Verification Methods
What are Verification Methods?
Section titled “What are Verification Methods?”Verification methods are cryptographic material in a DID document that enable a controller to prove control over a DID.
Verification methods provide the foundation for:
- Authentication (proving DID control)
- Digital signatures (for verifiable credentials)
- Encryption and decryption (of communications)
- Authorization (for capability invocation and delegation)
The Structure of Verification Methods
Section titled “The Structure of Verification Methods”A verification method includes: id (unique identifier), type (cryptographic signature suite), controller (the controlling DID), and verification material (the cryptographic material like a public key).
Here’s an example of a verification method expressed in a DID document:
{ "id": "did:example:123#key-1", "type": "Ed25519VerificationKey2020", "controller": "did:example:123", "publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"}Embedded vs. Referenced Verification Methods
Section titled “Embedded vs. Referenced Verification Methods”Verification methods can be embedded directly in the verification relationship property or referenced via their ID in the DID document. Referenced methods promote reusability and reduce redundancy, particularly when the same cryptographic material serves multiple verification relationships.
Types of Verification Material
Section titled “Types of Verification Material”The DID Core specification supports several formats for expressing verification material.
| Property Name | Description | Example |
|---|---|---|
publicKeyMultibase | Public key encoded using the multibase format | "publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" |
publicKeyJwk | Public key in JSON Web Key format | "publicKeyJwk": {"kty": "EC", "crv": "secp256k1", "x": "...", "y": "..."} |
publicKeyHex | Public key in hexadecimal format (deprecated) | "publicKeyHex": "02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71" |
Different DID methods may support specific formats. The DID Core specification recommends newer formats like multibase encoding for self-describing representations.
Verification Relationships
Section titled “Verification Relationships”Verification relationships express how verification methods can be used for different purposes. The DID Core specification defines five standard verification relationships.
1. Authentication
Section titled “1. Authentication”The authentication relationship designates which verification methods can prove control over a DID for authentication purposes.
2. Assertion Method
Section titled “2. Assertion Method”The assertionMethod relationship identifies verification methods used to assert statements on behalf of the DID subject. This is crucial for creating verifiable credentials where the issuer cryptographically signs assertions.
3. Key Agreement
Section titled “3. Key Agreement”The keyAgreement relationship designates verification methods used for encrypted communications with the DID subject, typically employing public key encryption algorithms supporting secure key exchange.
4. Capability Invocation
Section titled “4. Capability Invocation”The capabilityInvocation relationship identifies verification methods used to invoke capabilities (authorized actions) as the DID subject, enabling object capability-based security models.
5. Capability Delegation
Section titled “5. Capability Delegation”The capabilityDelegation relationship identifies verification methods used to delegate capabilities on behalf of the DID subject, allowing the controller to authorize others to act on their behalf.
Relationship Between Verification Methods and Relationships
Section titled “Relationship Between Verification Methods and Relationships”Verification methods define the cryptographic material (what can be used) while verification relationships define authorized purposes (how it can be used). This separation creates a flexible, fine-grained security model following the principle of least privilege.
Verification Methods in Vidos
Section titled “Verification Methods in Vidos”Vidos provides:
- Unified verification interfaces with consistent APIs
- Support for multiple cryptographic algorithms and DID methods
- Method-specific verification through pluggable modules
- Key management capabilities including generation, rotation, and relationship management
Future Directions
Section titled “Future Directions”Emerging trends include post-quantum cryptography (quantum-resistant algorithms), threshold cryptography (multi-signature and threshold methods), zero-knowledge proofs (selective disclosure), biometric integration (secure privacy-preserving binding), and hardware-based verification (secure hardware elements and trusted execution environments).
Conclusion
Section titled “Conclusion”Verification methods form the cornerstone of trust in the DID ecosystem by providing cryptographic means to prove control, make assertions, establish secure communications, and manage capabilities.