14D/ @ Address - Fingerprints

From IIW

@ Address - Fingerprints #Tags a discussion of identifier classes

Session Convener: Aaron D Goldman


Tags / links to resources / technology discussed, related to this session:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

@Addresses ~Fingerprints #Tags

We started with the discussion of Zooko’s triangle AKA the CAP theorem A name is Local, Unique, or Chosen but you can only pick two. In order to build the systems we want we need to bind together identifiers from two or more categories.


One might want to bind a public key (~fingerprint) with a verifiable credential(@address) to get an ID that can be generated Locally but that can have its Secure assertions added later.


pID (Power scaled IDentifier )

We also proposed a power scaled identifier pID that would allow a “short” identifier that is both secure and typeable by a human with a low error rate.

We start by generating a certificate with keys and tags as desired.



"public key": public_key,

"public salt": public_key_salt,

"name": "Alice",

"revocation authority": "{pid}",

"rotation authority": "{pid}",

"salt": salt,

"...": "...",


We also include a salt that is a random number. By varying the salt we can generate many versions of the certificate. We hash each version and keep the one with the lowest hash.

The pID is a encoding of the hash where we run length encode the leading 0s and the the next 75 bits of the hash.



Is a representation of the hash


The four ‘2’s are represented as a single ‘v’ and the next 15 chars of b32 are quoted to get


This pID is short enough for a business card and can be read over a phone if needed.


Lookup path:

  • Know the pID
  • Pull the origin cert using the pid as a key
  • Use the links in the cert to pull the updates to the pID
  • Validate the updates are signed by keys in the origin cert or an already validated update.
  • Apply the updates to build the current state of the pID doc.
  • Return the pID doc

The group proposed that this might be better served by making a did:pid:vbazpoyabpjpebvn instead of the ~vbazpoyabpjpebvn form and that the doc could be made compatible with the did doc spec to support pID in the existing did ecosystem.

Also a long form could also be supported for items where we expect more than 2^40 objects to exist.

Vbazpoyabpjpebvn pID-80

Vbazpoyabpjpebvnxrrpq7bv pID-120


Vbaz poya bpjp ebvn on a business card some spacing chunks of four will improve readability


See image(s) for these notes in the IIWXXXIV Book of Proceedings here: