Definition
A Decentralized Identifier (DID) is a new type of globally unique identifier that enables verifiable, self-sovereign digital identity without relying on centralized registries, identity providers, or certificate authorities. DIDs are created and controlled by their subject (the identity holder), stored on blockchains or other decentralized systems, and associated with DID Documents — JSON-LD files containing public keys, authentication mechanisms, and service endpoints for interacting with the identity. The W3C DID specification (became a W3C Recommendation in 2022) defines the standard, with multiple “DID methods” implementing it on different blockchains: did:ethr (Ethereum), did:ion (Bitcoin via ION network), did:key (no blockchain), did:web (domain-based). DIDs are foundational to the self-sovereign identity (SSI) ecosystem and verifiable credentials infrastructure.
DID Architecture
“` Traditional Identity (Centralized): User → Google (creates “user@gmail.com”) Google: Controls identity, can delete/modify, sees all usage
Problems:
- Identity provider has power over your identity
- No portability (Google account useless outside Google)
- Provider can be hacked, shut down, or deny access
Decentralized Identity (DID): User → Creates DID: “did:ethr:0x742d35Cc…” User controls: Private key associated with DID DID document stored on: Ethereum blockchain (or IPFS, etc.)
DID Document contains: { “@context”: “https://www.w3.org/ns/did/v1”, “id”: “did:ethr:0x742d35Cc…”, “authentication”: [{ “id”: “did:ethr:0x742d35Cc…#keys-1”, “type”: “EcdsaSecp256k1RecoveryMethod2020”, “publicKeyHex”: “02b97c30de767f08…” }] }
Usage: User presents DID → Verifier resolves DID document DID document provides: Public key → Verify user’s signature Result: Authentication WITHOUT password, central server, or provider “`
DID Methods Comparison
| DID Method | Underlying System | Key Property |
| did:ethr | Ethereum blockchain | EVM-compatible; widely used in DeFi identity |
| did:ion | Bitcoin (ION network) | Bitcoin security; Microsoft-backed |
| did:web | HTTPS domains | No blockchain; easy; less decentralized |
| did:key | Self-contained (no registry) | Offline; no blockchain; simple |
| did:peer | Peer-to-peer | Private interactions; no public ledger |
| did:cheqd | Cheqd Network | Identity economy; DID-linked resources |
FAQ
Q: How are DIDs different from ENS names?
ENS (Ethereum Name Service) maps human-readable names (alice.eth) to Ethereum addresses — primarily for payment routing. DIDs are identity-focused, containing authentication keys and service endpoints, designed for verifiable credential presentation and authentication protocols. They solve different problems: ENS simplifies sending crypto to alice.eth; DIDs enable alice.eth to prove she’s a real person with verifiable attributes without revealing personal data.
Q: What are Verifiable Credentials (VCs) and how do DIDs enable them?
Verifiable Credentials are digital equivalents of physical credentials (driver’s license, university degree) issued by authorities (issuers) and presented by holders to verifiers — cryptographically signed so forgery is detectable. DIDs make VCs work: the issuer signs the VC with their DID’s private key; the verifier resolves the issuer’s DID to get their public key and verify the signature. The holder controls when and to whom to present the VC, without the issuer knowing about individual presentations.
Q: Is DID technology being used practically in 2024?
Yes, in specific domains: (1) Microsoft’s ION DID system (used for Microsoft Entra Verified ID), (2) Polygon ID (ZK-based verifiable credentials for DeFi KYC), (3) KILT Protocol (SSI for Polkadot ecosystem), (4) European digital identity wallet (eIDAS 2.0 framework mandates VC/DID-compatible infrastructure), (5) World ID (Worldcoin’s biometric uniqueness verification using ZK proofs on a DID framework). Mainstream adoption remains limited but enterprise and government pilots are active.
UPay Tip: DIDs represent the infrastructure layer for Web3 identity — the equivalent of TCP/IP for internet identity. If you’re building applications requiring user identity (KYC for DeFi, credential verification, age verification), evaluate DID-based systems before building centralized alternatives. DID-based identity enables: compliance without data custody (you verify attributes without storing personal data), portability (users control their identity across your app and others), and privacy (ZK-based DIDs like Polygon ID allow proving attributes without revealing them). The EU’s eIDAS 2.0 framework incorporating DID-compatible infrastructure signals this will become regulatory standard over the next 5+ years.
Disclaimer: This content is for educational purposes only and does not constitute financial advice.
UPay — Making Crypto Encyclopedic
