NEW
Report & API Now Live! Data insights report and open data API endpoints live as of September 23, 2025

Description

Description
Source

The did:dxd method is a decentralized identifier system developed by Data-Alliance that focuses on secure authentication and identity verification using blockchain technology. The method is designed to enable self-sovereign identity management while protecting personal information through Trusted Execution Environment (TEE) storage.

The method emphasizes privacy protection by storing sensitive personal data in secure TEE areas that only individuals can access. A key feature is its support for IoT device authentication, allowing devices to be assigned DIDs to ensure data authenticity and prevent tampering during collection and transmission.

The system implements the W3C DID Core 1.0 specification and uses a Verifiable Data Registry for managing DID documents. No personal identifying information is stored in DID documents - these contain only authentication and authorization proof data. Personal information exchange must occur through encrypted Verifiable Credentials.

Key technical features:

  • Uses secp256k1 elliptic curve cryptography
  • Implements a structured identifier format with network ID and checksum
  • Supports multiple service types including citizenship verification and IoT authentication
  • Requires all key generation to occur on the DID subject's device
  • Enforces TEE-based private key storage

Technical Details:

  1. DID Generation and Structure:
  • Format: did:dxd:<network-id><idstring><checksum>
  • Components:
    • network-id: 2 bytes (4 hex)
    • idstring: 20 bytes (40 hex) derived from SHA3-256(pubkey)
    • checksum: 4 bytes (8 hex) from SHA3-256(network-id | idstring)
  1. Resolution Process:
  • DIDs are resolved through the Verifiable Data Registry
  • Resolution returns a standard DID document containing:
    • Verification methods
    • Service endpoints
    • Controller information
    • Authentication methods
  1. Key Management:
  • Uses EcdsaSecp256k1VerificationKey2019 for cryptographic operations
  • Private keys stored exclusively in TEE
  • Supports multiple verification methods per DID
  • Implements key rotation and addition capabilities
  1. Security Features:
  • Digital signatures required for all document updates
  • TEE-based private key protection
  • Checksummed identifiers to prevent typing errors
  • Controlled service endpoint registration
  1. Technology Stack:
  • W3C DID Core 1.0
  • JSON-LD for document formatting
  • secp256k1 elliptic curve cryptography
  • SHA3-256 for hashing operations
  • Blockchain-based registry
  • TEE for secure storage

Projects compatible with, endorsing or using this DID Method

Compatible DLT Instances

DLT Instance
Operator
Source

Entities maintaining or authoring this DID Method

Persons associated with this DID Method

If you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page