[HELP NEEDED] Technical questions about Atala Prism regarding my masters' thesis, see below

Hello ones who will read, I hope you’re having a great day and thanks for reading my post

I’m currently working on my masters’ thesis, which aims to explain Atala Prism as an implementation of Self Sovereign Identity (SSI). Additionally, I would like to see whether it could also be implemented within the EU when looking at privacy laws such as the GDPR. In order to do so, it is very important for me to understand what data is stored on-chain, and who has access to it. I don’t have a technical background but am passionate enough to want to understand the backend of Atala Prism :). Any help would be greatly apprecieted, and ofcourse I will share the end result here if anyone cares to read it! Please find my questions below. The video I mention is by Alexis Hernandez, Atala technical Architect. I have also included a screenshot, as the forum will not let me post the link.

[QUESTION 1]

What data is stored on-chain within Atala Prism? (for the actual question, see ALL CAP below) From what I gathered from the SDK-video by IOG, there’s five different actions from the issuer to verifier:
—> Issuer creates a DID
—> Holder generates an unpublished DID (no Cardano involved, it takes place in the Atala Prism app itself. Hence, no data on-chain)
—> Issuer creates a credential for holder, publishing it to Cardano
—> Verifier resolves the state of the issuer DID and the holders’ credential. (using the corresponding private key)
—> Verifier runs the credential verification process.

The third step here is the most important with regards to on-chain data, as this is where the credential is published onto the Cardano blockchain. According to the video, “Cardano metadata” is stored on-chain in order for verifiers to check some information. In light of the GDPR, this is where my question lies: What data is stored, and who can access it?

Metadata in case of an issued credential contains the following information (see video at 8:45): Confirmation that the request for a credential has been signed, what key it was signed with (in other words: by whom), the signature itself, the issuer DID (containing the credential), and the merkle root. The transaction is confirmed through the Cardano blockchain and the transaction contains the metadata mentioned above, which can then be found through the Cardano block explorer. However, the metadata in Cardano block explorer is encoded in binary data. (see video) [1: DOES THIS MEAN THAT THE DATA CANNOT BE READ BY PEOPLE OTHER THAN THE HOLDER (OR VERIFIER)? WHO CAN ACCESS THE TEXT WHICH HAS BEEN ENCODED? 2: ADDITIONALLY, BELOW THE ‘CREDENTIAL SUBJECT’,THE SCREENSHOT SHOWS THE “JSONOBJECT” WHICH CONTAINS THE KIND OF CREDENTIAL, IN THIS CASE A CERTIFICATE, AND A DESCRIPTION (VALUE:"…"). —> IS THIS ALSO INCLUDED IN THE METADATA? IN SOME CASES THIS MAY BE PERSONAL DATA, ASSUMING THAT PEOPLE FIND WAYS TO ACCESS THE METADATA AND FIGURE OUT WHO OWNS THE HOLDERS’ SIGNATURE KEY… ANY COMMENTS ARE APPRECIATED!

[QUESTION 2]

What happens when private keys are lost —> Can credentials be restored? Or should the data subject have them all reissued?

Screenshot 2021-08-09 at 15.12.061753×929 89.9 KB

Atala PRISM hasn’t been released to the public yet, hence there is no information on its implementation that I am aware of. (If anyone reads this and I’m wrong, please point me in the direction, I would love to learn).

The best guess/speculation is by reading the W3C DID specification. I did a brief run down here - Atala Prism Expiring Credentials and Revocation

But looking back on that I don’t think that is 100% correct. It was a late night session learning binge

Based on my best guess (so please don’t take this as confirmed), here is what I think:

1. What data you put on the blockchain will be up to the application. You could easily put readable metadata on there, or have it encrypted. But any sensitive information itself I don’t think should be kept on the blockchain. It is public after all and even if encrypted, if the encryption is broken at a later date, you can’t remove it. Normally the DID’s are used as verification of identity, which can then be used as authentication to pull information from certain providers servers. Hence the bulk of the data won’t live on the blockchain.

2. If private keys are lost, from what I understand you start again. Get a new wallet and then get everything reissued and your old credentials are canceled. I remember reading somewhere (please don’t quote me on this), that they were looking at ways for wallet recovery by having numerous backup people. Sort of like a backup recovery email but with multiple people. However it was more in the conception phase and not actually undergoing any implementation.

Ok, I wasn’t imagining it. A brief mention of restoring wallet access as a future product idea - Marlowe Webinar: The Future of Decentralized Finance (Shruti Appiah) - YouTube

Thanks for your reply! I remember reading about ‘social recovery’, which might be what you are referring to. I’ll watch the video later today!

Regarding the data, if I understand correctly (I agree with you on point one), the data itself will be stored inside the Atala Prism app (wallet) and not the blockchain. Consequently, it must be kept on a (centralised) server right?

Yes from what I understand, you will have a DID and possibly some metadata on the blockchain. The metadata on the blockchain can also include a URL to a provider (or some kind of server, aka as the issuer of the credential) where you can query it for more information.

The user holds the private keys in their wallet. They can sign something to verify they are the owner of the DID. The entity requesting the information can use this signed DID (I’m not exactly sure what is signed, but something is to prove ownership) to then query the issuer for more information.

The issuer will then receive this signed object as proof that the owner of the DID has granted access, and then the issuer can give back more information.

That way not much data is on the blockchain, other than a DID and where to query for more information. The user can sign, to verify they are the owner of the DID as they are only ones with the private keys, hence the ability to sign.

Hope that helps, I still have gaps in my technical knowledge regarding low level details of this process.

Hello Hidde,

Atala Prism and the EU both use DID technology. Atala uses the Cardano blockchain, but the high level proces is the same.
In this image you can see all the steps in a SSI ‘game’:

There is also a link to a YouTube video wich discusses the whole presentation.
Maybe this will help you understand the concept of SSI/DID technology.

I’m working on it right now and have a question to clarify something. you commented:
“Normally the DID’s are used as verification of identity, which can then be used as authentication to pull information from certain providers servers”

Am I right when I say that the identity of an issuer can be verified because (1) the metadata contains the DID (JsonPrimitive(issuerDID.prism.[…])) that was created by the issuer, (2) the key that was used to sign the DID with (issuanceKeyId = “master0”), and (3) therefore the issuer is who he says he is. (because only that institution can sign the DID with its private key)?

I think so, but I can’t confirm how Atala PRISM specifically works, but based on the W3C DID specification under assertion - Decentralized Identifiers (DIDs) v1.0, that is similar to how the verification of a credential is checked.

With the decentralized approach, you need to have the public key of an issuer from a trusted source, likely some kind of trusted resolver. The DID should be signed by the issuer, and you can verify that the public key you trust, has signed it.

These are the main details stored on chain:

1. The data related to the published DIDs, which is more or less, DID document and the update events that have occurred to a DID (for example, key rotation).
2. The credential issuance events, which is a merkle root for a batch of credentials that was issued (+metadata from the issuer, more or less, a DID and signatures).
3. The credential revocation events, more or less, the batch id that was revoked or a set of credential hashes that were revoked (+ issuer’s metadata and signature.

As of now, credentials would need to be re-issued.

For reference, you can also check this short explanation How does Atala Prism work? - Cardano Stack Exchange