Deploy and Verify Privado iD / Polygon ID Issuer-Node

9 min readJun 21, 2024

What is Polygon ID / Privado ID?

Privado ID, previously branded as Polygon ID, is a decentralized identity solution designed to provide secure and private identity verification for Web3 applications. It leverages zero-knowledge proofs (ZKPs) to ensure that users can prove their identity without revealing personal information. This system is built on a permissionless blockchain, ensuring both privacy and decentralization

Key features of Privado ID include:

1. Self-Sovereign Identity: Users have full control over their identity and personal data. They can manage their identity through an identity wallet, which holds their credentials and private keys.

2. Zero-Knowledge Proofs: This cryptographic technology allows users to prove the validity of their identity claims without disclosing any actual data. For instance, a user can prove they are over 18 without revealing their exact birthdate.

3. Verifiable Credentials (VCs): These are issued by trusted entities (issuers) and can be stored in the user’s wallet. The credentials are cryptographically signed to ensure they are tamper-proof.

4. Triangle of Trust: This framework includes three roles — the Identity Holder, the Issuer, and the Verifier. The Identity Holder manages their credentials, the Issuer creates and signs the credentials, and the Verifier checks the credentials against specific criteria without accessing the actual data.

5. On-Chain and Off-Chain Verification: Privado ID supports both on-chain verification via smart contracts and off-chain verification, enhancing flexibility and privacy in various applications.

This system is particularly beneficial for creating privacy-preserving and decentralized identity solutions in the Web3 space, enabling more secure and user-centric digital interactions.

How Privado ID Works?

Polygon ID, now known as Privado ID, operates as a self-sovereign identity framework leveraging zero-knowledge proofs (ZKPs) to ensure privacy and security in identity verification processes. Here’s a detailed breakdown of how it works:

Core Components
1. Identity Holder: This is the user who holds identity-related information in the form of verifiable credentials (VCs). These VCs are stored in a digital wallet, which also manages the user’s private keys. The Identity Holder generates ZKPs to authenticate without revealing actual data.

2. Issuer: An entity (such as a government, university, or organization) that issues VCs. These credentials are cryptographically signed to ensure their authenticity and tamper-proof nature.

3. Verifier: An entity that verifies the proofs presented by the Identity Holder. Verification can be conducted both off-chain and on-chain. The Verifier checks that the proof meets specific criteria without accessing the underlying data.

The Issuer creates a verifiable credential based on the identity information provided by the Identity Holder.
This credential is cryptographically signed and issued to the Identity Holder, who stores it in their digital wallet.

2. Proof Generation

When the Identity Holder needs to prove certain information (e.g., age, identity), they generate a zero-knowledge proof using the VCs stored in their wallet.
This proof does not reveal the underlying data but confirms that the data meets the required criteria.

3. Verification:

The Verifier requests proof of a specific claim from the Identity Holder.
The Identity Holder’s wallet generates the required proof and sends it to the Verifier.
The Verifier checks the proof against the criteria without accessing the actual data. This can be done via smart contracts on the blockchain (on-chain) or through off-chain mechanisms.

https://docs.privado.id/docs/introduction/

Key Technologies

Zero-Knowledge Proofs (ZKPs): ZKPs allow the Identity Holder to prove the validity of their credentials without revealing any personal data. This ensures privacy and security.
Blockchain: The use of blockchain ensures that the credentials and proofs are tamper-proof and verifiable. It also facilitates decentralized verification processes.
Verifiable Credentials (VCs): VCs are compliant with W3C standards and are used to represent any type of identity-related information securely.

Practical Example
Consider a scenario where a user wants to access age-restricted content:

The user requests a VC from a trusted Issuer (e.g., a government authority) that verifies their age.
The Issuer issues the VC, which is stored in the user’s digital wallet.
When accessing the restricted content, the Verifier requests proof that the user is over a certain age.
The user’s wallet generates a ZKP that confirms their age without revealing the exact date of birth.
The Verifier checks the proof and grants access based on the validated criteria.

Benefits

Privacy: Users can prove their identity without exposing personal information.
Security: Cryptographic techniques ensure data integrity and authenticity.
Decentralization: Users control their identity data, reducing reliance on central authorities.
Flexibility: Supports both on-chain and off-chain verification, adaptable to various applications.

Setup

Run and Install docker

git clone the repository

https://github.com/0xPolygonID/issuer-node.git

Tunneling All Port

since we need to make some ports can be accessed on public, we need to tunnel the port. In this case I’m using Cloudflare (thanks to Ali Usman for helping me)

Copy the Public hostname

ISSUER_API_UI_SERVER_URL

2. ISSUER_SERVER_URL

3. ISSUER_CREDENTIAL_STATUS_RHS_URL

Based on .env-issuer config file, we can see

ISSUER_ETHEREUM_CONTRACT_ADDRESS=0x1a4cC30f2aA0377b0c3bc9848766D90cb4404124

This is the address that lives on Polygon Amoy to be able to update the claims or update the credentials from the issuer to say if something is still valid

Configure RPC URL

Create Polygon RPC in any provider (ex: Alchemy)

activate Polygon Amoy

copy the HTTPS url to ISSUER_ETHEREUM_URL on .env-issuer file

Setup Vault

make sure that the vault stores all credentials that we have from our wallet to be able to sign requests essentially

make sure there’s no existing vault

make clean-vault

Start the infrastructure

Let’s start our issuer-node

make up

it will download all docker images and run them locally

wait 20 seconds for the vault to start, and check all services are running

now we need to get the initial root token which is the sort of identifier for the vault where will be storing our private keys for our wallet to be able to sign transactions

you can find the initial root token by checking the logs on container issuer-vault-1

If you experience problems with the vault, follow these commands:

docker stop issuer-vault-1 // Stops the container issuer-vault-1
docker rm issuer-vault-1 // Removes container issuer-vault-1
make clean-vault // Removes all the data in the vault, including the token
make up // Starts the database, cache and vault storage (i.e, postgres, redis and vault)

Enable vault authentication:

simply run command

make add-vault-token

get the private key, you can find it on your Metamask (account details > show private key)

make private_key=xxxx95be56aa4b63b8d3f9cc0ed99513313a658657155a4af3305c0f3adxxxx add-private-key

Run issuer Node API

make run

wait 20 seconds, and then generate issuer DID

make generate-issuer-did

check last line on .env-api

now we got ISSUER_API_UI_ISSUER_DID

did:polygonid:polygon:amoy:2qa7tA11V4Df2xAxb43HiX86y3Qb1JEWFYkfPQ19D5

Start Web UI

make run-ui

open the web UI on http://localhost:8088.

since I tunnel port 8088, I can access it via https://issuer-ui-ucup.brixzen.my.id/

input password from .env-ui file (default is user-ui & password-ui)

Now, let’s start with the import schema. We can find the schema at https://schema-builder.polygonid.me

for example, I’m using this schema (https://tools.privado.id/schemas/a0b6936d-b4de-4078-a2e7-daea56609dc5)

let’s copy JSON schema URL, and then put it here. then click Preview Import > Import

Now our schema is imported

Let’s continue to issue the credential. Click issue action.

In this case, I’m trying to use credential link, so anyone can issue these credentials by creating QRCode

For the GenderDisclose, we will set that this credentials is for person with gender Male and date of birth 4

Now let’s click create credential link

Click View link, and it will redirect to new tab with qrcode credentials

Now let’s scan the QRCode with our PolygonID Wallet (you can download it on Playstore or Appstore), don’t forget to change the network to Polygon Amoy

Now we already claim the credential on our wallet

Run the Polygon Verifier Backend

Pull this repository

GitHub - 0xPolygonID/verifier-backend: Verifier Backend

Verifier Backend. Contribute to 0xPolygonID/verifier-backend development by creating an account on GitHub.

github.com

Create a file named .env in the root directory of the project. .env-example is provided as an example. Change the Verifier Backend Host Url with our public URL

Change the networkURL on resolvers_settings.yaml with polygon amoy network URL from Alchemy

run the server with command

make run

Let’s try verification our credentials using query builder on

https://tools.privado.id/query-builder

Copy the JSON-LD context of our credentials (Gender Age Verify) schema. And select the attribut field that we need to verify (I select for gender atrribute)

In this case, I’m going to use Selective Disclosure, so that the verifier can see the value of chosen attribute (gender)

Now let’s create the query, and it will look like this

since we are going to test it with our verifier node, then let’s copy the code snippet

Open our verifier URL, in this case, my verifier URL is
https://verifier-ucup.brixzen.my.id/

Navigate to the Sign-in section and paste the code inside the scope, then click try button, and it will return the response with qrCode and sessionID

Let’s convert iden3comm from qrCode and paste it on QRCode builder (https://qrfy.com/)

And then, scan the qrcode using PolygonID Wallet App. It will show a verification page, that the Verifier Backend is request the proof of Gender Disclose (gender)