NFTs are a powerful technology for digital ownership and value transfer, but verifiable credentials are better for digital identity
By Char Howland
Non-fungible tokens, more commonly referred to as NFTs, have leapt from niche tech communities into mainstream media as a way to commodify digital art. Celebrities have garnered publicity for NFTs by issuing them, such as Grimes, or investing in them, such as Reese Witherspoon and Jimmy Fallon. A $11.7-million gold cube was placed in Central Park in February 2022 to garner publicity for German artist Niclas Castello crypto and NFT launch — and symbolize the transition from old-world material value to 21st century digital value.
Inevitably, NFTs and their connection to blockchains and cryptocurrencies are easier to hype or scorn than understand as a technology attempting to create proof of digital ownership or uniqueness in a medium of infinitely copyable ones and zeros. NFTs are technologically interesting as a way of proving ownership and facilitating value transfer; but they are problematic if applied to proving a person’s identity.
As a cryptographic token stored on a blockchain, an NFT is unique, irreplicable, and proves the ownership of an object by one entity. An NFT in the analog world is akin to a receipt, which proves a purchase, except that it is publicly displayed on its blockchain ledger. Having your receipt written to the blockchain means that it cannot be altered without breaking the integrity of the chain. As an immutable record, NFTs solve the problem of selling and owning digital art.
Depending on the ledger, NFTs can be transferable between different owners and can hold intrinsic value (i.e., value independent of market scarcity or desirability). This is because an NFT smart contract defines the relationship of ownership and value transfer on the ledger and not the other way around.
What NFTs are good for
NFTs provide digital data with verifiable rights of ownership and history. They do this by outlining a smart contract that governs how ownership is authenticated and transferred. NFTs excel at giving digital creators a new way to exchange labor for monetary gain. While NFT smart contracts exist as an extension of digital currency, they are being used to represent financial assets as well as utility assets.
NFTs are good at providing digital data and digitally represented physical assets with the ability to prove a right of ownership and a history of that ownership. One limitation, however, is secure storage. Blockchain ledgers require a group of computers validating blocks to be added to the ledger. For each computer to maintain consensus in a timely manner with high availability , NFTs must be within a certain size. This size limit prevents large digital assets from being represented on a ledger.
As a result, NFT smart contracts are starting to use identifiers to external data storage to overcome the storage limitations of blockchain ledgers. External storage references are used to connect a digital asset to an NFT where the digital asset is stored with a different service. This use of external, off-ledger storage leads to the centralization of digital assets, with the attendant risks of centralizing any high-value data. Attempts to mitigate this centralization are being taken by using decentralized services that specialize in storage, such as the distributed IPSF.
The ability to define exactly how value and ownership is transferred on a blockchain ledger, combined with the flexibility to represent large, custom digital assets gives the NFT creator unprecedented control of a digital asset even after its sale. Combined, these benefits provide a completely novel way for digital creators to monetize their art, creating new markets that only exist online.
As NFT smart contracts define digital ownership and value transfer, NFT creators have used the definitions of ownership and value transfer to conceal extra fees and expiration dates. Governments can use these features to collect tax, but scammers can also take the spread of value or manipulate ownership and value. As with any contract, know what you are signing.
What NFTs are not good for
As we live in increasingly digital worlds, verifying identity in digital spaces is as important as it is in many physical spaces. And since a person’s identity is unique and irreplicable, some are jumping to the conclusion that NFTs should be used to represent that person and prove their identity in a virtual space.
This is where the hype around NFTs is overstated. While the public nature of NFTs is useful for proving ownership, it is detrimental when applied to sensitive personal information. First, we don’t want any personally-identifying information, including variants such as hashes, written to a public or even a private blockchain. This is just basic digital safety. Even if data on a public ledger is encrypted, that encryption has an expiration date, and in some number of years that encryption will be solvable and the data will be accessible.
Second, NFTs are not designed for verifying personal identity information. If you wanted to verify a particular item of personal information, NFTs would, again, limit privacy because they are indivisible and immutable objects. They are not designed for selective disclosure or the right to be forgotten. This means that NFTs do not meet the needs for GDPR or other, similar, data privacy laws.
Third, some organizations have rules against using token-based technologies or cryptocurrencies. Since NFTs are built on top of cryptocurrencies, those organizations cannot issue or accept NFTs as credentials. Although the number of organizations with token-restricting rules will likely decrease, these restrictions decrease the overall interoperability of NFTs for identity proof.
Verifiable Credentials are the digital identity solution
While NFTs are designed to prove the ownership of a digital asset, verifiable credentials (VCs) are designed to prove information about a person or entity. VCs use blockchain-based distributed ledger technology to make credentials private but verifiable: The credential itself is private until the subject consents to revealing it, or sharing data contained within it, but the cryptographic keys necessary to verify the validity of the credential and its ownership are publicly available on the ledger.
In other words, the contents of your passport are held by you in the verifiable credential on a mobile device or other wallet; they are not written to a blockchain as they would need to be if your passport was an NFT. This solves the privacy and safety problem.
In contrast to the roles of seller and buyer in an NFT transaction, VCs support the roles necessary for identity information exchange: an issuer who creates and signs the credential (e.g., the passport office), a holder who keeps and presents the credential (e.g., you), and a verifier who cryptographically verifies the validity of the credential upon presentation (e.g., airport security).
VCs are also designed to be divisible: each credential has a collection of attributes (i.e. first name, last name, birthdate, etc.) that can be revealed or withheld depending on the required information. They can allow zero knowledge proofs, a way of verifying a statement as true or false without revealing its value (for example: proving that someone is over 21 years old without revealing their exact age). VCs pose less of a risk to GDPR infractions than NFTs. Since VCs are not bound to cryptocurrencies, they can be used by all organizations, including those with rules against the use of cryptocurrencies and token-based technologies.
VCs are superior for digital identity verification than NFTs precisely because they solve the digital verification problem while preserving privacy and increasing security (the peer-to-peer communications protocol for verification can render each identity cryptographically unique).
The underlying problem of verifying digital information is only going to become more urgent as our concept of identity expands to include billions of connected devices and digital twins (the virtual representation of a physical object). NFTs demonstrate a need for proof, and meet the need for proving digital ownership; but verifiable credentials represent the better, privacy-preserving solution for personal identity.