FAQ

What is a "plainTextIdentifier"?

plainTextIdentifier is any string of text that a user can use to identify other user.

Phone number, Twitter handle, GitHub username anything that makes it easier to represent an evm based address.

For example:- Alice's phone number: +12345678901

What is an "obfuscatedIdentifier"?

Identifier that is used on-chain, to which the account address is mapped and used by dApps to lookup. It preserve the privacy of the user by not revealing the underlying plainTextIdentifier. Used for on-chain attestations, obtained by hashing the plaintext identifier, identifier prefix, and pepper using this schema: sha3(sha3({prefix}://{plaintextIdentifier})__{pepper}).

What is an "identifier prefix"?

Identifier Prefix is used to differentiate users having same plainTextIdentifier for different purposes and composability.

For example:- Consider Alice having same username on both Twitter and Github, alicecodes.

How do we differentiate between Alice verified using Twitter and Github?

This where prefix comes into play, the plainTextIdentifier alicecodes can be represented as twitter://alicecodes and github://alicecodes this helps differentiate whether Alice was verified using Twitter or Github.

Moreover, it also helps in composability if dApps follow a standard and use prefix then the corresponding obsfuscatedIdentifier will be the same thus making it easier for dApps to lookup identifier verified by other issuers.

You can keep an eye on prefixes suggested by us here (opens in a new tab).

What is a "pepper"?

pepper is a unique secret, obtained by taking the first 13 characters of the sha256 hash of the unblinded signature.

What is an "unblinded signature"?

Obtained by unblinding the signature returned by ODIS which is the combined output, comprised of signature by ODIS signers.

What is an Issuer?

Issuer is an entity that is willing to take the overhead of verifying a user's ownership of an identifier.

Does Issuer need to pay for gas?

For lookup there is no requirement for gas, assuming that the obfuscatedIdentifier to be used for lookup is available.

For registering attestations it is optional, once the obfuscatedIdentifier is obtained issuer can decide whether to just sign the attestation and provide it back to the user which will then use its own funds for gas for registering itself or the issuer can perform the transaction which will require the issuer to pay for gas.

Does Issuer need to have ODIS quota?

Yes, Issuer needs to have ODIS Quota to register and lookup users.

What is cost to register a user?

With 10 cUSD worth of ODIS quota you can attest 10,000 users!

Can I just lookup users and not register them?

Yes, you can lookup users under other Issuers. By doing this, you are trusting that the Issuer took care about verifying that the identifier does actually belong to the user.

You might want to do this if you don't want to create a registry of your own and use an already existing registry created by other Issuers.

Can anyone become an Issuer?

Yes, SocialConnect is open for all. Anyone can become an Issuer.

What are some security & trust assumptions differences between the ASv1 vs. Social Connect?

What's the best way to map an address returned by lookupAttestations to the issuer?

function lookupAttestations(bytes32 identifier, address[] calldata trustedIssuers)
  external
  view
  returns (
    uint256[] memory countsPerIssuer,
    address[] memory accounts,
    address[] memory signers,
    uint64[] memory issuedOns,
    uint64[] memory publishedOns
  )

lookupAttestations returns 4 arrays, depending on the order trustedIssuers was provided respectively the return values are returned.

if trustedIssuers = [I1, I2, ...] then countsPerIssuer = [CI1, CI2, ...] where CIx = number of accounts attested under the Xth issuer

Is there a convention for phone number format?

Yes, the SDK function getObfuscatedIdentifier will only accept E164 formatted phone numbers.