Trustify

Introduction

Trusitity presents an open, shared, interoperable verifiable credential standard for the FEVM ecosystem. It unites several identity standards to allow people and institutions cryptographically prove claims about their identities, and allow services to attest to those claims without exposing sensitive data. For example, an individual might prove KYC, reputation score, insurance, or similar identity claims to an application or smart contract while preserving privacy.

Architecture Overview

Trusitify’s identity topology is attestation-based. People and institutions make claims about their identities, and others (e.g. financial institutions and service providers) attest to the validity of those claims by providing cryptographic proofs about them. Once such a cryptographic attestation exists, people can share it with other entities and services that can then verify the attestation as proof of the claim.

Trustify’s identity protocols define how attestations are issued, stored, requested, verified, and revoked. Parties involved include:

• • Verifiable Credentials: The attestations that can get custodized and managed in Individuals’ crypto/identity wallets
• • Issuers: A financial institution/service provider issuing attestations about KYC or reputation score to its customers.
• • Subjects: The individuals and institutions who receive verifiable credentials about their identities
• • Verifiers (relying parties): Those who request and receive Verifiable Credentials (e.g. A smart contract requiring proof of KYC)
• • Holders: identity responsible for custodying the Verifiable Credentials. The subject and holder are the same when self-custodying, but different if the subject uses a hosted wallet service

Issuing Credentials - Issuance Flow

Verifying Credentials - Verification Flow

Smart Contract Patterns

Smart contracts follow a verification pattern in which verifications are performed off-chain and then confirmed on-chain. An off-chain verifier handles Verifiable Credential exchange in the usual manner and, upon successful verification, the verifier creates a lightweight privacy-preserving Verification Result object (represented in JSON).

The verifier then hashes and signs the Verification Result. The signature, along with the result itself, enables subsequent validation by smart contracts known as Verification Registries.

The registry smart contract validates the Verification Result and the verifier’s signature and creates a privacy-preserving Verification Record that enables subsequent apps, contracts, and tokens to query whether a particular verification is associated with a particular address.

Check out Trustify smart contract repo for more details.

Foundational Standards

Trustify endorses the W3C Verifiable Credentials (VCs) Data Model. A credential is a claim made by an issuer about an individual (subject), and a Verifiable Credential is a cryptographically secure wrapper around the credential. Foundational standards that Trustify draws upon include:

• • W3C Verifiable Credentials (“VCs”)
• • Verifiable Presentations ("VPs")
• • Identifiers, Decentralized Identifiers
• • Verifiable Data Registry

• • Smart Contracts in Solidity & Hardhat, deployed on hyperspace testnet
• • Web Frontend in Typescript, ReactJS, NextJS, TailwindCSS, hosting on Vercel
• • Mobile in Expo Go & React Native
• • Server & SDK in Typescript, NodeJS
• • Local database in SQLite and Prisma for migration
• • DevOps in Github CICD pipeline