Bonus 2: Self-Sovereign Identity

🎯 Goal

Understand the emerging decentralized identity ecosystem using DIDs (Decentralized Identifiers) and Verifiable Credentials (VCs). Learn to generate DIDs, issue/verify VCs, and explore tools for self-sovereign identity (SSI) and privacy-preserving reputation systems.

🧠 1. Why Decentralized Identity?

🪪 Problems with Centralized Identity

• Requires trust in issuers (Google, Facebook, governments)
• Pseudonymity is hard to maintain
• Data is siloed, monitored, or sold
• Revocation and portability are non-existent

✅ Goals of Self-Sovereign Identity (SSI)

• Portable, user-owned identifiers
• Cryptographically verifiable credentials
• Interoperable standards (W3C DIDs, VCs)
• No central root of trust

Identity without permission.

🧩 2. Core Concepts

🆔 DID (Decentralized Identifier)

A URI-like format that resolves to a DID Document, e.g.:

did:key:z6MkiE3...
did:web:yourdomain.com
did:ion:EiDxyz...

🧾 Verifiable Credential (VC)

A signed JSON document that proves a claim (e.g. “This DID is a student at Cypherpunk School”).

🛠 3. Tools & Ecosystem

🔧 4. Install didkit CLI

📦 On Linux:

curl -L https://github.com/spruceid/didkit/releases/latest/download/didkit-linux-x64 -o didkit
chmod +x didkit
sudo mv didkit /usr/local/bin/

Test:

didkit --help

🧪 5. Generate a DID

DID Method: did:key

didkit generate-ed25519-key > mykey.jwk
didkit key-to-did key < mykey.jwk

Output:

did:key:z6Mkr... (your DID)

DID Document:

didkit key-to-verification-method key < mykey.jwk

📜 6. Issue a Verifiable Credential (VC)

Example JSON Credential:

{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "id": "urn:uuid:12345678",
  "type": ["VerifiableCredential"],
  "issuer": "did:key:z6Mkr...",
  "issuanceDate": "2025-06-04T00:00:00Z",
  "credentialSubject": {
    "id": "did:key:z6Mkstudent...",
    "achievement": "Cypherpunk School 101 – Graduate"
  }
}

Save as vc.json

Sign it:

didkit issue-credential --key mykey.jwk < vc.json > signed_vc.json

✅ 7. Verify the Credential

didkit verify-credential < signed_vc.json

If valid:

{"errors":[],"warnings":[],"checks":["proof"]}

🌐 8. Other DID Methods

To create a did:web:

didkit key-to-did web < mykey.jwk

Then host the DID document at:

https://yourdomain.com/.well-known/did.json

🧩 9. Explore with Veramo (JS)

If you code in JS/TS:

npm install @veramo/core @veramo/cli
npx veramo config
npx veramo identity create

Use agents to issue/verify credentials in apps.

🧠 10. Use Cases for DIDs/VCs

• Anonymous reputation systems
• Zero-trust proof of affiliation (e.g., age, group, org)
• Web3 identity (Ethereum address ↔ DID)
• Cross-platform login (no passwords or emails)
• Proof-of-knowledge credentials (zkVCs)

📝 11. Journal & Git Commit

✍️ Reflect on DIDs & VCs

echo "Bonus 2: Created decentralized identifiers with didkit. Issued and verified a verifiable credential claiming Cypherpunk School graduation. Explored how DID methods work and how to host DID docs." >> notes/bonus2_did_identity.md

📦 Git Commit

git add .
git commit -S -m "Bonus 2 – Decentralized ID and Verifiable Credentials"

✅ Bonus 2 Checklist

• Installed didkit CLI
• Generated a did:key DID and document
• Issued and signed a Verifiable Credential (VC)
• Verified the credential cryptographically
• Explored other DID methods (web, ion)
• Wrote journal and signed Git commit

🧭 Up Next Bonus Options

• Bonus 3: Metadata-Resistant Messaging (Mixnets, Nym, Sphinx)
• Bonus 4: Zero-Knowledge Proofs (zkSNARKs, Semaphore)
• Bonus 5: Privacy-Centric Smart Contracts (DarkFi, Noir, ZK-rollups)

📌 Notes

• DIDs are decentralized, cryptographically verifiable, and portable identifiers
• VCs can encode and prove claims about identities or events without relying on third parties
• This is the future of passport-less, permissionless identity