Self-sovereign identities (SSIDs)
ComPilot is built on self-sovereign identities (SSIDs), particularly verifiable credentials (VCs) and zero-knowledge proofs (ZKPs).
In traditional identity systems, individuals typically have to rely on various organizations or centralized entities to verify and validate their identity. This can lead to privacy concerns, security risks, and limited control over personal data. SSIDs, on the other hand, shift the control and ownership of identity back to the individual.
SSIDs are an approach to digital identity that gives individuals full control and ownership over the information they use to prove who they are to websites, services, and applications across the web. Using SSIDs means users can share their identity information without relying on central authorities or third-party intermediaries.
ComPilot uses the Polygon ID framework as the foundation for its SSID implementation. This brings scalability and low transaction costs, making ComPilot a versatile solution for modern identity management and compliance needs.
Verifiable Credentials
VCs are a key component of SSID systems. They are digital representations of information or attributes that can be issued, held, and shared by individuals or entities. Verifiable credentials enable the secure and privacy-preserving exchange of trusted information between parties, without the need for a central authority.
They are built on the principles of cryptography, using techniques such as digital signatures and decentralized identifiers (DIDs). They are tamper-evident and cryptographically signed by the issuer, ensuring the integrity and authenticity of the credential.
Once issued, VCs can be re-used, removing the need to perform full KYC checks multiple times.
The user's private key is kept in their Web3 wallet. Because of this, there is interaction between ComPilot and the user's Web3 wallet. For example, the wallet is used to sign transactions and approve the sharing of verified data.
Zero-knowledge proofs
ZKPs are cryptographic protocols that enable one party, (the prover) to convince another party (the verifier) of the truth of a statement, without revealing any specific information about the statement itself. In other words, a ZKP enables the prover to convince the verifier that a statement is true without conveying any additional knowledge beyond the statement's validity. They are particularly useful when one party wants to prove knowledge of some information without disclosing that information. For example, a ZKP may allow a user to prove that they are over the age of 18 without disclosing their actual age. ZKPs are used for privacy-preserving authentication.
ZKPs rely on complex mathematical algorithms and protocols, which are employed in blockchain systems. They ensure that the proof is secure and that the prover does not cheat. ZKPs enhance security, privacy, and trust in digital interactions, particularly in scenarios where sensitive information needs to be protected.
As with VCs, there is interaction between ComPilot and the user's Web3 wallet. For example, the wallet is used to sign transactions and approve the sharing of ZKPs.
The SSID spectrum
The SSID spectrum represents a variety of identity solutions, each offering different levels of user control and privacy.
- At one end of the spectrum, verifiable credentials (VCs) enable users to share proof of attributes without divulging unnecessary personal information.
- Zero-knowledge proofs (ZKPs) allow users to authenticate identity or attributes without revealing underlying data.
- Finally, on-chain identities based on ZKPs allow users to manage their identities on the blockchain, thus they offer more interoperability.
ComPilot issues and uses verifiable credentials, which serve as secure, digital representations of paper and digital credentials that individuals can confidently present to organizations requiring verification. ComPilot can also generate ZKPs.
Although ZKPs, and consequently on-chain identities, could solve the dilemma of privacy preserving for users, ZKPs have not been approved by regulation entities to be used for KYC/AML checks.
Generating and using VCs and ZKPs
Verifiable credentials are generated by an issuer, which can be any entity certified to issue credentials. ComPilot operates through an Issuer Node, which is a self-hosted Node with all the functionalities necessary to run an issuer. The ComPilot Issuer Node is implemented through Polygon ID and its Issuer Node Core API. You can learn more about this API in the Polygon ID Documentation tutorials site.
The Issuer Node connects to your application through the API, which allows users to receive their VCs once they complete the KYC process. After this, users are in possession of their credentials and their identities and can generate ZKPs if required.
Use cases
Anonymous verification using ZKPs and selective disclosure of VCs have different use cases.
Anonymous verification using ZKPs can be used for internal compliance enforcement, and basic self-regulation, typically for gated dApps.
Selective disclosure of VCs is used when there are regulatory compliance requirements (such as KYC). Customer types include VASPs, CASPs, PSANs, and Web3 companies working towards becoming VASPs.
The ComPilot Identity Widget
You can configure the ComPilot Identity Widget using the ComPilot Dashboard and embed it in your application to:
- Run know your customer (KYC) checks on your customers, based on verifiable credentials (VCs) issued by official KYC providers.
- Verify customers VCs and check them against composable rules, that give instant answers to regulatory questions.
- Protect customer privacy by requesting only the required customer data.
- Enable customers to skip the KYC process by reusing their VCs issued in previous onboarding flows.
- Create ZKPs based on VCs.
VCs and Web3 wallets
The ComPilot Identity Widget can be embedded in any application to simplify the Issuer - Holder - Verifier flows for the application:
- Issuer: the KYC provider, or ComPilot on behalf of the provider.
- Holder: the customer, controls everything with their active wallet used in the application.
- Verifier: ComPilot on behalf of the app that embeds the ComPilot SDKs.
The ComPilot Identity Widget forwards customers’s data (VCs or ZKPs) to the ComPilot Rules Engine for specific compliance checks, such as regulatory frameworks or custom business logic.
The ComPilot Identity Widget allows customers to reuse their VCs and ZKPs across multiple applications, provided they are also part of the ComPilot ecosystem.
- VCs are stored encrypted in the browser under a common compilot.ai storage.
- VCs can be exported and imported as an encrypted file, which allows customers to store their VCs themselves.
- VCs can be exported and reused from a compatible wallet.