The DeFi sector is facing increased regulatory pressure to de-anonymize certain transactions and user profiles, while simultaneously dealing with flagging user confidence in terms of their individual rights to data privacy.
This is providing fertile ground for innovative companies to try to allow end users to be the sovereign of their own identity and data, whilst meeting the demands of enhanced regulatory requirements.
Identity is a problem that impacts DeFi, broader Web3 and centralised companies. It therefore provides a significant revenue opportunity for companies entering the sector, with estimates for the digital identity market alone to have a value of $71bn by 2027.
For transparency please note that this research report was written by Matthew Vallis as part of the ethLondon hackathon which was sponsored by Rarimo (mentioned below)
What is self-sovereign identity?
Self-sovereign identity is a type of identity management that helps issuing organizations create fraud-proof credentials and empowers verifying organizations to instantly check the authenticity of those credentials. Individuals fully own and control their digital identity and credentials without relying on any third party to prove their claims. (Dock.io, October 2023)
The Sovrin Foundation is a not-for-profit global consortium aiming towards building and governing a network of self-sovereign identity, known as Sovrin Identity Network. In their whitepaper, another definition of self-sovereign identity can be found identifying three crucial properties: individual control, security, and full portability.
‘‘The individual (or organization) to whom the identity pertains completely owns, controls and manages their identity. In this sense the individual is their own identity provider—there is no external party who can claim to ‘‘provide’’ the identity for them because it is intrinsically theirs. You can reveal some or all of it some of the time, or all the time. You can record your consent to share data with others, and easily facilitate that sharing. It is persistent and not reliant on any single third party. Claims made about you in identity transactions can be self-asserted or asserted by a 3rd party whose authenticity can be independently verified by a relying party.’’ (The Sovrin Foundation, September 2016)
Most Internet identities are centralised. This means that they are owned and controlled by a single entity, such as a payment provider or a merchant. Within its own domain, centralised identity works well and the user experience is smooth, but it has struggled to keep pace with the rapid growth and variety of online websites and services with which today’s users interact.
It is estimated that data breaches from centralised entities are resulting in over £4bn a year in fraud per year (City AM, October 2022). Fraud risks can take many forms, however large centralised databases present a sizeable target for criminals.
Federated identity has been one answer to some of the problems of centralisation. At its simplest, federation gives a degree of portability to a centralised identity, for example enabling a user to login into one service using the credentials of another. At a more complex level, it can allow different services to share details about the user and has been popularised within organisations or groups of apps with the use of single sign on (SSO) to make the user experience easier and to remove the need for memorising multiple passwords.
Although federation provides a semblance of portability, the power remains with the identity provider who sits at the centre of the federation web. The implications to a user of having their centrally federated account deleted or compromised result in access to all the associated accounts.
User-centric identity is most frequently manifested in the form of independent personal data stores at one end of the spectrum, and large social networks at the other end. However, the entire spectrum still relies on the user selecting an individual identity provider and agreeing to their often one-sided contracts.
Some existing user-centric implementations are also susceptible to charges of unintended data leakage as they move data from one silo to another, trading the user’s willingness for increased convenience with the exchange of their personal data to a 3rd party. In light of the Cambridge Analytica scandal and heightened awareness of companies ability to misuse their data, this has heightened scrutiny of such models and increased the call for further decentralisation of data. This is discussed further in a paper titled: User-centric approaches for collecting Facebook data in the ‘post-API age’ (Breuer, Kmetty, Haim and Stier, June 2022)
What is DeFi?
Investopedia highlights three key takeaways when describing Decentralised Finance (DeFi), which focus on solving the key issues of traditional finance (TradFi) which typically operates using a centralised model.
- Decentralised finance uses emerging technology to remove third parties and centralized institutions from financial transactions.
- The components of DeFi are stablecoins, software, and hardware that enables the development of applications.
- The infrastructure for DeFi and its regulation are constantly evolving.
Decentralised finance eliminates intermediaries by allowing people, merchants, and businesses to conduct financial transactions through emerging technology. Through peer-to-peer financial networks, DeFi uses security protocols, connectivity, software, and hardware advancements.
Wherever there is an internet connection, individuals can lend, trade, and borrow using software that records and verifies financial actions in distributed financial databases. A distributed database is accessible across various locations as it collects and aggregates data from all users and uses a consensus mechanism to verify it.
Decentralised finance eliminates the need for a centralized finance model by enabling anyone to use financial services anywhere regardless of who or where they are. DeFi applications give users more control over their money through personal wallets and trading services that cater to individuals.
What are the problems that need solving?
In a paper entitled “Decentralized Identity: Embrace the Change in IAM” co-written by Ping and Deloitte, key problems that can be solved by utilising include that The European Commission believes that SSI has the potential to revolutionize the way we interact with digital services.
By giving individuals more control over their personal data and making it easier for them to use digital services, SSI can help to create a more secure, privacy-friendly, and user-friendly digital world. Here are some of the benefits of SSI that the European Commission is highlighting:
- Increased privacy and security: SSI gives individuals more control over their personal data and allows them to share only the information that they want to share, with whom they want to share it.
- Improved user experience: SSI can make it easier for individuals to use digital services, as they will not need to create a new identity for each service.
- Enhanced interoperability: SSI can help to make digital identities more interoperable across different countries and organisations
What is the size of the market?
The global digital identity solution market is projected to grow from nearly 28 billion U.S. dollars in 2022 to almost 71 billion U.S. dollars in 2027. The rapid market growth is driven by increasing instances of identity frauds and data breaches and new government regulations.
Global digital identity solution market value 2020-2027
According to statistics compiled in a report by cheqd.io, published numbers for self-sovereign identity market are:
- $1.1 billion [in annual revenue] by 2024 (Juniper Research, February 2020)
- Just in the UK alone it is estimated that the cost of identity assurance processes exceeds £3.3bn a year (The Open Identity Exchange / Control-Shift, June 2014)
- By 2025, 20% of total digital ID will be built using DLT/Blockchain technology, increasing from 5% in 2020 (Goode Intelligence, November 2019)
What use cases are gaining traction?
Google trends shows self-sovereign identity vs. digital identity. Indicates that there is a lot of interest in digital identity with some evidence of growth in self sovereign identity.
Web3 interest became relevant in November 2021, with elevated interest initially that has shown some signs of mild decline since. This drives most of the interest in the space, with privacy protocols potentially more important to companies and concerned individuals rather than the standard user performing searches.
Keyword analysis indicates that decentralized identity and digital identity are more difficult words to bid on, likely because they are more likely to drive a transaction. Web3 drives significantly more volume, likely as users search to learn and understand more about what web3 is and the decentralised internet.
|Number of Results
|self sovereign identity
What emergent use cases in DeFi provide the most opportunity?
Interest in Web3 has remained at an elevated level since it was popularised in late November 2021. This has seen the growth in projects across DeFi and increased the demand for enabling users to become the sovereign of their own identity and data.
SSI is built on blockchain fundamentals but maintains identity credentials stored off-chain. Hence its technology enables participants to securely identify themselves with only necessary information and guarantees their sovereignty or control over their data.
Research by Gattaca who have launched products in the space indicate that through this layer of decentralized identification, SSI can enable protocols to assess a user’s ability to repay a loan (without the need for a centralized credit score) and eliminate some of the risks associated with decentralized lending.
Introducing decentralized KYC checks also unlocks value by:
- Opening the path for more DeFi services by offering users a certain level of trust or reputation
- Providing one KYC across all platforms, eliminating end-user frustration
- Enabling users the ability to revoke a platform’s access to their information at any time
- Safeguarding access to users whose identity has been verified.
- Tackling the young trader demographic problem
- Eliminating design vulnerabilities in current authentication protocols
Further research by Kaleido highlights 20 use cases where self sovereign identity can add value to the users experience which include a number that are relevant to DeFi such as identity verification for digital onboarding, identity based payments and micropayments and cross-border identity verification.
These remain significant challenges for centralised companies as well as within Web3, providing opportunities for self-sovereign identity companies to access a large revenue pools within DeFi and beyond.
The scale of these existing problems has resulted in large companies attempting to drive innovation across the sector with to the launch of a $300m privacy-centric innovation fund backed by Andreessen Horowitz in and a new foundation set up by TBD and Circle, both recently launched in October 2023.
Blockworks highlighted earlier in the month that most of DeFi’s bold privacy declarations had fallen short of expectations so far. The DeFi sector is facing increased regulatory pressure to de-anonymize certain transactions and user profiles, while simultaneously dealing with flagging user confidence in terms of their individual rights to data privacy.
Rapidly maturing technologies like zero-knowledge proofs and decentralized identity systems eliminate the need for (and the possibility of) divulging extraneous user data to any external party. At the same time, they enable regulators to identify and act on malicious on-chain activity with confidence and rapidity. Combining such a storage system with privacy-enhanced DeFi apps makes for a comprehensive privacy trading suite that is also aligned with AML regulations.
As DeFi continues to grow and mature, regulators will develop new frameworks to govern this industry while developers will create new, responsible privacy-preserving technologies. That’s why Web3 builders should recognize that today’s privacy shortcomings are a puzzle to be solved, not an indictment on the industry.
Which companies are operating in the market?
|Protocol labs, Automattic, Dawn Capital, Firstminute Capital, Notion Capital, Status.im
|Acquired by Parallel Markets
Previous investors: Costanoa Ventures, Cowboy Ventures, Eniac Ventures, Seedcamp
|Georgian Partners, Forward venture partners, Osage Venture Partners
|Home – Trinsic
|Evernym (Renamed Midy)
|Acquired by Avast
Previous investors: Barclays Ventures, Medici Ventures
|Blog – Digital Identity, Privacy, & Compliance | Evernym
Home Page – midy