Hyperledger Indy, Not Your Grandmother’s Blockchain

Hyperledger Indy is a blockchain-based platform for managing identity, and facilitating the management and exchange of verifiable personal information.  It is a platform that enables Self Sovereign Identity, which enables individuals and organizations to manage and distribute their electronic information as they see fit.  Instead of organizations like Facebook and Google collecting and managing information, individuals and organizations will be able to self-manage. Instead of having to rely on paperwork or issuing organizations to verify information, individuals will be able to present verifiable, cryptographically signed credentials, independent of the issuing organizations.

So what makes Indy different from a “traditional” Blockchain platform?

A Blockchain is a permanent immutable ledger containing information shared by a group of individuals or organizations.  Bitcoin, the original blockchain platform, stores transactions on the ledger that record transfers of Bitcoin from one wallet to another. Due to the non-modifiable nature of the Blockchain, users can be assured that once a transaction is written to the blockchain it cannot be modified, so they can rely on the bitcoin record of transactions as a basis for conducting business.  The Blockchain is shared, so everyone has the same view of the information.

Bitcoin is an example of a Public Blockchain – anyone can install the required software and connect to the blockchain and participate in the update and management of the network.  The Blockchain implements “consensus” mechanisms to ensure that users follow certain rules when proposing updates to the blockchain, and the large number of participants ensures that the rules are followed.

Other Blockchains, geared towards business and enterprise users, are “Private”, and use traditional security mechanisms to ensure that only authorized participants can join the network.  Hyperledger Fabric, originally developed by IBM, is an example of such a blockchain – it includes a Certificate Authority to issue traditional digital certificates to participants, which grant them certain rights on the network.  It is being employed for business processes where many organizations need to collaborate and share information, for example supply chain management and shipping, etc. The Blockchain facilitates this information sharing, assuring the participants that common rules are being followed, and information – once written – cannot be altered.

Hyperledger Indy is another project within the Hyperledger Foundation.  Unlike other Blockchains, Indy does not store information on the Blockchain directly, rather it stores information that participants can use to Identify themselves, and that can be used to Define and Verify information that is published or exchanged between participants.  The information itself is held Off-chain, in the users’ wallets.

There are three main things that Hyperledger Indy stores on the Blockchain – Decentralized Identifiers, Schemas, and Credential Definitions.

A Decentralized Identifier (or DID) represents the identify of an individual or organization.  DID’s can be published on the blockchain, if the identity is to be made public, or DID’s can be exchanged privately between participants, if the DID is to be used to represent a private connection between participants.  DID’s contain cryptographic material that allows participants to sign and encrypt data, and allows other participants to verify this data. DID’s can also contain meta-data describing the participant, how to connect with their services, etc.

A Schema defines a specific set of information that will be issued or published as a Verifiable Credential.  It contains the list of attributes that each published credential will contain.

A Credential Definition links the Schema to the issuer’s DID, essentially announcing the fact that the issuer intends to publish credentials with the specific Schema referenced.

When a document is issued according to a specific Credential Definition (and Schema), it is referred to as a Verifiable Credential.  It is Verifiable because it is signed by the issuer, and can be verified via the Credential Definition and the linked Schema and DID.  It is verified based on information that is publicly available on the blockchain – the issuer does not need to be involved. Individual attributes within the Credential are called “Claims”.  When a credential is presented, individual attributes can be selected for presentation, the entire credential does no need to be revealed.

When information is presented in such a way it is referred to as a “Proof”, or a“Presentation”.  The Proof presents the claims and the cryptographic evidence that can be used to verify that the data was in fact issued by the identified issuer.  Proofs can reveal the claim values, or they can be “Zero Knowledge Proofs” (ZKP), which is a way of revealing characteristics of the data without revealing the value itself.

So that’s Indy in a nutshell!  Traditional Blockchains store information on shared, immutable ledgers.  Indy uses a shared, immutable ledger to facilitate the Off-chain sharing of information, which is held in an individual or organization’s private wallet, yet can be shared in a Verifiable manner.