April 25, 2023

What the heck is... Verifiable Credential?

What the heck is...  Verifiable Credential?

For every Web3 developer building the next world-changing app, there's a marketer or communications professional working alongside them to make sure that the world-changing app not only makes it out into the world but is also understood by the world. Ask any non-technical professional in this field what the most challenging part of their job is and you’ll often hear, “Understanding what the heck has got our developers so excited.”

In this fast moving industry, keeping your knowledge up to date is at a premium & it’s not uncommon to leave a conversation feeling like you knew less than what you thought going in.

To help you understand what the heck your passionate crypto friends are talking about, we're launching this series of short articles to explain common Web3 concepts in simple & clear language.

Today, we're tackling Verifiable Credentials (VC) and their role in privacy and trust in Web3.

Verifiable Credentials: The Secure Keys to Your Digital Identity

In the Web3 space, privacy and trust(lessness) are of utmost importance. One of the critical technologies that help achieve these goals is Verifiable Credentials (VC). Think of verifiable credentials as digital versions of real-life documents or qualifications, like passports, driver's licenses, or academic degrees. These credentials enable you to prove your identity, qualifications, or other personal information in a secure and privacy-preserving manner. Verifiable credentials play a crucial role in the Web3 ecosystem, as they offer several key benefits:

  • Enhanced Privacy: Users can selectively share only the necessary information with verifiers, maintaining their privacy and reducing unnecessary data exposure.
  • Greater Trust: Verifiable credentials are issued by trusted entities and verified cryptographically, ensuring authenticity and increasing trust between users and verifiers.
  • Interoperability: Standardized data models and protocols enable seamless interaction between different systems, platforms, and organizations, promoting broader adoption of verifiable credentials.

The Magic Behind Verifiable Credentials

Verifiable credentials work through a combination of cryptography, digital signatures, and secure storage. The process usually involves three main parties: the issuer, the holder, and the verifier. Here's how it all comes together:

  1. Issuance: Trusted entities like governments, universities, companies or organizations create and sign digital credentials for users, which can include information like names, birth dates, or qualifications. The issuer then signs this credential using a private cryptographic key, which ensures the authenticity of the credential and ties it to the issuing authority.
  2. Storage: The user (holder) receives the verifiable credential and stores it in a secure digital wallet. This wallet can be a software application or hardware device designed to protect the user's private keys and credentials. The user has complete control over their wallet and the information stored within it.
  3. Sharing and Verification: When a verifier (e.g., an employer, bank, or online service) requires proof of a specific claim, the user can share the relevant verifiable credential from their digital wallet. The verifier checks the digital signature on the credential using the issuer's public cryptographic key, confirming its authenticity and the user's claim. This process ensures that the credential is genuine and has not been tampered with.
  4. Revocation: In some cases, a verifiable credential may need to be revoked by the issuer, for example, if the user's certification expires or their license is suspended. Issuers maintain a revocation registry, which is a list of revoked credentials. When verifying a credential, the verifier can check this registry to ensure the credential is still valid and hasn't been revoked.
  5. Interoperability: Verifiable credentials often follow standardized data models and protocols, such as those defined by the World Wide Web Consortium (W3C). This standardization enables different systems, platforms, and organizations to work with each other seamlessly. It ensures that credentials issued by various entities can be understood and verified across different systems, promoting interoperability and broad adoption.

“Blockchains are transparent by design, meaning that connecting a wallet to a service can reveal the user's entire transaction and asset history. Verifiable credentials help address this privacy concern by allowing users to share only the specific information requested by a verifier, without exposing their entire transaction history.”

Litentry and Verifiable Credentials: A Privacy-Preserving Partnership

Litentry's IdentityHub takes advantage of verifiable credentials to create an infrastructure that enables privacy-preserving interactions in Web3. With the IDHub, users can manage, issue, and present various aspects of their digital identity in a secure and selective manner. This approach unlocks the full potential of privacy in Web3, empowering users to maintain control over their personal information and how it's shared. Verifiable credentials are a game-changing technology that promotes privacy, trust, and interoperability in the Web3 ecosystem. By integrating verifiable credentials into platforms like Litentry's IDHub, users can confidently share their personal information, knowing it's secure and only revealed to the intended recipient for a specific purpose. In the near term, we envision verifiable credentials being used to prove your talent, qualifications or skills during a pseudonymous job application process, ensuring that you're being fairly evaluated on your accomplishments and capabilities - rather than being judged (consciously or unconsciously) on your protected characteristics (like race, gender, sex, etc). We also see verifiable credentials providing access control through the verification of identity, proof of humanity, and Trust Your Customer (TYC) processes (as opposed to Know Your Customer or KYC) in financial contexts, like banking or lending. Verifiable credentials and the IdentityHub will make it possible to bring your 'necessary self', adapted to specific contexts, rather than bringing your 'whole self' all the time.

It's another way that we work to make your identity tangible, without being seen.

For a deeper dive on verifiable credentials and how we employ them, check out our Verifiable Credentials Series on Medium.