Self-Sovereign Identity Framework

Project Overview

A European municipal government sought to issue digital residency credentials and enable secure digital voting without creating a centralised honeypot of citizen PII.

The mandate was clear: citizens must be able to prove who they are and that they are eligible to vote — without any authority, including the municipality itself, being able to link a vote to an individual.

The Challenge

Privacy vs. Compliance: KYC regulations required verifying real identity. Privacy regulations (GDPR) prevented storing that identity on a central database. These requirements appeared contradictory.

Usability: Cryptographic systems are notoriously hard to use. The solution had to work for non-technical citizens using standard smartphones.

Interoperability: The framework needed to align with W3C DID standards and EU eIDAS regulations to enable cross-border credential recognition in the future.

Architecture

Zero-Knowledge Proof Layer: We implemented ZK circuits using circom and snarkjs. Citizens could generate a proof that "I am over 18 and a resident of Munich" without revealing their name, address, or date of birth.

DID Infrastructure: Each citizen received a W3C-compliant Decentralised Identifier (DID) anchored to the Polygon blockchain. The DID document contained only public keys — no PII.

Credential Issuance: The municipal identity authority issued Verifiable Credentials (VCs) to citizens' wallets, signed with the authority's private key. Citizens held their own credentials.

Wallet: A React Native mobile app served as the credential wallet, enabling one-tap proof generation and presentation.

Results

• 50,000+ citizens onboarded with zero PII stored on-chain
• 100% verification accuracy in two municipal elections
• GDPR-compliant architecture validated by independent DPO audit
• Framework adopted by two additional EU municipalities after launch