Decentralised Identity (DID)

What Is Decentralised Identity?

In the current internet, identity is siloed: your Google account is controlled by Google, your Facebook profile is controlled by Meta, and your government ID exists in centralised databases. When any of these controllers decides to suspend your account, change their terms of service, or suffer a data breach, you have limited recourse. Your identity exists only by the grace of third parties.

Decentralised Identity (DID) proposes an alternative: identity as personal infrastructure. You hold cryptographic keys that prove who you are; you carry verifiable credentials (digital equivalents of documents) that others can verify without calling a centralised database; and your reputation, qualifications, and relationships are portable across applications rather than locked into any single platform's walled garden.

The technical foundation is the W3C DID specification — a standard for creating Decentralised Identifiers that look like URIs (e.g., did:ethr:0x1234...) and resolve to DID Documents containing public keys and service endpoints. Any blockchain, peer-to-peer network, or even a DNS-based system can serve as the "method" for a DID. Ethereum, Polygon, Solana, and ION (on Bitcoin) are among the most used DID methods.

Verifiable Credentials: The Portable Document Layer

A Verifiable Credential (VC) is a cryptographically signed digital document attesting that a subject has a particular attribute — a university degree, a government ID, an accredited investor status, or a proof of humanity check. The W3C Verifiable Credentials Data Model standard defines the format: a JSON-LD document signed by an issuer's private key, presented by the holder, and verified by any party without contacting the issuer directly.

The privacy-preserving potential of VCs is significant. Instead of showing a full driving licence to prove your age, you could present a Zero-Knowledge Proof derived from a VC — cryptographically proving "this person is over 18" without revealing any other information. Selective disclosure and ZK proofs of VCs are active research areas, with protocols like Polygon ID, zkPass, and Sismo building production implementations.

VCs separate three roles: the issuer (e.g., a university that signs a degree credential), the holder (the student who stores it in their identity wallet), and the verifier (an employer checking the credential's validity). This triangle enables a global, open credentialing system where any issuer can issue to any holder, and any verifier can check validity — all without a central identity authority.

ENS: Ethereum's Human-Readable Identity Layer

The Ethereum Name Service (ENS) is the most widely adopted crypto identity primitive, mapping human-readable names like vitalik.eth to Ethereum addresses, IPFS content hashes, and other resources. ENS names are NFTs (ERC-721 tokens) registered on Ethereum and managed by the owner — they cannot be taken away by any authority, they transfer with the owner, and they support rich metadata profiles (avatar, Twitter handle, website, etc.) via text records.

ENS has evolved beyond simple address naming into a broader identity layer. The .eth namespace is increasingly used as a portable identity across Web3 applications — the ENS avatar and profile show up consistently across compatible DeFi protocols, NFT marketplaces, and social applications. Over 3 million .eth names had been registered by 2024, with Uniswap, Rainbow Wallet, and hundreds of other applications natively displaying ENS names.

ENS's limitation as a full identity solution is that it is purely self-asserted — anyone can register any name not already taken, but there is no issuer verification. "alice.eth" could be registered by anyone; it does not prove the holder's real-world identity. For applications requiring identity verification (KYC, sybil resistance, age verification), ENS names must be supplemented by additional attestations.

Worldcoin and Proof of Personhood

Worldcoin (now rebranded as World) addresses the hardest problem in decentralised identity: proving that a credential belongs to a unique human being rather than a bot, script, or duplicate account. The project uses a custom iris-scanning device (the "Orb") to generate a biometric proof of uniqueness — a mathematical representation of an iris scan that cannot be duplicated, stored in a privacy-preserving way using ZK proofs.

World ID — the output of an Orb scan — enables applications to verify "this is a unique human who has not registered before" without knowing who that human is. Applications include sybil-resistant airdrop distribution, fair voting systems, and AI-generated content labelling (proving a piece of content was created by a real person). By 2025, over 10 million World IDs had been issued, concentrated in Latin America, Southeast Asia, and Africa where Orb operator deployments have been most active.

Worldcoin's approach is controversial: critics raise concerns about biometric data collection (even if anonymised and ZK-proofed), the centrality of the Orb hardware device as a point of trust, and the WLD token distribution mechanism. Supporters argue that proof of personhood is a foundational primitive for a fair digital economy and that Worldcoin's ZK-based privacy model is genuinely privacy-preserving.

On-Chain Reputation and Soulbound Tokens

Ethereum co-founder Vitalik Buterin proposed "Soulbound Tokens" (SBTs) in a 2022 paper — non-transferable NFTs that represent credentials, memberships, and affiliations tied to a specific wallet address ("Soul"). Unlike ENS names or standard NFTs, SBTs cannot be bought, sold, or transferred — they can only be issued and revoked. A university SBT would be issued by the university's on-chain address to the student's Soul, representing a degree that is permanently and publicly verifiable.

Projects like Gitcoin Passport have implemented SBT-adjacent systems where users accumulate attestations from multiple sources (GitHub activity, Twitter verification, BrightID humanity check, ENS ownership) to build a composite identity score for sybil resistance in grants and governance voting. The more attestations a Gitcoin Passport holds, the higher its "trust score" for quadratic funding purposes.

Privacy Trade-offs in Blockchain Identity

Storing identity credentials on a public blockchain creates inherent privacy tensions. A public blockchain is permanently readable by anyone — putting credentials on-chain potentially creates a surveillance layer far more comprehensive than current centralised databases. The privacy-preserving approach is to store only cryptographic commitments (hashes) on-chain while keeping actual credential data off-chain (in personal identity wallets or encrypted storage like Ceramic Network), with on-chain commitments serving only as tamper-proof anchors for off-chain verification.

Zero-knowledge proofs are the gold standard for privacy-preserving on-chain identity: prove a claim without revealing the underlying data. ZK email proofs (proving you own an email address without revealing it), ZK KYC (proving you passed identity verification without revealing your documents), and ZK proof of humanity (proving uniqueness without revealing biometrics) collectively represent the frontier of privacy-respecting decentralised identity.

Conclusion

Decentralised Identity is a foundational Web3 infrastructure layer that addresses one of the internet's most persistent failures: the lack of user-controlled, portable, privacy-preserving digital identity. From W3C DIDs and Verifiable Credentials to ENS names, Worldcoin's proof of personhood, and Soulbound Tokens, the DID ecosystem is assembling a comprehensive alternative to corporate and government identity monopolies. The remaining challenges — privacy-preserving credential presentation at scale, biometric verification without centralised hardware dependencies, and regulatory acceptance of cryptographic credentials — are being actively addressed. As these solutions mature, decentralised identity will become a critical enabler for sybil-resistant governance, fair token distribution, and mainstream Web3 adoption.