← attestto.com  ·  did:sns Specification  ·  All Specs

Attestto ID

Tiered Identity Credential — anchored to did:sns

1. Overview

Attestto ID is a progressive identity credential that starts as a platform-verified record and can be upgraded to a fully self-sovereign, on-chain identity. It is anchored to a did:sns decentralized identifier and uses the vLEI Solana Bridge for on-chain attestation.

The credential follows a tiered model where each tier adds stronger guarantees without breaking backward compatibility:

Tier 1 (Platform) Tier 2 (Wallet) Tier 3 (Self-Sovereign) +----------------------+ +-------------------------+ +-----------------------------+ | Platform DB record | | + Wallet attestation | | + Soulbound Token (SBT) | | KYC-verified claims | | (wallet belongs to | | minted on Solana | | did:sns identifier | | Attestto ID holder) | | + Dual-key encrypted proofs | | Platform-mediated | | + Platform-mediated | | (2-of-2 Shamir) | | proof resolution | | proof resolution | | + Consent-gated access | +----------------------+ +-------------------------+ +-----------------------------+

2. Credential Tiers

Tier 1 — Platform-Anchored

The identity exists as a platform database record. Claims are KYC-verified and resolved through the Attestto platform. The holder is assigned a did:sns identifier but does not yet have on-chain presence.

PropertyValue
StoragePlatform database only
Proof resolutionPlatform-mediated API
DID identifierdid:sns:<domain>.<user>
On-chain presenceNone
RevocationPlatform-controlled

Tier 2 — Wallet-Attested

Extends Tier 1 with a wallet attestation: an intermediate credential that proves the wallet belongs to the Attestto ID holder. Proof resolution remains platform-mediated, but the wallet binding adds cryptographic anchoring.

PropertyValue
StoragePlatform DB + wallet attestation
Proof resolutionPlatform-mediated API
Wallet bindingAttestation PDA linking wallet to identity
On-chain presenceAttestation only (no token)
RevocationPlatform-controlled + attestation revocable

Tier 3 — Self-Sovereign (Attestto SSID)

Full self-sovereign identity. A non-transferable Soulbound Token (SBT) is minted on Solana via the vLEI Solana Bridge. Proofs are dual-key encrypted using 2-of-2 Shamir secret sharing, and access is consent-gated.

PropertyValue
StorageOn-chain SBT + encrypted vault
Proof resolutionConsent-gated, holder-controlled
TokenToken-2022 SBT (non-transferable, revocable)
Encryption2-of-2 Shamir: User Share A (Vault Extension) + Attestto Share B (PII Vault)
RevocationW3C Bitstring Status List + on-chain revocation
Attestto dependencyCo-signer only (Share B)
Progressive upgrade: A Tier 1 credential can be upgraded to Tier 2 or Tier 3 at any time. The did:sns identifier remains the same across all tiers. The SNS data buffer flags (HAS_SBT, IS_TIER3) reflect the current tier on-chain.

3. Architecture

+------------------+ +--------------------+ +---------------------+ | Attestto ID | | did:sns Domain | | Solana On-Chain | | (Platform) | | (Name Service) | | (SAS + SBT) | +------------------+ +--------------------+ +---------------------+ | KYC claims |------>| SNS data buffer |------>| SAS Attestation PDA | | Verified email | | Magic + Flags | | lei_hash | | Role / org | | SAS UID pointer | | role_level | | Jurisdiction | | ECIES public key | | jurisdiction | +------------------+ +--------------------+ | zkp_proof_hash | | tokenAccount(SBT) | +---------------------+

Selective Disclosure

Attestto ID credentials support per-field selective disclosure using SD-JWT (RFC 9449). Each attribute is individually salted and hashed, allowing the holder to reveal only the claims required by a verifier.

Dual-Key Encryption (Tier 3)

At Tier 3, proof payloads are encrypted with AES-256-GCM. The content encryption key (CEK) is split using 2-of-2 Shamir XOR:

Both shares must combine to reconstruct the CEK. Neither party can decrypt alone. Crypto-shredding (deleting Share B) renders all encrypted objects permanently inaccessible.

Social Recovery (Tier 3)

Share A is further protected with 2-of-3 Shamir recovery: device sub-share, cloud backup sub-share, and guardian sub-share. Any two of three can reconstruct Share A if the primary device is lost.

4. On-Chain Representation

SNS Data Buffer Flags

BitFlagMeaning
0x01HAS_SASSAS attestation linked
0x02HAS_SBTSoulbound Token minted (Tier 3)
0x04IS_TIER3Self-Sovereign ID tier active
0x08HAS_LEILEI/vLEI credential linked
0x10HAS_ECIESECIES encryption key published

SBT Token (Token-2022)

The Soulbound Token is minted via the vLEI Solana Bridge program using Solana Token-2022 with the non-transferable extension. The token:

5. Verification

A verifier resolves an Attestto ID through the following chain:

  1. Resolve did:sns:<domain> via the DID Resolver
  2. Read the SNS data buffer flags to determine the credential tier
  3. If HAS_SAS: follow the SAS UID to the attestation PDA, verify the issuer signature
  4. If HAS_SBT: verify the Token-2022 account exists, is non-transferable, and matches the attestation
  5. For selective disclosure: request an SD-JWT presentation, verify disclosed claims against the attestation hash

6. Compliance

RequirementHow Attestto ID addresses it
GDPR / Costa Rica Law 8968 (Protección de la Persona Frente al Tratamiento de sus Datos Personales)No PII on-chain. Dual-key Shamir vault. Crypto-shredding for right-to-erasure.
FATF Travel Rule / ISO 20022SAS attestation provides issuer-signed identity proof for counterparty verification.
W3C DID v1.1Anchored to did:sns, a W3C-conformant DID method.
GLEIF vLEILEI hash stored in attestation. vLEI bridge provides on-chain LEI verification via ZKP.

7. Related Resources