| title | Pattern: Attestation verifiable on-chain | |||
|---|---|---|---|---|
| status | ready | |||
| maturity | prod | |||
| works-best-when |
|
|||
| avoid-when |
|
|||
| dependencies |
|
Enable smart contracts to verify claims about identities, credentials, or off-chain data without exposing unnecessary information. Attestations are issued off-chain and verified on-chain to prove statements (KYC status, accreditation, membership) while minimizing data disclosure.
- Standards: EAS (Ethereum Attestation Service), W3C Verifiable Credentials, ONCHAINID (ERC-734/735), EIP-712 for typed data signing
- Infra: Ethereum L1/L2 for attestation registry, wallet support for signing/verifying credentials
- Off-chain: Issuer services (banks, KYC providers, regulators), credential storage (IPFS, private databases)
- Optional: ZK wrappers (prove a well formed signature for selective disclosure)
- Issuance: Trusted issuer (bank, KYC provider) creates signed attestation about subject (investor accredited, passed KYC)
- Storage: Attestation stored off-chain or on-chain registry (EAS, ONCHAINID smart contract)
- Presentation: User presents attestation to smart contract requiring credential verification
- Verification: Contract verifies issuer signature and checks attestation validity (not expired, not revoked)
- Access Grant: If valid, contract grants access (allows trade, unlocks funds, enables function call)
-
Privacy:
- Minimal disclosure: only necessary claims verified on-chain (e.g., "is accredited" not full financial details)
- With ZK wrappers: can prove properties without revealing attestation content
- Issuer identity typically public (necessary for trust), but subject can use pseudonymous addresses
-
Correctness:
- Cryptographic signatures ensure attestations cannot be forged
- On-chain verification prevents unauthorized access
- Revocation mechanisms allow issuers to invalidate compromised credentials
-
Auditability:
- Attestation issuance events logged on-chain (EAS) or via off-chain logs
- Smart contract access checks create audit trail of credential usage
- Regulators can verify issuer credentials and revocation status
- Performance: On-chain verification adds gas cost for signature checks and registry lookups. ZK proof verification increases preprocessing cost but improves privacy and reduces on-chain gas.
- Infrastructure: Relies on trusted issuers for attestation quality. Issuers' keys needs to be mapped (e.g., on-chain PKI).
- Privacy: On-chain verification reveals which contracts user interacts with and transaction timing. Mitigate using privacy L2s or ZK proofs.
- Standards: Multiple competing standards (EAS, W3C VC, ONCHAINID) limit cross-chain portability. Use adapters or multi-standard support.
Institutional Bond Trading with KYC Attestations:
- Bank A obtains accredited investor attestation from KYC provider, signed and registered in EAS
- Bank A wants to purchase tokenized bond requiring accredited investor status
- Bank A presents attestation to bond smart contract, which verifies KYC provider signature
- Contract checks attestation not expired or revoked, confirms Bank A meets requirements
- Bond transfer executes automatically after successful verification
- Pattern: ZK KYC/ML ID (ERC-734/735) - Zero-knowledge identity verification
- Pattern: Regulatory Disclosure Keys/Proofs - Selective disclosure mechanisms
- Pattern: ERC-3643 RWA - Permissioned securities with identity management
- Approach: Private Bonds - Tokenized securities with compliance
- Domain: Identity & Compliance - Identity infrastructure overview
- EAS (Ethereum Attestation Service) - On-chain attestation protocol
- W3C Verifiable Credentials - Standard for digital credentials
- ONCHAINID (ERC-734/735) - Identity and claims management
- EIP-712 - Typed structured data hashing and signing