Self-Sovereignty and Privacy

VCs and NFTs to represent reputation for later verification

Encrypted Data Transmission

In the Orange protocol, any data that is fetched from a Data Provider (DP) is encrypted using an Model Provider 's (MP) public key. This means the data remains secure as it enters the system and is sent to the MP to be processed.

In the future, Orange will integrate zero-knowledge proofs and the private computation technology to enhance its security.

Verifiable Credentials

Verifiable credentials are an integral part of decentralized identity and reputation. They contain and carry any necessary data that needs to be shared between two parties, while also carrying with it any data that is necessary to prove that the contents:

  1. have been verified and signed by a certain issuer

  2. have not been tampered with

This logic is carried out using signature and cryptographic proof verification.

Reputation reports and scores are produced in the form of downloadable credentials. They are directly linked to a user's DID, and a record of the credential's status exists on-chain. That way, any entity within the ecosystem can verify the claims made by the user, and assess their credibility by verifying the party that issued the credential.

User Authorization

To establish the relationship between a subject and any associated data, the Orange protocol uses Decentralized Identifiers (DIDs) that link wallet addresses from multiple chains.

Each calculation request MUST carry signature data with it for it to be valid. This ensures no data can be used or associated with a user without their authorization.

A user uses their private key to sign messages when giving authorization for an action

Actions that require user authorization:

  • Sending calculation requests for a wallet address or DID

  • Accessing credential data

Selective Disclosure

Selective disclosure is an inherent property of verifiable credentials and can be implemented fairly easily in a system. This will become beneficial when in the future, Orange issued verifiable credential may contain multiple types of information, while not all fields are necessarily to be shared.

Say you need to prove your credibility in a particular situation, and you have a verifiable credential that was issued by an entity in the network using Orange. For example,

{
  "iss": "did:ont:AXdmdzbyf3WZKQzRtrNQwAR91ZxMUfhXkt",
  "sub": "{\"data\":{\"provider_did\":\"did:ont:AS1QrBpgiPtPoggSU4YRyYNFBtCRnBMaDU\",\"method\":\"queryXdaysSumWithDefi\",\"data\":\"\"},\"algorithm\":{\"provider_did\":\"did:ont:testap\",\"method\":\"calc30xWithDefi\",\"score\":\"775\"}}",
  "exp": 1634537432,
  "nbf": 1633673433,
  "iat": 1633673433,
  "jti": "urn:uuid:af4599ed-eb8e-43e2-8fd5-1784cfe9c218",
  "vc": {
    "@context": [
      "https://www.w3.org/2018/credentials/v1",
      "https://ontid.ont.io/credentials/v1",
      "context1",
      "context2"
    ],
    "type": [
      "VerifiableCredential",
      "OscoreCredential"
    ],
    "credentialStatus": {
      "id": "4f7f159ac4b9913bb185fdf1895705f61b7d0cc6",
      "type": "AttestContract"
    },
    "proof": {
      "created": "2021-10-08T06:10:33Z",
      "proofPurpose": "assertionMethod"
    }
  }
}

In this case, it's possible that you take the proof from the credential, and the score field to generate a presentation that contains that single field only, while also including details regarding who it's meant for (a particular DID or wallet address) so it can not be tampered and re-used. These actions are recorded on-chain for future verification.

Refer to the W3C recommendation on verifiable credentials and presentations for more details on implementation.

The flexibility that credentials provide, when combined with zero-knowledge proofs, is an important development as far as data interoperability and reputation management in P2P networks is concerned.

Non-custodial

The system doesn't store any data that can be identified and connected to a user, more formally referred to as Personally Identifiable Information (PII). A user may choose to download the result of their calculation as a file, generate a verifiable credential, or mint an NFT, but all of the data remains in their control. Without authorization, it cannot be reused for any other purpose. Thus, a user maintains complete control over how their data is processed and shared.

Last updated