W3C-Compliant Decentralized Identity Protocol
1. Identity System Design Objectives
ANCORA DID is a self-sovereign decentralized identity system designed for:
Permanent, user-controlled digital identity
No central authority or identity provider
Built-in social recovery eliminating seed phrase risk
Native anti-Sybil identity verification
W3C DID standard compliance
Post-quantum security by default
Each DID represents a unique human user, organization, or AI agent, and serves as the foundation for universal access grant eligibility, governance participation, and network interactions.
2. DID Document Structure
ANCORA DID follows the W3C DID Core 1.0 specification:
DID Identifier Format:
Example: did:ancora:7a9f3d8c1e2b4f6a0d5c7b3e9f1a2d4c6b8e0f2a4c6e8b0d2f4a6c8e0b2d4f6a
DID Document Structure:
3. Identity Lifecycle
3.1 Identity Creation
User generates Dilithium 5 identity keypair
User configures 5 trusted recovery contacts
User completes identity verification and anti-Sybil check
DID document published on-chain
Universal Access Grant vesting schedule begins at activation
3.2 Identity Update
DID documents may be updated via:
Owner signature for public key rotation and contact changes
3-of-5 recovery group signature for account recovery
All updates are recorded on-chain with immutable version history
3.3 Identity Recovery
Account recovery eliminates mnemonic seed phrases entirely:
User initiates recovery request
Recovery contacts provide attestation signatures
3-of-5 threshold signature required to reset identity keys
Old keys are automatically revoked and marked compromised
Recovery event recorded permanently on DID history
3.4 Identity Deactivation
DIDs may be deactivated via:
Voluntary deactivation by owner
Verified death attestation by recovery group (triggers unvested token reclamation)
Permanent revocation for proven Sybil identity
4. Anti-Sybil Identity Verification
To ensure fair universal access grant distribution, all human DIDs undergo multi-factor anti-Sybil verification:
Device Attestation: Unique device hardware fingerprint verification
Social Graph Verification: Recovery contacts must be mutually verified unique identities
Behavioral Verification: Transaction and interaction pattern analysis
Network Consensus: Validator majority confirmation of unique identity
No single verification factor is sufficient. Sybil identities are detected and rejected before grant activation, with all attempted Sybil DIDs permanently blacklisted.
5. Identity Privacy Model
All DID documents are public on-chain for verification purposes
User personal data is never stored on-chain, only cryptographic public keys
Zero-knowledge proofs allow identity verification without revealing DID
Selective disclosure supported for third-party identity verification
No KYC or personal information collection required at any stage