In practice, each participant in the credential ecosystem should have their own backend system. However, for the development and demonstration within this thesis project, we consolidate these functionalities into one backend project to be hosted within a single Git repository.
The backend system is organized such that each participant’s features are grouped under dedicated routes. For example, /issuer contains all sub-routes supporting the specific features required by issuers.
Below is an outline of the backend functionalities provided to each role:
- Issuers: use the backend to store data in a conventional (relational) database, which includes records of the individuals holding their credentials, details on the issued credentials, and the list of duplicate credentials (similarly to Microsoft’s snark-credentials, holders can ask issuers for multiple copies of their credential, differentiated by a nonce). Additionally, issuers can use the backend to manage their blockchain wallet keys, and interface with the smart contract to add and remove credential types, schemas and commitments.
- Holders: use the backend to request an AI (we proxy requests to ChatGPT) to generate a script that encapsulates the constraints mandated by the relying party, expressed in a scripting language accepted by the relying party. Once the script is generated, the prover can use the backend to produce a Zero-Knowledge Proof (ZKP) confirming that the script evaluates to ”True”, as in, the provided credentials indeed satisfy the criteria encoded in the script.
- Relying parties: use their backend to verify the authenticity of the credentials presented to then. First, by making RPC requests to a blockchain node to access the state of the issuer’s smart contract, verifying the credential’s validity and revocation status. Then, they engage an AI (similarly, we proxy requests to ChatGPT) for script verification to ensure that the provided script accurately represents the stipulated requirements. Finally, the provided ZKP is verified, guaranteeing that the user has correctly executed the script and obtained the expected outcomes.