Untitled :: Hashgraph DID-SDK

Introduction and Goals

Executive Summary

This proposal outlines the development of an enhanced Hashgraph DID-SDK (Decentralized Identifier Software Development Kit) to address key limitations in the current implementation. This new SDK will empower developers to build secure, high-performance, and interoperable decentralized applications (dApps) on the Hedera Hashgraph network. By resolving performance bottlenecks, enhancing security, improving interoperability, and fixing critical bugs, the SDK will provide a robust foundation for decentralized identity management, ensuring scalability, reliability, and seamless integration within the Hedera ecosystem.

Achievements:

In-Depth Analysis of Existing SDK: A thorough review of the current Hashgraph DID-SDK, as detailed in HIP-0001, has identified key limitations in performance, security, and interoperability, which have been addressed in the new design.
Community-Driven Design: The new SDK has been shaped by active engagement with the Hedera developer community, ensuring it aligns with the needs and expectations of the ecosystem.
Comprehensive Solution Design: The new SDK offers a robust solution that incorporates essential features to address the limitations of the current SDK and significantly improve performance, security, and flexibility.

Goals:

Unlock High Performance: By enabling asynchronous cryptographic operations, the SDK will allow the development of applications that are both responsive and scalable, even under high-demand scenarios.
Maximize Security: Flexible key management options, including External Secret Mode and Client-managed Secret Mode, will give developers the tools to implement robust security measures tailored to their specific application needs.
Facilitate Seamless Integration: Multibase encoding will be integrated to enhance interoperability, ensuring seamless communication between decentralized applications and a wide range of systems and technologies, both within and outside the blockchain space.
Ensure Reliability: By addressing critical bugs identified in the current SDK, including issues with message verification and signature validation, the new SDK will maintain stability, reliability, and data integrity, providing a trusted foundation for decentralized applications.
Foster Open Collaboration: An open-source reference implementation and comprehensive documentation will encourage community contributions and feedback, fostering a collaborative environment across the Hedera ecosystem.

Key Components

To achieve these ambitious goals, the enhanced Hashgraph DID-SDK will incorporate the following key components:

Asynchronous Cryptographic Operations: The SDK will implement asynchronous cryptographic operations to eliminate performance bottlenecks, improving the responsiveness and efficiency of applications, particularly under high-load conditions. This will enable dApps to handle a larger volume of transactions with reduced latency.
Flexible Key Management: The SDK will support both External Secret Mode and Client-managed Secret Mode, providing developers with the flexibility to choose the most appropriate key management strategy for their specific security and operational needs.
Multibase Encoding: Integrating multibase encoding will enhance interoperability by allowing the SDK to seamlessly communicate with a diverse range of systems and technologies. This will enable broader adoption and integration of Hedera-based decentralized identities.
Critical Bug Fixes: Addressing critical bugs, including issues with message verification, signature validation, and topic subscription management, will ensure the stability and integrity of decentralized applications built on Hedera. This focus on reliability will foster trust in the SDK and the dApps built upon it.
Comprehensive Reference Implementation: The SDK will include an open-source reference implementation, complete with detailed documentation and robust test coverage (targeting 80% across unit, integration, security, and performance tests). This will provide developers with clear guidance, best practices, and confidence in the SDK’s quality and reliability.

Conclusion

The enhanced Hashgraph DID-SDK represents a significant step forward in decentralized identity management on the Hedera network. By addressing critical challenges in performance, security, and interoperability, the new SDK will provide developers with the tools they need to build innovative, secure, and scalable decentralized applications. This initiative reflects Hedera’s commitment to progress, collaboration, and the advancement of a secure, user-centric, and universally accessible digital identity ecosystem.

Stakeholders

This table outlines the key stakeholders involved in the development of the Hashgraph DID-SDK and their respective roles and expectations.

Role	Contact	Expectations
Head of Engineering	Micha Roon	Technical feasibility, performance, and alignment with Hedera’s architecture
Lead Developer	Pablo Buitrago	Code quality, technical implementation, and adherence to best practices
Software Engineer	Jakub Sydor	Code quality, technical implementation, and efficient code execution
Scrum Master	Gabriele Morelli	On-time delivery, effective sprint management, and removal of impediments
Quality Assurance Engineer	Waldemar Trawnicki	Software quality, bug identification, and test coverage

Role

Contact

Expectations

Head of Engineering

Micha Roon

Technical feasibility, performance, and alignment with Hedera’s architecture

Lead Developer

Pablo Buitrago

Code quality, technical implementation, and adherence to best practices

Software Engineer

Jakub Sydor

Code quality, technical implementation, and efficient code execution

Scrum Master

Gabriele Morelli

On-time delivery, effective sprint management, and removal of impediments

Quality Assurance Engineer

Waldemar Trawnicki

Software quality, bug identification, and test coverage

Requirements Overview

Functional Requirements

This table lists the functional requirements for the Hashgraph DID-SDK, detailing the specific functionalities it must provide.

ID	Requirement
FR-001	The SDK shall support multibase encoding
FR-002	The SDK shall support manual node selection
FR-003	The SDK shall allow serialization of transactions
FR-004	The SDK shall allow freezing of transactions
FR-005	The SDK shall allow signing transactions with external keys
FR-006	The SDK shall allow signing transactions with private keys
FR-007	The SDK shall support the 2018 verification key format
FR-008	The SDK shall support the 2020 verification key format
FR-009	The SDK shall include a DID resolver
FR-010	The SDK shall support JSON-LD format for DID resolution
FR-011	The SDK shall support dereferencing of DID services
FR-012	The SDK shall support JSON format for DID resolution
FR-013	The SDK shall support CBOR format for DID resolution
FR-014	The SDK shall support dereferencing of DID fragments
FR-015	The SDK shall support management of DID services
FR-016	The SDK shall allow creation of DIDs
FR-017	The SDK shall enable batch updates for DID registrations
FR-018	The SDK shall allow transfer of DID ownership
FR-019	The SDK shall allow deactivation of DIDs
FR-020	The SDK shall support management of DID verification relationships
FR-021	The SDK shall support management of DID verification methods

Requirement

FR-001

The SDK shall support multibase encoding

FR-002

The SDK shall support manual node selection

FR-003

The SDK shall allow serialization of transactions

FR-004

The SDK shall allow freezing of transactions

FR-005

The SDK shall allow signing transactions with external keys

FR-006

The SDK shall allow signing transactions with private keys

FR-007

The SDK shall support the 2018 verification key format

FR-008

The SDK shall support the 2020 verification key format

FR-009

The SDK shall include a DID resolver

FR-010

The SDK shall support JSON-LD format for DID resolution

FR-011

The SDK shall support dereferencing of DID services

FR-012

The SDK shall support JSON format for DID resolution

FR-013

The SDK shall support CBOR format for DID resolution

FR-014

The SDK shall support dereferencing of DID fragments

FR-015

The SDK shall support management of DID services

FR-016

The SDK shall allow creation of DIDs

FR-017

The SDK shall enable batch updates for DID registrations

FR-018

The SDK shall allow transfer of DID ownership

FR-019

The SDK shall allow deactivation of DIDs

FR-020

The SDK shall support management of DID verification relationships

FR-021

The SDK shall support management of DID verification methods

Non-Functional Requirements

This table lists the non-functional requirements for the Hashgraph DID-SDK, specifying quality attributes like performance, security, and maintainability.

ID	Requirement
NFR-001	The SDK shall be compatible with various environments
NFR-002	The SDK shall have minimal dependencies on external Node modules
NFR-003	The SDK shall be compatible with specified Node.js versions
NFR-004	The SDK shall have comprehensive test coverage

Requirement

NFR-001

The SDK shall be compatible with various environments

NFR-002

The SDK shall have minimal dependencies on external Node modules

NFR-003

The SDK shall be compatible with specified Node.js versions

NFR-004

The SDK shall have comprehensive test coverage

Risks and Technical Debt

This section outlines the top architectural risks and technical debt items associated with the Application, along with their potential impact and proposed mitigation strategies.

1. SDK Dependency and Maintenance

Description: The application utilizes the Hashgraph DID-SDK. Dependencies on external libraries like this introduce risks related to maintenance, updates, and potential vulnerabilities within the SDK itself.
Potential Impact: Increased development time, difficulty in resolving issues stemming from the SDK, security vulnerabilities inherited from the SDK.
Mitigation Strategy: Stay informed about SDK updates and security advisories. Establish a process for timely updates and vulnerability patching. Contribute to the SDK’s development or consider forking it if necessary to maintain control.

2. Hedera Network Dependency

Description: The application is dependent on the Hedera Hashgraph network for core functionality. Any issues with the Hedera network, such as outages, performance degradation, or consensus issues, will directly impact the application.
Potential Impact: Service disruptions, delays in transaction processing, potential data inconsistencies.
Mitigation Strategy: Implement robust error handling and retry mechanisms for Hedera API calls. Monitor Hedera network status and performance. Consider alternative solutions or fallback mechanisms for critical functionalities in case of Hedera network issues. Explore Hedera mirror nodes for data retrieval.

3. Scalability and Performance

Description: As the application grows and user adoption increases, scalability and performance can become bottlenecks.
Potential Impact: Slow response times, degraded user experience, increased operational costs.
Mitigation Strategy: Design the application with scalability in mind. Employ performance testing and optimization techniques. Utilize caching mechanisms effectively. Monitor application performance and identify potential bottlenecks proactively. Consider horizontal scaling options.

4. Security of Sensitive Data

Description: The application handles sensitive user data and private keys. Inadequate security measures could lead to data breaches and unauthorized access.
Potential Impact: Loss of user data, financial losses, reputational damage.
Mitigation Strategy: Implement strong encryption for data at rest and in transit. Enforce strict access controls and authentication mechanisms. Conduct regular security audits and penetration testing. Stay up-to-date with security best practices and Hedera security recommendations.

Best Practices:

The risks listed above are prioritized based on their potential impact and the likelihood of occurrence.
This document will be reviewed and updated quarterly or whenever significant changes are made to the application architecture or its dependencies.
Regular risk assessments will be conducted to identify and address new or evolving risks.

Glossary

This glossary provides definitions for key terms used throughout this document.

Term Description

Term	Description
Decentralized Identifier (DID)	A globally unique identifier that allows entities (like individuals, organizations, or devices) to control their own digital identity without relying on centralized authorities. Think of it as a digital passport for the online world. Example: `did:example:123456789abcdefghi`
DID Document	A machine-readable document (often in JSON format) that acts as a verifiable "digital passport" for a DID. It contains essential information about the DID, such as public keys, authentication methods, and service endpoints.
DID-SDK (Decentralized Identifier Software Development Kit)	A set of tools and libraries that make it easier for developers to build decentralized applications that use DIDs on the Hedera network. This SDK simplifies the process of creating, managing, and resolving DIDs.
Client-managed Secret Mode	A key management approach where the application developer takes full control of managing the cryptographic keys associated with a DID. This offers flexibility but requires careful implementation to ensure security.
External Secret Mode	A key management approach where the cryptographic keys are managed outside of the DID-SDK, often by a dedicated key management service or hardware security module. This enhances security by separating key management responsibilities.
Internal Secret Mode	A key management approach where the DID-SDK itself manages the cryptographic keys. This can be more convenient for developers but might have security implications depending on the SDK’s implementation.
Interoperability	The ability of different systems and technologies to communicate and exchange information seamlessly. In the context of DIDs, interoperability ensures that DIDs created on Hedera can be used with other systems and applications.
Key Management	The processes and technologies for generating, storing, and managing cryptographic keys. This includes key generation, secure storage, key rotation, and key revocation. Proper key management is crucial for the security of DIDs.
Multibase Encoding	A method for encoding binary data (like cryptographic keys) into a textual representation that can be easily shared and used across different systems and protocols. This improves the interoperability of DIDs.
PrivateKey	A secret cryptographic key used to generate digital signatures and decrypt messages. In the context of DIDs, private keys are associated with a DID and used to authenticate actions performed on behalf of that DID.
PublicKey	A cryptographic key that is mathematically linked to a private key. It is used to verify digital signatures created with the corresponding private key, ensuring authenticity and integrity.

Decentralized Identifier (DID)

A globally unique identifier that allows entities (like individuals, organizations, or devices) to control their own digital identity without relying on centralized authorities. Think of it as a digital passport for the online world. Example: did:example:123456789abcdefghi

DID Document

A machine-readable document (often in JSON format) that acts as a verifiable "digital passport" for a DID. It contains essential information about the DID, such as public keys, authentication methods, and service endpoints.

DID-SDK (Decentralized Identifier Software Development Kit)

A set of tools and libraries that make it easier for developers to build decentralized applications that use DIDs on the Hedera network. This SDK simplifies the process of creating, managing, and resolving DIDs.

Client-managed Secret Mode

A key management approach where the application developer takes full control of managing the cryptographic keys associated with a DID. This offers flexibility but requires careful implementation to ensure security.

External Secret Mode

A key management approach where the cryptographic keys are managed outside of the DID-SDK, often by a dedicated key management service or hardware security module. This enhances security by separating key management responsibilities.

Internal Secret Mode

A key management approach where the DID-SDK itself manages the cryptographic keys. This can be more convenient for developers but might have security implications depending on the SDK’s implementation.

Interoperability

The ability of different systems and technologies to communicate and exchange information seamlessly. In the context of DIDs, interoperability ensures that DIDs created on Hedera can be used with other systems and applications.

Key Management

The processes and technologies for generating, storing, and managing cryptographic keys. This includes key generation, secure storage, key rotation, and key revocation. Proper key management is crucial for the security of DIDs.

Multibase Encoding

A method for encoding binary data (like cryptographic keys) into a textual representation that can be easily shared and used across different systems and protocols. This improves the interoperability of DIDs.

PrivateKey

A secret cryptographic key used to generate digital signatures and decrypt messages. In the context of DIDs, private keys are associated with a DID and used to authenticate actions performed on behalf of that DID.

PublicKey

A cryptographic key that is mathematically linked to a private key. It is used to verify digital signatures created with the corresponding private key, ensuring authenticity and integrity.