A robust smart contract implementation for managing decentralized identities, credentials, and zero-knowledge proofs on the Stacks blockchain. This system provides a comprehensive framework for digital identity management with built-in security features, reputation tracking, and recovery mechanisms.
-
Identity Management
- Self-sovereign identity registration
- Secure identity recovery mechanisms
- Identity status tracking
- Configurable recovery addresses
-
Credential System
- Verifiable credential issuance
- Credential revocation
- Expiration management
- Metadata support
-
Zero-Knowledge Proofs
- Proof submission and verification
- Proof data validation
- Timestamp tracking
- Admin-based verification
-
Reputation System
- Configurable reputation scores
- Administrative score updates
- Score range validation
- Minimum reputation score: 0
- Maximum reputation score: 1000
- Minimum expiration blocks: 1
- Maximum metadata length: 256 bytes
- Minimum proof size: 64 bytes
ERR-NOT-AUTHORIZED (1000) - Unauthorized access attempt
ERR-ALREADY-REGISTERED (1001) - Identity already exists
ERR-NOT-REGISTERED (1002) - Identity not found
ERR-INVALID-PROOF (1003) - Invalid or non-existent proof
ERR-INVALID-CREDENTIAL (1004) - Invalid credential
ERR-EXPIRED-CREDENTIAL (1005) - Credential has expired
ERR-REVOKED-CREDENTIAL (1006) - Credential has been revoked
ERR-INVALID-SCORE (1007) - Invalid reputation score
ERR-INVALID-INPUT (1008) - Invalid input parameters
ERR-INVALID-EXPIRATION (1009) - Invalid expiration time
ERR-INVALID-RECOVERY-ADDRESS (1010) - Invalid recovery address
ERR-INVALID-PROOF-DATA (1011) - Invalid proof data
(register-identity
identity-hash ;; (buff 32)
recovery-addr ;; (optional principal)
)
;; Issue a new credential
(issue-credential
subject ;; principal
claim-hash ;; (buff 32)
expiration ;; uint
metadata ;; (string-utf8 256)
)
;; Revoke a credential
(revoke-credential
issuer ;; principal
nonce ;; uint
)
;; Submit a proof
(submit-proof
proof-hash ;; (buff 32)
proof-data ;; (buff 1024)
)
;; Verify a proof (admin only)
(verify-proof
proof-hash ;; (buff 32)
)
(initiate-recovery
identity ;; principal
new-hash ;; (buff 32)
)
- Input validation for all public functions
- Strict authorization checks
- Prevention of proof hash collisions
- Protected admin functions
- Secure recovery process
- Credential expiration enforcement
get-identity
: Retrieve identity informationget-credential
: Get credential detailsverify-credential
: Check credential validityget-proof
: Retrieve proof information
set-admin
: Update contract administratorupdate-reputation
: Modify identity reputation scores
- Always verify credentials before accepting them
- Set appropriate expiration times for credentials
- Use strong hash functions for identity and claim hashes
- Implement additional off-chain verification when necessary
- Maintain secure storage of private keys and recovery information
- Integration with DID standards
- Enhanced reputation algorithms
- Multi-signature recovery options
- Credential schema validation
- Enhanced privacy features
This project is licensed under the MIT License - see the LICENSE file for details.