The DID architecture is rooted in public key infrastructure principles, where the private key owner alone has full control over the DID. With ZK DID, several keys are generated with the creation of DIDs, and stored in the DID Document.

Supported Cryptographic Methods

To enable secure digital signatures and key exchanges, we utilize a range of cryptographic techniques. Let's take a closer look:

ECDSA on Secp256k1 curve

• Secp256k1 is an elliptic curve commonly employed in blockchain networks like Bitcoin and Ethereum for key generation and cryptographic signatures.
• It is based on the mathematical properties of the elliptic curve equation y^2 = x^3 + 7.
• Secp256k1 is specifically tailored for efficient and secure elliptic curve cryptography, offering a balanced approach to security and computational efficiency.

Ed25519

• Ed25519 is a widely used digital signature algorithm based on elliptic curve cryptography.
• It utilizes the EdDSA (Edwards-curve Digital Signature Algorithm) scheme, known for its strong security and efficient performance, along with SHA512(a member of the SHA-2 family) and Curve25519.
• Ed25519 is specifically designed for generating and verifying digital signatures, ensuring the integrity and authenticity of data.

X25519

• X25519 is an elliptic curve Diffie-Hellman (ECDH) key exchange algorithm.
• It is based on Curve25519, which utilizes a specific elliptic curve and mathematical formulas to derive a shared secret between two communicating parties.
• X25519 is primarily used for secure key exchange, allowing entities to establish a shared secret over an insecure communication channel.

Generation of DID-Keys

Currently, at zCloak, we generate ECDSA and X25519 key pairs from mnemonics that adhere to the BIP39 protocol.

<aside> 💡

BIP39, or Bitcoin Improvement Proposal 39, is a protocol that introduces the concept of mnemonic sentences for the generation of deterministic keys. These mnemonic sentences, composed of easily remembered words, act as a seed from which a unique set of cryptographic keys can be consistently derived.

</aside>

In the process of generating keys from mnemonics, three key pairs will be generated: the identifier (used to generate the DID subject), ecdsa, and x25519:

1. The identifier (controller) is derived using the /m/44'/60'/0'/0/0 derivation path, which follows the same path used by mainstream EVM wallets like Metamask. It is serialized using the Ethereum address checksum.