Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Verification Method

3 min read
Pronunciation
[ver-uh-fi-key-shuhn meth-uhd]
Analogy
Think of a verification method like the specific instructions for checking someone's identification at different types of secure facilities. Just as a government building might have a detailed procedure for guards to verify visitor IDs—specifying exactly what to look for in a driver's license, how to check for holograms, or when to use a UV light—a verification method in a DID document provides precise technical instructions for how to verify digital signatures or proofs from that identity. These instructions might specify which public key to use, which cryptographic algorithm to employ, and what digital format to expect. Both systems create standardized verification procedures that can be consistently followed by different verifiers to determine if someone is who they claim to be, without requiring direct communication with the original authority that issued the credential.
Definition
A standardized specification within a Decentralized Identifier (DID) document that describes how to cryptographically verify assertions or controls made by the DID subject, including public keys, biometric templates, or verification procedures. Verification methods enable secure authentication, authorization, and data signing in self-sovereign identity systems by linking DIDs to specific cryptographic materials and defining how they should be used to verify digital proofs.
Key Points Intro
Verification methods enable flexible cryptographic verification in decentralized identity through several key standardized components.
Key Points

Relationship definition: Specifies how verification materials relate to the DID subject through properties like authentication, assertionMethod, or keyAgreement.

Cryptographic specification: Defines the precise cryptographic materials (like public keys) and algorithms used for verification in a standardized format.

Multiple verification techniques: Supports diverse verification approaches including public key cryptography, biometric templates, or delegated verification systems.

Purpose-specific methods: Enables different verification materials to be designated for specific purposes like authentication, encryption, or credential signing.

Example
A digital identity platform implemented verification methods in DID documents to enable secure, multi-purpose identity verification. When Sophia created her decentralized identity, the system generated a DID document containing three distinct verification methods: a primary Ed25519 public key for general authentication, a secp256k1 key specifically for signing blockchain transactions, and a biometric template verification method for high-security scenarios. Each method was properly formatted with a unique ID (like "did:example:123#key-1"), type designation ("Ed25519VerificationKey2020"), and controller attribution. When Sophia later needed to log into a healthcare portal, the service requested authentication using her DID. Her digital wallet signed the authentication challenge using her primary Ed25519 key. The portal verified this signature by retrieving Sophia's DID document from the identity network, locating the verification method marked for "authentication" relationship, extracting the public key material, and validating the signature using the specified algorithm. Later, when signing a property deed, the system used her separate blockchain-specific verification method, ensuring appropriate key usage for different security contexts while maintaining a single coherent digital identity.
Technical Deep Dive
Verification methods follow a structured technical format defined in the W3C DID Core specification. The technical implementation typically includes several standardized properties: "id" (a unique identifier for the method, often fragment-based); "type" (specifying the cryptographic suite like Ed25519VerificationKey2020 or EcdsaSecp256k1RecoveryMethod2020); "controller" (the DID that controls this verification method, often the same as the DID subject); and material-specific properties like "publicKeyJwk" (for JSON Web Key format), "publicKeyMultibase" (for multibase-encoded keys), or specialized formats for particular verification types. The verification process follows different technical paths depending on the method type: for public key methods, verification involves signature validation using the specified algorithm against the provided public key; for biometric methods, verification may involve template matching within specified tolerance parameters; for service-based verification, the process might involve delegated verification through specified endpoints. Advanced implementations leverage the "verificationRelationship" patterns in DID documents to create purpose-specific verification methods, allowing different keys or verification materials to be designated for specific functions like "authentication" versus "assertionMethod" versus "keyAgreement". This enables security practices like keeping high-value signing keys in cold storage while using separate authentication keys for routine operations. Modern verification method implementations increasingly include capabilities like service endpoints for DID authentication protocols, embedded policy constraints like key usage limitations, and rotation metadata for key lifecycle management.
Security Warning
DID documents and verification methods are typically public information, so never include private keys, secrets, or sensitive biometric data in a verification method. Additionally, be cautious about verification methods that use deprecated cryptographic algorithms or non-standard verification types that might not have undergone sufficient security review. Always verify that the controller of a verification method matches expectations, as mismatched controllers could indicate compromise or spoofing attempts.
Caveat
While verification methods provide a standardized approach to cryptographic verification, they face significant challenges with evolving cryptographic standards and interoperability. Different DID methods, wallet implementations, and verification libraries may support inconsistent subsets of verification method types, creating potential compatibility issues. The flexibility of the standard allows for methods that might have different security characteristics, placing significant responsibility on verifiers to understand and properly evaluate the security implications of different method types. Additionally, most implementations struggle with verification method rotation and revocation, particularly for long-lived DIDs where cryptographic materials may need to be updated due to key compromise or algorithm obsolescence while maintaining identity continuity.
Related Terms
DID Document
Public Key Cryptography

Verification Method - Related Articles

No related articles for this term.