The Tyron SSI Protocol defines 3 pairs of DID Keys generated by the KEY_ALGORITHM:
- did_contract_owner: The user's Zilliqa account is the sole owner of their DID smart contract, and the subject and controller of their Dececentralized Identifier. The contract_owner is the hex-encoded address corresponding to this key.
- did_update_keys: To execute a DID Update operation, the updated DID Document must get signed by these keys, which the DID contract verifies with IsRightSignature procedure.
- did_recovery_keys: To execute a DID Recover or DID Deactivate operation, the user MUST possess the private did_recovery_key that corresponds to the public did_recovery_key stored in the DID contract, which gets verified by the IsRightSignature procedure.
The update & recovery keys MUST only get utilized once, which the Self-Sovereign Identity verifies with the IsValidKey procedure.
The corresponding private keys MUST always be in control of their user.
Empowered by Scilla, the DID smart contract produces the Tyron Hash by applying the HASH_ALGORITHM on the Decentralized Identifier. The Tyron Hash must be signed to deactivate the DID.
The Tyron SSI Protocol implements several parameters defined by the Sidetree Protocol (a layer-2 solution on top of the Bitcoin network):
The transaction number is a monotonically increasing number. Its order is deterministic and assigned to every transaction according to its position in the ledger time.
Every Self-Sovereign Identity has a corresponding DID smart contract that keeps track of the DID State and assigns a transaction number to every consecutive transaction.
The ledger time is the blockchain clock variable, used as a deterministic chronological reference.
A DID Suffix is the unique identifier string in a Decentralized Identifier, the last part of the DID after the final colon.
The HASH_ALGORITH is the algorithm to generate hashes of protocol-related values. The default parameter is SHA256.
Data encoding scheme
The DATA_ENCODING_SCHEME is the encoding for various data structures such as JSON and strings, which MUST have its output in ASCII format. The default parameter is hex (hexadecimal, base16).
The KEY_ALGORITHM is the asymmetric public key algorithm. The default parameter is secp256k1.
Operation key pair
Generates a cryptographic key pair to operate with, using the KEY_ALGORITHM. It returns the public key as a PublicKeyModel and the private key as a hex-encoded secp256k1 key.
The SIGNATURE_ALGORITHM is the asymmetric public key signature algorithm. The default parameter is Schnorr.
The DID smart contract can verify that all Schnorr signatures correspond to the DID Keys defined above, by executing the IsRightSignature procedure.
DID State patch
A DID State patch is the Sidetree format to describe the mutations of the DID's metadata state. Its data structure corresponds with the Patch model, which MUST include a Patch action and the document to be patched.