning data necessary to obtain a user’s identity information is called a data registry. Examples include distributed ledgers, decentralized file systems, databases of any kind, peer-to-peer networks, and other forms of trusted data storage.
WASM Smart Contract
WebAssembly is a new low-level language, the compilation targets a wide range of modern programming languages. The benefits of using WebAssembly as a format for smart contracts can be found here. It empowers developers to create customizable identity scoring algorithms and identity-related events.
Offchain TEE Workers(OCTW)
Off-chain workers(OCW) allow a Substrate node to offload tasks that take too long or too much CPU / memory resources to compute, or have non-deterministic result. In particular there are a set of helpers allowing fetching of HTTP requests and parsing for JSON. It also provides storage that is specific to the particular Substrate node and not shared across the network. Off-chain workers can also submit either signed or unsigned transactions back on-chain. An OCTW is an OCW implementing in trusted execution environment (TEE).
Verifiable credential
A standard data model and representation format for cryptographically-verifiable digital credentials as defined by the W3C Verifiable Credentials specification [VC-DATA-MODEL].
Identification Method
The definition of Identification Method in the Litentry scope refers to the general methods we use to turn unidentified data into human-readable identity data. For example, a credit score, or a symbolic badge. In the Litentry Network, we use configiable functions to calculate identity data, which includes two types of identification methods — identification event & identity scoring algorithm.
Identification Events
Identification Events are computing commands that indicate a data analyzer to analyze specific user behaviors based on the targeting data and output identity-related information.
Identity Scoring Algorithm
Identity scoring algorithms are used for computing identity scores. It specifies the weight formula for each piece of the requested identity data. Identity scoring algorithms are recorded publicly via WASM Smart Contract and they can be reused by different requesters.
Architecture
It mainly includes three different layers.
Original Events / Data Sources Layer
Here, Litentry relies on the existing data registries and indexing services to get original user data and offload the provision of data to external data providers, such as Etherscan, The Graph, OnFinality, and more.
The original data here refers to the existing data that are generated by the user and recorded by open data registries, especially traceable and unalterable data recorded by blockchains, for example, the chain states, or historical transactions, or emitted events. The original identity data could also be provided by web2.0 APIs like Twitter, Facebook, Discord, etc.
Every single piece of data can be provided by different data endpoints, and it’s up to the data analyzer’s choice to choose which data endpoint to fetch data from.
Address Analysis Layer
This layer processes the original identity data and produces analyzed data for Identity Aggregation. The identity computing services consume a lot of resources thus we do it off-chain and split it from consensus.
This layer decouples the computation process of identity analysis and identity aggregation. It improves computation efficiency and network throughput by providing redundancy on both structured identity data and computing resources.
Data Analyzers
Data Analyzers are external nodes providing identity-related data analysis services for the Litentry Network. Each data analyzer works independently and gets rewards by providing honest identity analysis results. The higher quantity of data analyzers in the Litentry Network the high efficiency and availability of the address analysis layer.
How it works
In this layer, data analyzers are incentivized to process random tasks to calculate results for the Identification Event. Following the analyzing methods given in identification events, data analyzers basically handle the data indexing work and provide a simple data calculation service.
Data integrity
The generated identity-related data will be signed by each analyzer to ensure data integrity and will further be validated in the next layer. One task is always executed by multiple analyzers to ensure availability, but not necessary by all the analyzers.
Identity Aggregation Layer
As an identity aggregator, Litentry focuses on providing credible and accurate aggregated identity data. So in this layer Litentry network does two things: 1. Get the analyzed identity data from the Address Analysis Layer and prove data consistency. 2. Aggregate cross-platform identity data and calculate an Identity Score based on the provided Identity Scoring Algorithm from WASM Smart Contract. Thus, an address may get its accreditation score according to its historical activity data in different networks, e.g. Ethereum, Polkadot, BSC, and more.
The Identity Aggregation Layer mainly accomplishes four goals:
- Interoperability — resolve arbitrary identity data
- Composability — customizable combination of identity info and compute identity score
- Privacy — protect user data from unauthorized third parties
- Security — guarantee network availability and prevent attacks
The Litentry Runtime and the TEE sidechain make up such attributes for the identity aggregation service.
Litentry Runtime
The different pallets in Litentry Runtime collaborate and interact with each other to achieve a decentralized identity aggregation service, the scalability and security are guaranteed by the Substrate Framework. It includes several key pallets, like account linking, off-chain-worker, smart contract, identity, etc.
TEE Sidechain
TEE Sidechain is consists of multiple OCTWs. It is a sidechain pegging to the Litentry mainchain and has its own consensus. OCTW compute aggregated identities for the Litentry mainchain and sync with the mainchain using a light client. The TEE Sidechain generates deterministic identity data and the Litentry mainchain agrees on the aggregated identity results.
Core Pallets
A decentralized aggregated identity is generated in a decentralized, confidential, and trusted manner. To achieve this manner, different software pallets are designed for orderly collaboration to output such a result. The following sections define the software pallets in the Litentry Protocol, including the pallets in the Litentrt Runtime and TEE Sidechain. These pallets contribute to the workflow for the generation of a decentralized aggregated identity.
Task Distributor
Task Distributor handles the external Identity Computing Request and generates tasks assigning registered Data Analyzers and triggers OCTW to request and fetch analyzed identity data from Data Analyzers.
In order to keep the user’s identity relationship information confidential, the data fetching and identity computation process in the Identity Aggregation Layer will be executed in the TEE side chain. Our Task Distributor will use the shielding key to encrypt the request and forward it to the TEE Sidechain with some necessary on-chain info like smart contract ID and a random number.
Off-chain TEE Workers(OCTW)
Litentry’s off-chain TEE worker(OCTW) is built with the SubstraTEE framework. Off-chain TEE workers are different from Parity’s off-chain workers, they have their own consensus but still in sync with Litentry Runtime with light clients, and they compose a TEE sidechain.
A trusted execution environment (TEE) is an execution environment that provides security functions (such as isolated execution), like a highly private security space, in which user data cannot be viewed, accessed, or altered by operating nodes and any third parties. In the TEE implementation of Litentry, the computed identity and score will be shielded with the user’s public key, so it can’t be seen from any party except the authorized party itself.
Assign analyzing tasks
For an identity computing request, the data query command and the identity scoring algorithm are encrypted and delivered to the OCTW. OCTW will firstly decrypt the computing request and assign the tasks to Data Analyzers with the random number and listen to their results.
Validate analyzing results
After getting the results provided by different analyzers, OCTW will use a Byzantine fault tolerance (BFT) consensus to find a deterministic result. This guarantees data consistency for each identity information. In this step, discrete identity data are gathered together according to the linked identities provided by the requester under the authentication of the identity owner.
Compute identity score
After getting the concrete identity information, OCTW will start to compute an identity score based on the provided Identity Scoring Algorithm. Identity score is a manifestation of credit, it also provides the flexibility of application usage that applications can directly judge the result based on the score.
Encrypt and output result
In the end, OCTW will output an encrypted result of the computing data as an event, the user subscribes to the event and decrypts it. In the output, there is also a plaintext signature which could be proved by a third party that the result is calculated by the Litentry Network.
WASM Smart Contract Pallet
The user can specify the parameters of an identity computing request in the WASM smart contract. Wasm smart contract provides the scalability and flexibility for Litentry Network and abstracts away the complexity of decentralized data fetching and computing for developers who want to use Litentry Network.
This pallet is composed of a series of WASM smart contracts that empower the knowledge base and identification ability of the Litentry Network. It mainly contains these functions:
- Record data analyzers’ registration identity information (Public keys, API info, staking info, etc.)
- Record the submitted identity scoring algorithms from external providers
- Record the identification methods used for analyzing Identification Events
- Enable customized composable identity scoring algorithms
- Enable updating the Identity Model in Account Linker by democracy
- Enable smart contract interaction with XCMP
- Enable creating identity computing requests
NFT Pallet
The Litentry Network does not store any identity computing results of users, however, to reduce unnecessary computing for less-frequently changed data and to improve the efficiency of the identity data query, we also allow users to record the result as an NFT on-chain. The NFT pallet dramatically reduces the redundant computing requests on Litentry Network and creates a new economic model.
Generation
These NFTs are generated by smart contracts which are associated with Identity Scoring Algorithms. After the Litentry blockchain agrees on the computed identity data, a validator will check for the NFT command embedded in the computing result. If there is such a request, the NFT pallet will create an NFT to record the data on-chain.
There are two workflows here:
- The active request: a user sends a request to Litentry for identity validation, if the result is true, then the user gets the NFT.
- The passive claim: external requesters set up some requirements, data analyzers will maintain a qualification list, user can claim the NFT once s/he is on the list.
Verifiable credential
These NFTs are verifiable credentials of their specified identity information computed by the Litentry Network. Users can efficiently prove their identity to a third party using these NFTs.
Litentry provides the framework to generate customized verifiable credentials through the NFT pallet. It could be useful when dApp developers want to create decentralized credentials for their users, for example, identifying the “early supporters” of their dApps.
Encrypted On-chain Storage
Litentry Network only stores necessary data and will not actively store user identity computation results unless the user requests it to. The Encrypted On-chain Storage is used for storing users’ identity linking relationship data from the Identity Linker, and it is encrypted by the TEE Sidechain’s shielding key to eliminate the risk of data leakage.
Identity Linker
The identity linker pallet is used to write the user’s identity linking relationship., it is the cornerstone of the identity aggregation protocol. When OCTW fetches the identity data from data analyzers, they need to know the targeting user address, that is to say, the prerequisite for obtaining a user’s cross-platform identity data is to know the user’s valid identity linking relationships.
Account Verification
When a user initiates an account verification request, the OCTW handles the verification process. Users will receive a challenge to verify their identity ownership. For example, if a user wants to link his/her Ethereum account, s/he needs to provide a signature. In the TEE Sidechain, the OCTW will validate if the user has solved the challenge. If the validation succeeds, it will send back an extrinsic to Litentry runtime and save the linked identity info in the encrypted on-chain storage.
Identity Model
In the Identity Linker pallet, a user is represented as its Litentry address. Each Litentry address can be linked with multiple different identities. Each supported identity is associated with a specific platform/blockchain, the first batch of the supported networks includes Bitcoin, Ethereum, and Polkadot. It means that the network will support aggregated identity computation for these networks.
Since different platforms use different identification methods, adding a new platform requires special development of its account verification mechanism. It may be necessary to conduct DAO voting for “newly added platforms”.
Privacy protection
The identity linking process may reveal some of the user identity information, but the TEE framework guarantees no user information will be revealed to validators during the verification process. In addition to this, the user needs to encrypt the account linking request with the OCTW’s shielding key before submitting it, it ensures data security during transmission.
Identification Methods
The ability to analyze raw blockchain data and generate identity profiles is originated from the identification methods in the system. The definition of Identification Method in the Litentry scope refers to the general methods we use to turn unidentified data into human-readable identity data. For example, a credit score, or a symbolic badge. In the Litentry Network, we use configurable functions to calculate identity data, which includes two types of identification methods — identification event & identity scoring algorithm.
Identification Events
Identification Events are computing commands that indicate a data analyzer to analyze specific user behaviors based on the targeting data and output identity-related information.
The Identification Event is one of the key factors that add up to the value of the Litentry Network. The more meaningful identification events are created, the more flexibility the network gains when providing customized cross-platform aggregated identity.
Here are two example events, both indicate user loyalty of Uniswap as unique identification events:
Event 1
*Pseudocode
Name - Unisocks Edition 0 holders
ID - (Base64 string)
Project Name - Uniswap
Contract - 0x23b608675a2b2fb1890d3abbd85c5775c51691d5
Original Data registry - Ethereum
Analyzing Method - > if(asset balance >0){isOwner = true;} else {isOwner = false; }Event 1 records a method of analyzing whether a user is a holder of the Unisocks Edition 0 token. $SOCKS is a token that entitles user for a real pair of limited edition socks, issued by Uniswap. Holding an Unisocks Edition 0 may indicates this user is a loyal user to Uniswap.
Event 2
*Pseudocode
Name - Transaction times with UniswapV2Router02
ID - (Base64 string)
Project Name - Uniswap
Contract - 0x8ad599c3A0ff1De082011EFDDc58f1908eb6e6D8
Original Data registry - Ethereum
Analyzing Method -> {return Interaction times with 0x8ad599c3A0ff1De082011EFDDc58f1908eb6e6D8 of this wallet}Event 2 records a method of calculating the tx times that an address has been made with the UniswapV2Router02 contact. The UniswapV2Router02 contract is the smart contract used to interact with trading pools on Uniswap.
Identity Scoring Algorithm
Identity scoring algorithms are used for computing identity scores. It specifies the weight formula for each piece of the requested identity data. Identity scoring algorithms are recorded publicly via WASM Smart Contract and they can be reused by different requesters.
In the general application layer, identity scores can be used as a quantitized indicator to reflect user credit. For example, combining Event 1 and Event 2 in the Identification Event section, we can make a simple scoring algorithm for “Uniswap loyal user score”:
*Pseudocode
Name — Uniswap loyal user score
ID — (Base64 string)
Formular - f(x)= if(Event1_value=true,100,0) +10*Event2_valueThis algorithm created a formula to score Event 1 and Event 2. It indicates that for Event 1, if the value is true then it gets 100 scores, if not it gets 0 score; for Event 2 the calculated score is 10 multiply by the value of Event 2. The scores of the two events add up to the total score.
The identity score can reflect the user’s credit or reputation, or any meaning of quantifying identity. As long as it complies with computer lauguage, any identity-related data can be calculated as an identity score. Litentry Network provides the ability to record such calculation algorithms and process decentralized identity scores.
Conclusion
Aiming for the flexibility of identity aggregation, the reliability of data, and the efficiency of computing, Litentry protocol forms a decentralized cross-platform identity aggregation framework. The Litentry Network relies on the accumulation of identification methods to become iterative; the more identity-related calculation functions the network accumulates, the better identity data feeds to different platforms and dApps. Eventually, it will become the identity hub that connects all identity systems on the open Internet.
About Litentry
Litentry is a Decentralized Identity Aggregator that enables linking user identities across multiple networks. Featuring a DID indexing protocol and a Substrate-built distributed DID validation blockchain, Litentry provides a decentralized, interoperable identity aggregation service that mitigates the difficulty of resolving agnostic DID mechanisms. Litentry provides a secure vehicle through which users manage their identities and dApps obtain real-time DID data of an identity owner across different blockchains.
