Skip to main content

Decentralized Identifiers (DIDs)

A Decentralized Identifier (DID) is a new type of identifier that enables verifiable, self-sovereign digital identity. DIDs are fully under the control of the DID subject, independent from any centralized registry, identity provider, or certificate authority.

What is a DID?

A DID is a unique identifier that:
  • You create yourself (no central authority needed)
  • You own and control completely
  • Is cryptographically verifiable
  • Works across different systems and platforms
  • Persists independently of any organization
Think of a DID like your email address, but you own it completely, it’s cryptographically secure, and no company can take it away from you.

DID Structure

DIDs follow a standard format defined by W3C: 
did:method:method-specific-identifier

Sphyre’s DID Method: did:alyra

Sphyre uses the did:alyra method with post-quantum cryptography: 
did:alyra:MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE...
         └─────────────────┬─────────────────┘
              base64-encoded public key
Components:
  • Scheme: did - Identifies this as a DID
  • Method: alyra - Sphyre’s DID method
  • Identifier: Base64-encoded public key from your wallet

How DIDs Work

DID Creation

When you create a wallet in Sphyre:
1

Generate Seed Phrase

A 12-word BIP39 seed phrase is generated
abandon ability able about above absent absorb abstract absurd abuse access accident
2

Derive Key Pair

Ed25519 key pair is derived from the seed phrase
const seed = mnemonicToSeedSync(mnemonic);
const keyPair = nacl.sign.keyPair.fromSeed(seed.slice(0, 32));
3

Create DID

Public key is encoded in base64 to form the DID
const did = `did:alyra:${base64Encode(keyPair.publicKey)}`;
4

Register (Optional)

DID can be registered in Sphyre’s registry for discovery

DID Resolution

To verify or use a DID, it must be “resolved” to get the associated public key and metadata:

DID Document

When a DID is resolved, it returns a DID Document containing: 
{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:alyra:MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE...",
  "verificationMethod": [{
    "id": "did:alyra:MFkw...#keys-1",
    "type": "Ed25519VerificationKey2020",
    "controller": "did:alyra:MFkw...",
    "publicKeyBase64": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE..."
  }],
  "authentication": ["did:alyra:MFkw...#keys-1"],
  "assertionMethod": ["did:alyra:MFkw...#keys-1"],
  "service": [{
    "id": "did:alyra:MFkw...#wallet",
    "type": "SphyreWallet",
    "serviceEndpoint": "https://app.sphyre.tech"
  }]
}

Key Sections

Public keys associated with the DID, used for cryptographic verification
Keys that can be used to authenticate as the DID subject
Keys that can be used to create verifiable credentials
Network locations where services related to the DID can be accessed

DID Operations

Authentication with DIDs

DIDs enable passwordless authentication: 
// 1. Challenge from server
const challenge = await fetch('/api/auth/challenge');

// 2. Sign challenge with private key
const signature = nacl.sign.detached(
  new TextEncoder().encode(challenge),
  privateKey
);

// 3. Send DID and signature
const response = await fetch('/api/auth/login', {
  method: 'POST',
  body: JSON.stringify({
    did: 'did:alyra:MFkw...',
    signature: base64Encode(signature)
  })
});

// 4. Server verifies signature using DID's public key
// 5. Returns JWT token

Signing Credentials

Issuers use their DID to sign verifiable credentials: 
// Create credential
const credential = {
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "type": ["VerifiableCredential", "UniversityDegree"],
  "issuer": "did:alyra:IssuerPublicKey...",
  "credentialSubject": {
    "id": "did:alyra:HolderPublicKey...",
    "degree": "Bachelor of Science"
  }
};

// Sign with issuer's private key
const signature = sign(credential, issuerPrivateKey);

// Attach proof
credential.proof = {
  "type": "Dilithium",
  "created": new Date().toISOString(),
  "verificationMethod": "did:alyra:IssuerPublicKey...#keys-1",
  "proofPurpose": "assertionMethod",
  "signature": base64Encode(signature)
};

Post-Quantum Security

Sphyre’s DIDs use post-quantum cryptography to protect against future quantum computers:

Kyber

Key EncapsulationQuantum-resistant key exchange for secure communication

Dilithium

Digital SignaturesQuantum-resistant signatures for credentials and authentication

Why Post-Quantum?

Quantum computers will break current encryption (RSA, ECDSA) in the future. Post-quantum algorithms are designed to resist quantum attacks.

DID Methods Comparison

DID MethodStorageSecurityRecoveryUse Case
did:alyra (Sphyre)IPFS + BlockchainPost-quantumSeed phraseGeneral SSI
did:keySelf-containedEd25519NoneTemporary
did:ethrEthereumECDSASmart contractWeb3
did:webWeb serverVariesDomain controlCorporate
did:ionBitcoin + IPFSECDSASeed phraseDecentralized

DID Lifecycle

Key Rotation

If your private key is compromised:
1

Generate New Key Pair

Create a new Ed25519 key pair
2

Update DID Document

Add new key to verification methods, remove old key
3

Notify Contacts

Inform issuers and verifiers of the key rotation
4

Re-request Credentials

Old credentials may need to be reissued to new DID

DIDs in Sphyre Ecosystem

User Wallet (Sphyre ALV)

DID Creation

Generate DID from seed phrase during onboarding

DID Display

Show DID in profile with copy functionality

DID Authentication

Use DID for passwordless login to services

DID Recovery

Restore DID from backed-up seed phrase

Issuer Dashboard

Issuer DID

Organizations have DIDs for signing credentials

Trust Registry

Verify issuer DIDs against authorized list

Verifier Portal

DID Verification

Verify holder’s DID when validating presentations

Issuer Trust

Check if credential issuer’s DID is trusted

Privacy Considerations

Correlation Resistance

Using the same DID everywhere allows tracking. Consider using different DIDs for different contexts.
Solutions:
  • Pairwise DIDs: Different DID for each relationship
  • Disposable DIDs: Temporary DIDs for one-time interactions
  • DID Rotation: Periodically create new DIDs

Selective Disclosure

DIDs enable selective disclosure through:

Multiple Credentials

Separate credentials for different claims

Zero-Knowledge Proofs

Prove facts without revealing DID-linked data

Best Practices

  • Store seed phrase offline and encrypted
  • Use hardware wallets for high-value DIDs
  • Enable biometric authentication
  • Never share private keys
  • Write down seed phrase on paper
  • Store multiple copies in secure locations
  • Test recovery process before relying on it
  • Consider multi-signature schemes for critical DIDs
  • Use different DIDs for different contexts when privacy matters
  • Don’t post DIDs publicly unless necessary
  • Regularly rotate keys for high-security applications
  • Monitor for unauthorized use of your DID

DID Resolution Example

Resolving a Sphyre DID: 
// Resolve DID to get public key
async function resolveDID(did) {
  // Extract public key from DID
  const publicKeyBase64 = did.replace('did:alyra:', '');
  const publicKey = base64Decode(publicKeyBase64);
  
  // Create DID Document
  return {
    "@context": "https://www.w3.org/ns/did/v1",
    "id": did,
    "verificationMethod": [{
      "id": `${did}#keys-1`,
      "type": "Ed25519VerificationKey2020",
      "controller": did,
      "publicKeyBase64": publicKeyBase64
    }],
    "authentication": [`${did}#keys-1`],
    "assertionMethod": [`${did}#keys-1`]
  };
}

// Verify a signature
async function verifySignature(did, message, signature) {
  const didDocument = await resolveDID(did);
  const publicKeyBase64 = didDocument.verificationMethod[0].publicKeyBase64;
  const publicKey = base64Decode(publicKeyBase64);
  
  return nacl.sign.detached.verify(
    new TextEncoder().encode(message),
    signature,
    publicKey
  );
}

Resources

W3C DID Core Spec

Official DID specification

DID Method Registry

List of all DID methods

NIST PQC Standards

Post-quantum cryptography info

DIF Universal Resolver

Test DID resolution

Next Steps

1

Create Your DID

Follow the quickstart guide to create your first DID
2

Learn About VCs

Understand Verifiable Credentials
3

Explore ZKP

Learn about Zero-Knowledge Proofs
4

Build with DIDs

Check out developer guides for DID integration