Decentralized Identifier (DID)

A Decentralized Identifier (DID) is a globally unique, self-sovereign identifier that does not require a centralized registration authority, enabling individuals and organizations to create and control their own digital identities using cryptographic proofs rather than institutional permission.

Definition

A Decentralized Identifier (DID) is a new type of globally unique identifier standardized by the W3C (World Wide Web Consortium) that enables verifiable, self-sovereign digital identity. Unlike traditional identifiers—email addresses, usernames, social security numbers—a DID is not issued by or dependent on any centralized authority. The DID subject (the person, organization, or thing the DID identifies) creates and controls the identifier directly, using cryptographic key pairs as the proof of ownership.

A DID takes the form: did:method:specific-identifier (e.g., did:ethr:0xab89...3f2c for an Ethereum-based DID). The W3C DID Core specification, which reached Recommendation status in July 2022, defines the data model, syntax, and operations. Over 150 DID methods have been registered, spanning blockchains (Ethereum, Bitcoin, Solana), distributed ledgers (Hyperledger Indy), peer-to-peer protocols, and web-based approaches.

Why It Matters

The current identity infrastructure is built on centralized registries. Your email address is controlled by Google or Microsoft. Your domain name is controlled by ICANN and its registrar hierarchy. Your government ID is controlled by a nation-state. If any of these entities suspends, revokes, or compromises your identifier, your digital identity fragments.

The scale of this dependency is staggering. Google Workspace alone manages identities for over 3 billion accounts. A single policy change, security breach, or government request can alter the identity status of millions of people simultaneously. In 2023, over 11.4 billion records containing identity information were exposed in data breaches, according to the Identity Theft Resource Center—a 78% increase over 2022.

DIDs invert this model. The identifier is anchored to a cryptographic key pair that the subject controls. No corporation issues it. No government can revoke it. No breach of a central database can expose it, because there is no central database. The DID Document—a JSON-LD object describing the DID’s public keys, authentication methods, and service endpoints—can be stored on a blockchain, a distributed ledger, or even exchanged peer-to-peer.

For Sign-In with Ethereum, every Ethereum address already functions as a de facto DID: a self-generated, globally unique, cryptographically controlled identifier that requires no registration authority.

How It Works

The DID architecture consists of three components:

DID: The identifier string itself (e.g., did:ethr:0x...). It is globally unique and persistent (or intentionally ephemeral, depending on the method).
DID Document: A JSON-LD document associated with the DID, containing the public keys used for authentication, verification methods, and service endpoints. It is the machine-readable description of how to interact with the DID subject.
Verifiable Data Registry: The system where DID Documents are registered and resolved. This can be a blockchain (Ethereum, Bitcoin), a distributed ledger (Hyperledger Indy), or a peer-to-peer network. Some methods (like did:key) require no registry at all—the DID Document is deterministically derived from the identifier itself.

Resolution works as follows: given a DID, a resolver uses the DID method specification to locate and retrieve the associated DID Document from the appropriate registry. The verifier then uses the public keys in the document to authenticate the subject—typically by challenging them to sign a nonce, as in SIWE (EIP-4361).

The W3C specification deliberately does not mandate a specific blockchain or ledger. This method-agnostic design means DIDs can exist across multiple ecosystems, with interoperability bridges allowing cross-chain and cross-method verification.

Stealth Cloud Relevance

Stealth Cloud uses wallet-based authentication that is architecturally aligned with the DID model. When a user connects their Ethereum wallet to Ghost Chat, their wallet address functions as a decentralized identifier—self-created, cryptographically controlled, requiring no email, phone number, or registration with any authority.

The Stealth Cloud authentication flow mirrors DID verification: the server issues a nonce, the wallet signs it using ECC on secp256k1, and the server verifies the signature against the public key derived from the wallet address. The server stores only a hash of the wallet address—not the address itself—ensuring that even the identifier is pseudonymized.

DIDs also connect to Stealth Cloud’s broader vision for verifiable credentials: in the future, a user could prove properties about themselves (age verification, subscription status, geographic eligibility) without revealing their actual identity, using DID-anchored verifiable presentations. The zero-knowledge proof infrastructure makes this possible; the DID framework makes it standardized and interoperable.

The Stealth Cloud Perspective

Decentralized identifiers prove that identity does not require a registrar, and authentication does not require surrender. Stealth Cloud treats the Ethereum wallet address as the purest form of DID: an identity you generate yourself, prove with mathematics, and owe to no institution.