DID Method did:lac1
The verifiability of digital credentials depends on the cryptographic signatures of issuers and subjects. Historically, X.509 certificates have been used for authentication, primarily in server and application security. However, these certificates lack the scalability and flexibility needed for digital credentials. A more scalable approach requires decentralized identifiers (DIDs), which allow entities to manage multiple cryptographic key pairs while supporting key rotation, revocation, and multiple endpoints. This makes DIDs an ideal solution for modern digital credential ecosystems.
In compliance with the W3C DID Core specifications, we have proposed a new DID method did:lac1, designed for scalability, security, and interoperability. It builds upon the ethr DID method and the LAC DID method, introducing key enhancements for greater precision and transparency. Our method enables the encoding of the exact resolution path within the DID itself, ensuring seamless access to the underlying DID registry. Key improvements over did:ethr, did:lac, and other did methods include:
Backwards Revocation Time Support: This feature allows a DID controller to revoke a key not only from the moment of revocation but also retroactively, specifying a time in the past (t₁) after which the key is considered revoked. This is particularly useful when revoking a key without invalidating all cryptographically verifiable statements signed with it—only those issued after t₁ are affected. Key benefits are:
Transparency: Since revocations are recorded on the blockchain, all key changes are fully traceable and auditable.
Key Compromise Scenarios: If a key associated with a DID is compromised, the controller has two options:
Full revocation, which invalidates all statements signed with that key.
Selective revocation, where the controller specifies a past date when the key became invalid (e.g., if a vulnerability was identified X days ago, only statements issued after X days ago are revoked, while earlier statements remain valid). To ensure a verifier can trust that a cryptographically verifiable statement was made before X days ago, the statement should include a proof of time, such as a timestamp anchored to a blockchain. This allows verifiers to confirm the document’s existence at a specific point in time.
Direct DID Registry Resolution: Our method encodes the exact path to the DID registry within the DID itself, eliminating the need for additional lookups and ensuring seamless resolution.
Backward Compatibility & Upgradability: Enhancements to the DID method are designed to be fully backward compatible, ensuring continued support for existing implementations while allowing for future improvements.
DID Migration Support: Through the also Known as attribute, our method enables smooth migration to a different DID, ensuring identity continuity without disrupting existing verifiable interactions.
By integrating these innovations, our DID method enhances trust, transparency, and flexibility, making it a powerful solution for verifiable credentials and decentralized identity management
Last updated