Available online at www.sciencedirect.

com
Available online
Available online at
at www.sciencedirect.com
www.sciencedirect.com
Available online at www.sciencedirect.com
Available online atScience
Procedia Computer www.sciencedirect.com
00 (2023) 000–000
Available online at www.sciencedirect.com
Procedia Computer Science 00 (2023) 000–000
Procedia Computer
Procedia Computer Science 00 (2023)
Science 00 000–000
(2023) 000–000

Information TechnologyScienceDirect
Procedia Computer Science 00 (2023) 000–000
and Quantitative Management (ITQM 2023)
Procedia Computer Science 00 (2023) 000–000
Information Technology and
Procedia Computer Quantitative
Science Management (ITQM 2023)
221 (2023) 1074–1082
Information Technology
Information Technology and and Quantitative
Quantitative Management
Management (ITQM
(ITQM 2023)
2023)
DigitalTechnology
Information Identityand Using Blockchain
Quantitative Technology
Management (ITQM 2023)
DigitalTechnology
Information Identityand Using Blockchain
Quantitative Technology
Management (ITQM 2023)
Digital Identity UsingCareja
Alexandru-Cristian
Blockchain
a Technology
Tapusa
, NicolaeTechnology
Digital Identity Using Blockchain
Digital Identity
University Using
Alexandru-Cristian
Alexandru-Cristian
a Blockchain
Careja
Careja
Politehnica
a
a , Nicolae
a , Nicolae
of Bucharest, Technology
Tapusaa
Tapusa
Romania
a
Alexandru-Cristian Careja , Nicolae Tapusa
a
University Politehnica of Bucharest, Romania
a
a University
University Politehnica
Politehnica of
of Bucharest,
Bucharest,
a Romania
Romania
Alexandru-Cristian Careja
a University Politehnica , Nicolae Tapusa
of Bucharest, Romania
a University Politehnica of Bucharest, Romania
Abstract
Abstract
In recent years, the development of blockchain technology has brought a wide spectrum of potential application
Abstract
Abstract
scenarios from finance to healthcare, IoT, management and many more. This is because the blockchain, a
In recent years, the development of blockchain technology has brought a wide spectrum of potential application
Abstract
distributed
In recent
scenarios
In
digital
recent years, the
from finance
years,
ledger, acts asofan
the development
to healthcare,
development
environment
of blockchain
IoT, management
blockchain
of trust
technology
technology and hasand transparency.
has brought
many more.
brought a
a wide
The subject
spectrum
wideThis of of digital
of potential
is because
spectrum
identity
application
the blockchain,
potential application a
is getting from
Abstract
scenarios morefinance
and more to attention asIoT,
healthcare, it represents
management more and than
many justmore.
replacing
This physical
is becausedocuments
the (e.g. ID
blockchain, a
distributed
scenarios
In recent digital
from
years, the ledger,
finance acts asofan
to healthcare,
development environment
IoT, management
blockchain of trust
technology and
hasandmanytransparency.
brought more.
a wideThis The subject
is because
spectrum of of
thedigital
potential identity
blockchain,
application a
cards, driver’s
distributed license)
digital withacts
ledger, digital
as data.
an It would of
environment enable
trust the
and digitalization
transparency. andTheautomation
subject ofdigital
of the process of
identity
is getting
distributed
scenarios more
digital
from and
finance more
ledger,
to attention
acts as
healthcare,an as it
IoT, represents
environment
managementof more
trustand than
andmany just replacing
transparency.
more. This physical
The
is subject
becausedocuments
of
the digital(e.g. ID
identity
blockchain, a
In
is recent years,
identification
getting moreas the
well
and development
as
moreprotect of blockchain
people
attention asagainst
it technology
identitymorethefthasthan
brought
and fraud. areplacing
wide paper
This spectrum of documents
proposes potential application
and implements a
cards,
is driver’s
getting
distributed
scenarios more license)
digital
from and withacts
more
ledger,
finance to
digital
attention
as an
healthcare,
data.
as it Itrepresents
would of
represents
environment
IoT, management
enable
more
trustand
the
than
andmany
just
digitalization
justmore.
replacing
transparency. This
physical
andTheautomation
physical
is subject
because
ofdigital
documents
of
the
(e.g.
the process
(e.g. ID
of
ID
identity
blockchain, a
model
cards, for digital
driver’s identity
license) that
with relies
digital on blockchain
data. It technology
would enable and
the cryptography
digitalization to
and ensure the
automation privacy,
of thevalidity
process and
of
identification
cards,
is driver’s
getting aslicense)
well as protect
with people
digital data.against identity
it Itrepresents
would theftthe
enable and fraud. This and
digitalization paper proposes
automation and implements
ofdigital
the process a
of
distributed
integrity ofmore
identification digital
personaland
aslicense)
well
more
ledger,
user attention
acts
data.
as with
protect as
These an
people
as
environment
are obtained
against withof
identity
more
trust
the
theft
than
and
help
and
just replacing
oftransparency.
cryptographic
fraud. This and
physical
The subject
signatures,
paper proposes
documents
of
which
and are (e.g.
the ID
identity
digital
implements a
model
cards, for digital
identification
driver’s as identity
well as thatdigital
protectrelies on
people blockchain
data.against
It technology
identity
would theft
enable and
and
the cryptography
fraud. This
digitalization to ensure
paper the privacy,
proposes
automation and
of validity
implements
the process anda
of
is getting
representation
model moreof identity
forofdigital
digital and more
physical thatattention
signatures
relies onoras it represents
stamps.
blockchain set ofmore
Atechnology trustedthan
and just replacing
authorities
cryptography are to physical
in charge
ensure documents
of issuing
the (e.g. and
cryptographic
privacy, validity ID
integrity
model for
identification personal
as welluser
identity
as data.
that
protect These
relies on
people are obtained
blockchain
against with the
technology
identity theft help
and
andofcryptography
cryptographic
fraud. This tosignatures,
ensure
paper the
proposes which are
privacy,
and the digital
validity
implements anda
cards,
integritydriver’s
signatures of and license)
storing
personal with
them
user digital
on
data. data.
the blockchain.
These are It would
obtained Through
withenable the cryptographic
issued digitalization andsignatures,
automation
signatures, thewhichof the
authoritiesprocess
accountof
representation
integrity
model forof
digitalof identity
personal physical
user signatures
data.
that These
relies onor
arestamps.
obtained
blockchain with ofthe
Atechnology
set the help
trusted
help
and of
of cryptographic
authorities are to
cryptographic
cryptography insignatures,
charge
ensure of issuing
the which are
are
privacy, the
the digital
cryptographic
digital
validity and
identification
for the digitalas
representation of well
identity asofprotect
physical the people
users,
signatures or against
similar
stamps. identity
to howA public
set of theft and fraud.
institutions
trusted This
issue
authorities paper
identity
are in proposes
documents
charge of and implements
forcryptographic
issuing their citizensa
signatures
representation
integrity and
ofdigitalstoring
of
personal them
physical
user on These
data. the blockchain.
signatures or
arestamps.
obtained Through
Atechnology
set
with oftheissued
trusted
help cryptographic
authorities
ofcryptography aresignatures,
cryptographic ofthe
insignatures,
charge authorities
issuing
which theaccount
cryptographic
are digital
model
which for
prove
signatures their identity
identity.
and identity
storing themthat relies
Using
onusers, on blockchain
digital
the blockchain.
blockchain.identity in
Through and
multi-participant
issued cryptographic to
decision ensure
support
signatures, the privacy,
systems
the validity
improves
authorities and
the
account
for the digital
signatures of the similar to how public institutions issue are
identity documents forcryptographic
their account
citizens
integrity ofand
representation
decision-making
for the digital
storing
of
personalprocess
identity
them
physical
userof
on
data.
through
the
the
signatures
These or
are
trust,
users,
stamps.
similarobtained
anonymity
to
Through
A set
how with
and ofthe
public
issued
helpcryptographic
trusted authorities
of cryptographic
interoperability.
institutions issue
signatures,
identity
ofthe
insignatures,
charge
documents
authorities
issuing
which
forare thecitizens
their digital
which
for the prove
signaturesdigital
andtheir identity.
identity
storing of
them the Using
onusers,
the digital
similar
blockchain.identity
to how in multi-participant
public
Through institutions
issued decision
issue
cryptographic support
identity systems
documents
signatures, the for improves
their
authorities the
citizens
account
representation
© 2023
which The
prove of
Authors.
their physical signatures
Published
identity. Usingby or stamps.
Elsevier
digital B.V.A
identity setin of trusted authorities
multi-participant are in
decision charge
support of issuing
systems cryptographic
improves the
decision-making
which
for
© the
2023 prove
digital
The their process
identity
Authors. ofthrough
identity.
Publishedthe Using trust,
users,
by anonymity
digital
similar
Elsevier B.V. identity
to how and
in
publicinteroperability.
multi-participant
institutions decision
issue support
identity systems
documents for improves
their the
citizens
signatures
Selection
decision-makingand storing
and/or them
peer-review
process on
through the
under blockchain.
responsibility
trust, anonymity Through
ofandITQM issued cryptographic signatures, the authorities account
2023.
interoperability.
© 2023
which
Thisthe The
decision-making
prove
is an Authors.
opentheir process
access Published
through
identity.
article Using
under by Elsevier
trust,
the digital
CC B.V.
anonymity
identity
BY-NC-ND and interoperability.
in multi-participant
license decision support systems
(https://creativecommons.org/licenses/by-nc-nd/4.0) improves the
for
© 2023 digital
The identity
Authors. of the
Published users,
by similar
Elsevier to how
B.V. public institutions issue identity documents for their citizens
Selection
© 2023prove
The
Peer-review and/or
decision-making
Keywords: Authors.
under peer-review
process
Blockchain; Published
responsibility
throughunder
Identity; by
of the responsibility
Elsevier
scientific
trust, B.V. ofand
committee
anonymity
Privacy; Cryptography; ITQM
of 2023.
theElliptic
Tenth International
interoperability.Curve;decisionConference
Signature; onsystems
Hash; Information
Public/PrivateTechnology
Key
which
Selection their
and/or identity.
peer-review Using
under digital identity
responsibility in multi-participant support improves the
Selection
and2023
© Theand/or
Quantitative
decision-making peer-review
Management
Authors.
processPublished
throughunder
by Elsevier
trust, B.V. of
responsibility
anonymity ofandITQM
ITQM 2023.
2023.
interoperability.
Keywords: Blockchain; Identity; Privacy; Cryptography; Elliptic Curve; Signature; Hash; Public/Private Key
Selection
© 2023 The
Keywords: and/or
Authors.peer-review
Blockchain; Published under
Identity; responsibility
byPrivacy;
Elsevier
Privacy; B.V. of ITQMElliptic
Cryptography; 2023. Curve; Signature; Hash; Public/Private Key
Elliptic
Keywords:
1. Introduction Blockchain; Identity; Cryptography; Curve; Signature; Hash; Public/Private Key
Selection and/or peer-review under responsibility of ITQM 2023.
Keywords: Blockchain; Identity; Privacy; Cryptography; Elliptic Curve; Signature; Hash; Public/Private Key
1. Introduction
1. Nowadays, interacting withPrivacy;
most public services Elliptic
(e.g. healthcare, education,
Hash; banking) requires
Key a
1. Introduction
Keywords:
IntroductionBlockchain; Identity; Cryptography; Curve; Signature; Public/Private
valid proof of legal identity. This proof often comes in the forms of ID cards,
Nowadays, interacting with most public services (e.g. healthcare, education, banking) requires abirth certificates or driver’s
1. Introduction
licences.
valid One
Nowadays,
Nowadays,
proof of of theidentity.
downsides
interacting
interacting
legal with
withofmost
This this
proofidentity
most public
public management
services
services
often comes in (e.g.
(e.g. model ofisID
that
healthcare,
healthcare,
the forms physical
birthdocuments
education,
education,
cards, banking) are
banking)
certificates subjectaa
requires
requires
or driver’s
1.
to Introduction
loss,
valid theft
proof ofand fraud.
legal In
identity.the era
This of
proofdigitalization,
often comes if
in people
the could
forms ofhave
ID a
cards,digital identity,
birth it would
certificates or enable
driver’s
valid proof
Nowadays,
licences. of of
One legal
theidentity.
interacting This
with
downsides proofidentity
ofmost
this often comes
public services
managementin (e.g.
the forms ofisID
healthcare,
model cards,
that birthdocuments
education,
physical certificates
banking) areor driver’s
requires
subject a
the
valid development
licences.
licences.
to loss,proof One
One
theft of of
of of
the
the
legal
and automated
downsides
downsides
identity.
fraud. In processes,
of
of
This
the erathis
this
proof
of reducing
identity
identity
often comes
digitalization, significantly
management
managementin
if the
peopleforms the
model
model
could ofis
isamount
that
that
ID
have cards,
a of bureaucracy
physical
physical
birth
digital documents
documents that
certificates
identity, it are
are
or
wouldneeds to
subject
subject
driver’s
enable
Nowadays, interacting with most public services (e.g. healthcare, education, banking) requires a
be
to done.
loss, Another
theft benefitInfrom implementing amanagement
model for digital identity is of
represented byit the increased
to
theloss,
licences.
valid theft ofand
One
development
proof and
of fraud.
fraud.
the
of
legal In the
the
downsides
automated
identity. era
era
of
This of
of digitalization,
this
proofdigitalization,
identity
processes, reducing
often comes if
ifinpeople
people
significantlycould
could
model
the forms have
have
ofis
the thataa physical
amount
ID cards,digital
digital identity,
identity,
documents
bureaucracy
birth it would
would
are
that
certificates enable
enable
subject
orneeds to
driver’s
security
the
the
to
be loss,
done. level
development
development
theft that
and
Another of
ofit provides,
automated
automated
fraud.
benefitIn the
from as
eradigital
processes,
processes,
of identities
reducing
reducing
digitalization,
implementing a model can
if be
people
for protected
significantly
significantly the
the
could
digital through
amount
amount
have
identity a cryptography.
of
of bureaucracy
bureaucracy
digital
is identity,
represented byit that
that
would
the needs
needs to
to
enable
increased
licences. One of the downsides of this identity management model is that physical documents are subject
be
be
the The
done.
done. blockchain
Another
Another
development
security level thatofittechnology
benefit
benefit from
from
automated
provides, can be
processes,
as digital likened
implementing
implementing a
a to
model
model
reducing
identities acan decentralized
for
for
be digital
digital
significantly database
identity
identity
the
protected amount
through is
is that runs
represented
represented
of on
bureaucracy
cryptography.by
by a peer-to-peer
the
the
thatincreased
increased
needs to
to loss, theft and fraud. In the era of digitalization, if people could have a digital identity, it would enable
network.
security
security
be done. Thethat
level
level same
that
Another it exact copyas
provides,
itautomated
provides, asofdigital
the
digital database
identities
identitiesisacanreplicated
can be across
protected
be digital
protected all the
through
through nodes of the
onbyanetwork,
cryptography.
cryptography. that
the The blockchain
development ofbenefit from
technology implementing
can be likened
processes, a to
model
reducing for
decentralized
significantly identity
the database
amount is of
represented
that runs
bureaucracy the increased
peer-to-peer
that needs to
work in blockchain
The alevel
consensus driven environment.
ittechnology can be Thanks
be likened isaato itsbenature, itdatabase
can
allstore dataruns
and guarantee that it
The
security
network.
be done. blockchain
The that
same
Another technology
provides,
exact
benefit copy
from can
asofdigital
the likeneda to
database
implementing to
identities
model can decentralized
decentralized
protected
replicated database
across
for digital through
identity the that
that runs on
on
cryptography.
nodes byaanetwork,
of the
is represented peer-to-peer
peer-to-peer
the that
increased
network.
network.
work The
security The
The same
same
in blockchain
alevel
consensus
that exact
exact copy
copy
ittechnology
driven of
can the
ofdigital
the database
database
be likened
environment.
provides, as Thanks
identitiesis
toisato replicated
replicated
can across
across
decentralized
itsbenature, all
itdatabase
protected can
throughthe
allstore nodes
the that
nodes of
dataruns
and the
of the
on network,
anetwork,
guarantee
cryptography. that
that
peer-to-peer
that it
work
work
network.in
in
The a
a consensus
consensus
The same
blockchain driven
driven
exact environment.
environment.
copy
technology of
can the
be Thanks
Thanks
database
likened to is ato
to its
its nature,
nature,
replicated it
it
across
decentralized can
can
allstore
store
database the data
data
nodes
that and
and
of
runs guarantee
guarantee
the
on anetwork,that
that
that
peer-to-peerit
it
∗ Nicolae Tapus. Tel.: +4-074-452-3364.
work
network.in a consensus
The same driven
exact environment.
copy of
E-mail address: [email protected]. the Thanks
database is to its nature,
replicated it
across can
allstore
the data
nodes and
of guarantee
the network,that
thatit
∗ Nicolae Tapus. Tel.: +4-074-452-3364.
work in a consensus
Nicolaeaddress:
∗∗E-mail driven environment.
Tapus. [email protected].
Tel.: +4-074-452-3364.
Thanks to its nature, it can store data and guarantee that it
Nicolae Tapus. Tel.: +4-074-452-3364.
∗E-mail
E-mail address: [email protected].
Nicolaeaddress:
Tapus. [email protected].
Tel.: +4-074-452-3364.
1877-0509 © 2023 The Authors. Published by Elsevier B.V.
E-mail address: [email protected].
∗ Nicolae
This is an open Tapus. Tel.: under
access article +4-074-452-3364.
the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0)
E-mail address:
Peer-review [email protected].
under responsibility of the scientific committee of the Tenth International Conference on Information
Technology and Quantitative Management
10.1016/j.procs.2023.08.090
 Alexandru-Cristian Careja et al. / Procedia Computer Science 221 (2023) 1074–1082 1075
Alexandru-Cristian Careja / Procedia Computer Science 00 (2023) 000–000

will not be tampered with and it can prevent attackers from adding new data to the blockchain. It relies
on computational power and cryptographic tools to keep its resources safe.
This paper aims to lay the foundations of a digital identity model that uses a decentralized, open-
source database (e.g. blockchain) for transparency and security. It is mandatory that user’s personal data
privacy is maintained, therefore, instead of storing actual data, only a cryptographic proof of identity
should be stored in the database, while the personal data should belong to the user only. This can be
done with the use of hash functions and cryptographic signature schemas that will be described later in
this paper.
The Ethereum blockchain’s storage can be split into two parts: chain data which stores the list
of blocks that form the blockchain, and state data that includes data like account balances and smart
contract state variables. Most blockchains haven’t been designed to store large amounts of data. However,
there are a few blockchains that are focused around efficient storage in a transparent, distributed manner.
An example of that is Storj [1], a crypto-powered cloud storage platform, with a claimed network capacity
of over 100 petabytes (1 petabyte = 1024 gigabytes). What this blockchain aims to achieve is to allow
users to pay other users on the network to store their files.

1.1. Digital Identity solution for blockchain

Several proof of concept papers [2, 3] describe the implications of digital identity in a decentralized
environment. They emphasize the idea of ”self-sovereign identity” (SSI), a model in which users own
all the rights over their digital identity. In this model, users have control over what happens with their
identity, as only they can share it with whoever they want to. In addition to these, the self-sovereign
identity model supports the transparency of algorithms and systems, so that everyone can see how they
work and have trust in the framework.
The SSI model is closely related to the Distributed Ledger Technology (DLT), and more specifically,
blockchain technology. This is because the self-sovereign identity model needs to store cryptographic
proofs that can be trusted by anyone and available at any time. The blockchain technology is a good
foundation for SSI as it provides high level of security as well as scalability.

1.2. Hashes and hash functions

A hash function is a mathematical function which takes an input and returns an unique output
(called hash) of fixed length. The input can be as small as a simple number or as big as a movie file.
Hashes must be deterministic, so that the same input message always returns the same output hash. A
small change in the input message should generate a completely different hash, therefore hashes must
be uncorrelated. Finally, hashes must be unique; it should be hard to generate the same hash from two
different input messages.
There are different types of hash functions, such as SHA1 (used by Git), SHA256 (used by Bitcoin
and Ethereum blockchains), etc. These hash functions differ by the internal mathematics or algorithms
that they use to convert the input to the output. Due to the use of different algorithms, the output of
these functions is different for the same input. For example, the SHA256 is longer than the SHA1 hash.
This is because the SHA1 creates a 40 digits hexadecimal hash (160 bits), while the SHA256 creates a 64
digits hexadecimal hash (256 bits). The Secure Hashing Algorithm 3 is used in blockchain applications
for digital signatures, key derivation functions and others.

1.3. Digital signatures

A digital signature is a mathematical schema through which digital messages can be stamped by
someone identified by a Public key and Private key pair. It is useful for verifying the identity of the
originator, the authenticity of digital records as well as their integrity. The Digital Signature Algorithm
(DSA), first described in 1992 [4] provides the basic signature generation and signature verification
schemas. The DSA digital signature is a pair of large numbers represented in a computer as strings of
binary digits. The Elliptic Curve Digital Signature Algorithm (ECDSA) implements the main function-
alities of the DSA, and, in addition, it uses Elliptic Curve Cryptography for public-key and signature
generation [5].
1076 Alexandru-Cristian Careja et al. / Procedia Computer Science 221 (2023) 1074–1082
Alexandru-Cristian Careja / Procedia Computer Science 00 (2023) 000–000

2. Solution Architecture

A digital identity model should be able to replicate most of the implications of the current identity
model. One of the primary purposes of the current identity system is to authorize particular actions.
When accessing a resource it is a must that the subject can be identified and prove that they have the
right of using that resource. Identification is a way of establishing trust between individuals and is done
by providing personal information (that is associated with the identity) and proof that the subject has
the right to claim ownership of that identity. The proof is then analysed by the party that identifies the
subject which decides whether to trust the individual or not.

2.1. The management of digital identity

The identity owner and the authorities are the two main actors in a model for digital identity, each
of them having rights and responsibilities.
First, the identity owner should be in charge of the management of their personal data. This means
that they has to protect the data themselves from being stolen or lost. The identity owner has the right
to share their personal information whenever and to whomever they wish to, which in turn attracts a
responsibility. Second, the trusted authorities are responsible for the authentication of user identities.
They issue proof of authenticity and store it in a database, as well as manage those records.

2.2. Blockchain specifications

The blockchain that will be chosen needs to be a well established trustful distributed ledger that has
proven in time that it is reliable and secure. From a technological point of view, it has to implement the
following functionalities: a) be able to store large amounts of data; b) support smart contracts. Smart
contracts help solve the issue of trust in the digital world.

2.3. Identification
So far, individuals have their own identities and authorities issue proofs of authenticity for user
identities that are stored on the blockchain. These provide the foundation of identification. Identification
is the process in which an individual tries to prove to an identifier entity, that their identity is legitimate.
The process of identification should find a resolution only with the consent from the individual, as they
own their personal data. Identification is usually requested when an individual tries to access a resource
for which certain requirements are set, such as being an employee, or having the residency in a specific
location.

2.4. Digital Signatures

There are a few security concerns over the subject of digital identity, one of them being, how can
everyone be sure that the identity someone pretends to have is legit. One way to prove that a certain
person’s digital identity is legit is by having a trusted authority issue a cryptographic proof of authenticity
for the user owned digital identity.
The Elliptic Curve Digital Signature Algorithm (ECDSA) uses the elliptic curve discrete logarithm
problem (ECDLP), for which no sub-exponential time algorithm is known. Given a message and the
private key of the signer, the ECDSA can compute a 64 bytes (sometimes 65 bytes) long digest (the
signature). In some implementations of the ECDSA, it is required to implement the functionality of
public key recovery from signature, which requires an extra byte of information, therefore making the
signature 65 bytes long.
Elliptic curves define:

• A generator point G, used for scalar multiplication (for secp256k1 [6] elliptic curve, n ≈ 1.158e77)
• Order n, the length of the private keys. (for secp256k1 elliptic curve, G {x ≈ 5.506e76, y ≈ 3.267e76})
 Alexandru-Cristian Careja et al. / Procedia Computer Science 221 (2023) 1074–1082 1077
Alexandru-Cristian Careja / Procedia Computer Science 00 (2023) 000–000

The ECDSA Private Key is generated as a random integer between 1 and n − 1. The Public Key will
then be generated as the elliptic curve multiplication between the Private Key and G. Given a key-
pair(pubKey, privKey), G, n and a message m, the ECDSA Signature is generated following the next
steps:
• Using the SHA31 calculate the hash of the message m: hash = h(m);
• Calculate the value k which is HMAC-derived from hash + privKey as described in RFC6979[7];
• Calculate the abscissa r of point R = k × G;
• Calculate the signature proof: s = k−1 × (h + r × privKey)(mod n), where k−1 is the modular inverse
of k;
• Return the signature {r, s}; r, s ∈ [1, n − 1].
The calculated r, s integers encode the random point R along with the proof s, showing that the signer
knows the message m and the Private Key privKey.
Based on these formalities, the decision to identify a person will be taken using cryptographic proof
in the form of a digital signature generated using the ECDSA.

2.5. Modules architecture

The solution architecture is split into four modules, their relationship being illustrated in Figure 1.

Fig. 1. Modules Architecture

The trusted authority will store the proofs of authenticity on the Ethereum blockchain using a Python
API which sends transactions to the blockchain. These transactions will be processed by the smart
contract which will verify whether the sender of the transaction is trusted to register a new signature
and store them accordingly. Through this same API, the trusted authority can also edit and delete
records, similar to how it can add new ones. The smart contract exposes methods for both authorities
and verifying entities, each of them either public (the ones that don’t alter the state of the smart contract)
or restricted. Verifying entities will be able to interrogate the smart contract regarding the trustfulness
of authorities as well as view authority issued signatures. On the user’s side, a Python API will be
implemented in order to help the user use the cryptographic tools needed for identification as well as
help them manage their personal data. This module will use the local storage for storing the user’s
personal information.

1 Secure Hashing Algorithm 3

1078 Alexandru-Cristian Careja et al. / Procedia Computer Science 221 (2023) 1074–1082
Alexandru-Cristian Careja / Procedia Computer Science 00 (2023) 000–000

2.6. Choosing the right blockchain

Choosing the right blockchain is crucial for an application like this. Designing and implementing an
information system is a complex process that involves making many decisions related to system orienta-
tion, methodology and resources [8]. As mentioned in the specifications chapter, the chosen blockchain
needs to support smart contracts and it needs to be able to store large amounts of data. Around 2014,
blockchains started implementing smart contract functionalities, starting with the Ethereum blockchain.
Other blockchains that support smart contracts are Solana, Neo, Cardano and a few more. However,
none of these blockchains are really oriented towards storing tens of terabytes of data.
With that in mind, the blockchain that was chosen for implementing this model for digital identity is
the Ethereum blockchain. It provides great documentation for its smart contracts as well as a few test
networks (e.g. Ropsten) that can be used for application development. In addition, due to its popularity,
developers have come to write libraries for various programming languages, making it compatible with
most programming languages. Therefore, the smart contract is written in Solidity and due to the plethora
of libraries for Ethereum transactions for Python, it will be the chosen language for programming the
other modules. Ethereum however is not perfect, as the limitation this blockchain imposes is that it can
not store large amounts of data.

2.7. Structural design of the digital identity

With the introduction of digital identity, people may ask ”who is able to see my personal details?”.
In order to keep everyone’s identity private, the subject’s personal data will be stored on their personal
devices such as computers, laptops, smartphones, tablets, smartwatches, or even flash drives. In this
paper, the concept of digital identity will be defined by the sum of all attributes that an identity could
have. The digital identity consists of:

• Actual personal data — One security concern that has been raised about the digital identity was
who can see your personal details. In order to keep every identity private, the subject’s personal
data will be stored on their personal devices such as computers, laptops, smartphones, tablets,
smartwatches, or even flash drives.
• Proof of ownership — Under the form of digital signatures (byte strings) stand as proof that
the subject who signed it owns the data encrypted. This signature is critical in protecting data
ownership because without it, a malicious subject could assume anyone else’s identity, provided
that they know the personal details.
• Proof of authenticity — Authority signatures (byte strings) that stand as proof of authenticity for
user owned personal data. Tthey are meant to be available to anyone so they can validate a specific
user’s identity, while not divulging any personal data.

3. Implementation

3.1. Smart Contract

The smart contract module is written in Solidity, a programming language that exclusively targets
the Ethereum Virtual Machine. The smart contract is a gateway for interacting with the blockchain
state. Its purpose is to implement the functionality of holding signatures and provide a way to edit
them. In the smart contract was defined a data structure for signatures which will hold the signature’s
bytes and a timestamp. The smart contract allows users to change the state of the blockchain. In this
particular case, the state of the blockchain refers to the smart contract’s state variables.
Adding new attributes is done through a smart contract function that stores a signature on the
blockchain. This function is meant only for trusted issuers to run. If a non trusted party tries to call the
function, it will lose the gas fees for the transaction without altering the state of the signatures mapping.
The new attribute signature will be added to a signatures mapping if the issuer passes the trustfulness
test and if the attribute is unique.
 Alexandru-Cristian Careja et al. / Procedia Computer Science 221 (2023) 1074–1082 1079
Alexandru-Cristian Careja / Procedia Computer Science 00 (2023) 000–000

Updating and revoking attribute signatures also checks the request sender’s trustfulness, but, require
one additional step compared to registering new signatures. Before updating an attribute it has to be
checked whether the issuer of the initial signature is the same as the one who tries to edit it. Therefore,
comes the need of a function that recovers the issuer address from the signature, implemented in the
smart contract as well.
In order for the signatures to be easily obtainable for verification purposes, the smart contract exposes
a getter function which takes in as arguments the owner address and the attribute id and returns the
corresponding signature.
After the compilation of the contract, a JSON file will be generated which contains the ABI (Ap-
plication Binary Interface) that ‘describes‘ to other applications how to interact with the contract’s
methods.

3.2. User API

In the implementation of the APIs (user, authority, verifier), were used the Web 3 Python library [9]
for managing transactions and Keccak256 hashes due to its compatibility with the Ethereum blockchain.
For calculating and verifying ECDSA signatures the solution uses the Ethereum Keys Python library [10].
The user API implements the generation of signatures over personal data. Signature generation is
implemented in the ‘sign‘ function illustrated in Figure 2. It receives one argument, the message (piece
of information) that the user wants to sign. First, the Keccak256 hash of the message is calculated using
the Web 3 library function ‘solidityKeccak‘. Then, the authority’s private key is loaded and used for
creating a PrivateKey instance, imported from the Ethereum Keys library. Finally, using the hash and
the private key, generates the ECDSA signature.

Fig. 2. User Signature Generation

3.3. Authority API

This API is designed for use for issuing authorities such as public institutions or even private com-
panies. It implements the communication with the blockchain and provides methods for editing the
blockchain state and for issuing ECDSA signatures. Similar to the User API, it uses the Web 3 and
Ethereum Keys libraries for their cryptographic tools.
The first step in the implementation of this module was the transaction logic. Interaction with the
smart contract is done through function calls, but because the functions calls from this module will
modify the blockchain state, they will require to be part of a transaction, as they will cost an amount of
coins to be processed.
The authority signature generation takes the attribute id, value and the user signature for that specific
attribute. It calculates and returns the Keccak256 hash of the concatenation of the prefix, attribute id,
attribute value and the user’s signature. This hash will then be used as message that will be signed using
the ECDSA. However, because the signature has to be compatible with the Solidity signature functions,
one change has to be done to the signing algorithm from earlier. In solidity, the v value of a signature
has to be in the range [27, 31]. The Ethereum Keys library’s ECDSA, calculates the v value accordingly,
but it returns v − 27. Therefore, after the signature generation, the v value is restored by adding 27 to
it, so that it makes the signature compatible with the smart contract.
Authority signature generation differs from the user signature generation process due to the fact that
the authority signatures have to be compatible with Solidity’s signature recovery mechanism. Therefore,
1080 Alexandru-Cristian Careja et al. / Procedia Computer Science 221 (2023) 1074–1082
Alexandru-Cristian Careja / Procedia Computer Science 00 (2023) 000–000

the authority signature will have to use the standard Solidity message prefix which can be broken into
three elements:
1. the byte 0x19 - this byte would be an invalid first byte for a transaction, so its presence eliminates
the risk of signing an unwanted transaction;
2. the string ’Ethereum Signed Message:\n’;
3. the length in decimal numbers of the message that is signed (excluding the prefix length).

Fig. 3. Hash generation

The attribute registration function is used by authorities when issuing new signatures and storing
them on the blockchain. This function receives the required data from input: the user’s address, the
attribute id, the attribute value and the user signature. It creates a function call to the according
contract function with the specified arguments, and sends the transaction, by calling the ‘transact‘
function. Updating and revoking signatures are implemented in a similar way to registering.

3.4. Verifier API

A Verifier API was implemented under the form of a class, so that any other Python app can
import the class and use its methods. Because the calls that this module will send only refer to the
smart contract’s signature getter function, which is a ‘view‘ function, it can not modify the state of the
blockchain. For this reason, these function calls that read the state of the blockchain do not have to be
included in a transaction. This class defines three new methods.
The Verifier API implements a method that does the verifications regarding the signature structure.
Because the signatures are represented as hex strings until they are written on the ledger, the first check
is to see whether the first two characters are ’0x’, then, it checks whether the signature has the right
length and finally, it checks whether the signature is indeed a hexadecimal value, by trying to convert
the value from base 16 to decimal.
The user signature validation method checks whether the given signature was issued by the given
user address. It first checks the structure of the signature. If it passes this check, then, it calculates
the hash of the signed message. Using the ECDSA pubic key recovery method, it determines from the
signature and the signed message hash, the address of who signed the message. Finally, it checks the
resulting address against the given address and takes the decision of whether to trust the user or not. If
the two addresses are the same, then the identification process continues to the next and last step.
Based on the validity of the signature and the trustfulness of the user, the Verifier makes the decision
of whether the identity is valid or not.

4. Digital Identity use in Multi-Participant DSS

A Decision Support System (DSS) [11] is an information system that supports business or organiza-
tional decision-making activities. Multi-Participant Decision Support Systems (DSS) should be anony-
mous so that ideas are accepted based on their values rather than the proposer’s reputation or position
[12]. Similar to how users share their personal data to only whomever they want, the proposed digital
identity solution in adequate to be used in a DSS to first, identify the user within a decision-making task
and secondly, submit votes anonymously.
Anonymous voting is achieved using the same signature schema that our digital identity solution
uses. Voters sign their vote using their private key resulting in a hash which is then hashed with SHA3
 Alexandru-Cristian Careja et al. / Procedia Computer Science 221 (2023) 1074–1082 1081
Alexandru-Cristian Careja / Procedia Computer Science 00 (2023) 000–000

and signed using an authority’s private key. In this case, the authority which is signing the votes must
also be counting them since it is the only one, apart from the voters who should be able to see the votes.
Anonymity can be achieved if we assume that the authority signing the participant votes doesn’t allow
anyone to see the one-time signed vote.
To further automate the process of decision-making, using smart contracts in multi-participant DSS
provide security and immutability that the blockchain technology offers. The smart contract shall take
care of the vote counting, signing (as if it would be an authority) and ultimately taking the decision by
consensus. Another benefit of using blockchain technology and digital identity in a DSS is that these
provide the system interoperability and interconnectivity between applications. Participants can use the
same identity across every other system, while the blockchain facilitates the connectivity between them.

5. Evaluation

The evaluation of the implemented solution is done with a scenario that tries to mimic a identification
process. It assumes that a university has a few online resources and that students have personal ‘accounts‘
with which they can identify and gain access to those resources. In the digital identity model that this
paper describes, passwords are replaced by the ownership of the private key. Whoever owns the private
key, can be assumed that they own the data encrypted with it. Therefore, these ‘accounts‘ are nothing
less than a given student id from the university (e.g. ‘john.doe‘), backed up by user (student) and
university signatures.
In order to evaluate the solution, a server application was used, that represents a university’s student
platform, and which owns a couple of records (grades) for some student ids. It uses the Verifier API
for user authentication and communicates with the User API over TCP. It listens for connections and
when a connection is established it waits for a message that represents the user request. If the requested
resource are the grades, then the server sends back a message in which it tells the user that they need to
authenticate using their ’university_login’. Besides that, in the same message the server sends a ‘secret‘,
which it expects the user to sign in order to prove that they own the private key associated with the
address they claim to have. This secret begins with the byte ‘0x19’ so that it would be an invalid byte for
a transaction. Then the server waits for the credentials and signed secret from the user. Upon receiving
them, it checks the signed secret and if the signer matches the user address it proceeds to validate the
user identity, using the Verifier API. If it passes this check, then it will send the grades to the user.
Applying the described evaluation method to the solution proved that the model is capable of pro-
viding a complete digital identity service. The security that this model provides is backed up by the
SHA 3 and ECDSA schemes. The piece of personal data that has to be protected is first hashed with
the Keccak 256 hashing function, resulting in a 256 bit digest, and then signed using the Elliptic Curve
Digital Signature Algorithm. In order to recover the originally signed message from the data stored on
the blockchain, it would be necessary for both the ECDSA and SHA3 to be broken, but for which there
isn’t any known vulnerability so far.

6. Conclusions

With the progress in the technology sector, more and more requests of a digital identity model have
been raised. Digital identity is a hot topic at the moment, as researchers are looking for methods
to implement safe, tamper-proof identity management models which keep the user data private. The
blockchain technology provides a public, transparent, decentralized ledger that enables the foundation
of a trusted environment thanks to its consensus mechanisms.
This paper proposed a digital identity model that uses the blockchain technology to store crypto-
graphic proofs of authenticity for attributes that define the identity of a subject. These proofs are issued
by a set of trusted authorities, similar to how public institutions issue identity documents for their citi-
zens. In this model, the user’s private key is the essential piece of information that allows them to use
their identity. The private key, alongside the subject’s personal information can be stored on any device
1082 Alexandru-Cristian Careja et al. / Procedia Computer Science 221 (2023) 1074–1082
Alexandru-Cristian Careja / Procedia Computer Science 00 (2023) 000–000

from computers and laptops to phones, smartwatches and even on physical cards and be used for au-
thentication when needed. The digital identity’s use in multi-participant DSS is to support anonymity,
the voting and decision-making process and interoperability of the system.
The solution is a digital identity model which uses the blockchain’s decentralized database to develop
a transparent identity model, which keeps the user’s personal information private. It allows users to
identify themselves with the help of a signature schema that proves the authenticity and ownership of
the data.
With the emergence of new blockchain technology, we could see this model projected onto another
blockchain that has the capabilities of storing large amounts of data, while supporting smart contracts
with high availability.

References
[1] Storj whitepaper.
URL https://www.storj.io/storjv3.pdf
[2] M. Shuaib, N. H. Hassan, S. Usman, S. Alam, S. Bhatia, P. Agarwal, S. M. Idrees, Land registry framework based on
self-sovereign identity (ssi) for environmental sustainability, Sustainability 14 (9). doi:10.3390/su14095400.
[3] A. J. Zwitter, O. J. Gstrein, E. Yap, Digital identity and the blockchain: Universal identity management and the
concept of the “self-sovereign” individual, Frontiers in Blockchain vol. 3.
[4] The digital signature standard, Nist - Communications of the ACM, Vol.35, No.7.
[5] V. Kapoor, V. S. Abraham, R. Singh, Elliptic curve cryptography.
[6] Standards for efficient cryptography, SEC 2: Recommended Elliptic Curve Domain Parameters.
[7] Rfc6979, section 3.2.
URL https://datatracker.ietf.org/doc/html/rfc6979
[8] F. G. Filip, A decision-making perspective for designing and buildinginformation systems, IJCCC 7 (2).
[9] P. Merriam, J. Carver, Web 3 python library.
URL https://web3py.readthedocs.io/en/stable/
[10] Ethereum keys python library.
URL https://github.com/ethereum/eth-keys
[11] F. G. Filip, Creativity and decision support system, Researches in Computer and Informatics 1 (1).
[12] F. G. Filip, Collaborative decision-making: Concepts and supporting information and communication technology tools
and system, IJCCC 17 (2).