On-Chain Identity Awakening: A Comprehensive Analysis of DID and On-Chain KYC

Abstract

Decentralized Identity (DID) and on-chain identity verification (KYC) have garnered sustained attention in recent years, yet their practical implementation remains in the early stages. The key drivers behind them primarily stem from three aspects: increasingly stringent global compliance requirements, the need for trusted identities in DeFi and on-chain applications, and growing user awareness of privacy and data autonomy. Despite this, the market demand for a fully decentralized identity system has not yet fully materialized. Mainstream products currently serve more as identifiers and social attributes rather than constructing reusable, cross-scenario on-chain identity structures.

On the technical front, Zero-Knowledge Proofs (ZK) and Verifiable Credentials (VC) are driving the evolution of identity systems towards greater privacy and standardization. However, they are more likely to be embedded into applications in a "seamless integration" manner rather than relying on users to actively manage complex credentials. In the short term, the industry's more realistic path remains an extension of traditional KYC, such as front-end KYC or lightweight compliance solutions like "off-chain verification, on-chain credentials." These can meet regulatory requirements without altering on-chain logic and are more convenient for projects to implement in DeFi, RWA, and fiat on/off-ramp scenarios.

Notably, with the rapid development of AI Agents, the long-term evolution of identity systems may introduce new variables. Compared to ordinary users, Agents are more likely to become the core users of on-chain identity systems in the future. As Agents gradually gain autonomous capabilities, they may require verifiable, traceable, cross-scenario reusable DID structures to prove their permissions, model versions, and credibility, and to automatically complete lightweight KYC or risk control verification on-chain. Although there are still many uncertainties at the technical and regulatory levels, the rise of AI Agents is expanding DID's potential necessity from the "user side" to the "machine side," bringing new possibilities for the long-term development of identity infrastructure.

This report will provide a systematic analysis of the fundamental concepts, key technologies (including ZK, VC, composable credentials, etc.), practical applications, and regulatory requirements of DID and on-chain KYC, combined with an assessment of medium-to-long-term trends based on the current industry development stage. Overall, future identity infrastructure is more likely to develop in a hybrid manner: front-end KYC serving as a short-term, executable compliance layer, "off-chain verification, on-chain credentials" as a mid-term evolution direction, with related technological systems maturing gradually at the foundational level, while DID may find its true functional demand within AI Agent systems. The ultimate vision of self-sovereign identity still requires time to validate, but the practical capabilities around privacy, credentials, and compliance have already become a crucial component of Web3's development infrastructure.

Table of Contents

1. Industry Background and Policy Drivers

1.1 Major Global Regulatory Trends

1.2 Compliance Pressure: Why Does Web3 Need an Identity System?

2. DID: Definition and Standards of Decentralized Identity

2.1 Basic Concepts and Key Characteristics of DID

2.2 Self-Sovereign Generation of DID

2.3 W3C DID Specification

2.4 Core Architecture of DID

2.5 Application Scenarios of DID

3. On-chain KYC: From Off-chain Review to On-chain Proof

3.1 Definition and Evolutionary Logic of On-chain KYC

3.2 Classification of Technical Approaches for On-chain KYC

3.3 Typical Application Scenarios for On-chain KYC

3.4 Front-end KYC: The Identity Verification Layer Connecting Centralized Entry Points to On-chain Compliance Systems

4. Overview of Typical Projects

4.1 Typical DID Projects

4.2 Typical On-chain KYC Projects

4.3 Integration of DID and On-chain KYC

5. Technical Challenges and Privacy Trade-offs

5.1 Technical Challenges: Lack of Unified Standards, High Usability Barriers, Compatibility and Performance Need Improvement

5.2 Distributed Storage and Persistence Issues in DID Systems

5.3 Privacy Trade-offs: How to Find a Balance Between Compliance and Anonymity?

5.4 Decentralized vs. Centralized: The Trust Dilemma of Issuers

6. Industry Trends and Future Outlook

References

1. Industry Background and Policy Drivers

1.1 Major Global Regulatory Trends

In recent years, several major jurisdictions worldwide have successively introduced or updated regulatory policies for crypto assets, particularly emphasizing identity verification (KYC) and anti-money laundering (AML) compliance. This trend may directly drive the rapid development of Decentralized Identity (DID) and on-chain KYC technologies, making them key infrastructure for the Web3 ecosystem's move towards compliance and scale.

In the European Union, the Markets in Crypto-Assets Regulation (MiCA), formally passed in 2023, established a unified compliance framework requiring Crypto-Asset Service Providers (CASPs) to fulfill the same KYC and AML obligations as traditional financial institutions. Notably, when users transfer amounts exceeding €1,000 from platforms to private wallets, platforms must collect and record user identity information.

In June 2025, the U.S. Senate passed the GENIUS Act, establishing a federal-level regulatory framework for stablecoin issuance and circulation for the first time. The Act requires stablecoin issuers to maintain 1:1 reserve backing, undergo audits, disclose asset structures, and comply with AML and Bank Secrecy Act (BSA) obligations. This series of regulations makes identity verification a prerequisite for entering the stablecoin market. In other words, without accurately identifying token holders, it is impossible to determine the legality of fund usage or meet regulatory requirements. In this context, the importance of on-chain identity systems is no longer a theoretical possibility but a technical prerequisite for the compliant operation of stablecoin businesses.

The Monetary Authority of Singapore (MAS) has long required crypto platforms to implement strict KYC and AML processes under the Payment Services Act. More notably, MAS has actively guided the exploration of DID and ZK privacy-preserving technologies in compliant identity verification through mechanisms like the Regulatory Sandbox Plus in recent years.

Hong Kong is also gradually refining its regulatory framework. The Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA) have issued several guidance documents for Virtual Asset Trading Platforms (VATPs) in recent years. Particularly with the promotion of "non-face-to-face account opening" policies, market demand for on-chain identity verification mechanisms has significantly increased. For VATPs operating in Hong Kong, proving the link between account control and actual user identity has become a crucial part of the compliance process.

Furthermore, in emerging markets like Latin America and Africa, on-chain identity technology is not only a regulatory response tool but also directly addresses the practical issue of digital financial inclusion. Large populations have long been excluded from the financial system due to a lack of official identity documents. In 2023, the Brazilian government launched a National Digital Identity Program, with some modules integrating blockchain functionality. In Africa, countries like Nigeria and Uganda have collaborated with NGOs to provide digital identity registration for refugees and stateless individuals on DID platforms. These explorations indicate that the application of on-chain identity systems in developing countries is shifting from passive regulatory adaptation to an active role in empowering social governance and financial access.

Overall, global regulatory trends are evolving from basic KYC towards a compliance system that is verifiable, auditable throughout the identity lifecycle, and balances privacy protection. This not only imposes higher identity governance requirements on Web3 but also drives the entire industry towards standardized and compliant identity solutions. On-chain identity systems are no longer just a technical concept but core infrastructure enabling the legal development of sectors like DeFi, stablecoins, and RWA. Their construction and adoption pace is being transformed from policy pressure into industry initiative.

1.2 Compliance Pressure: Why Does Web3 Need an Identity System?

As global regulation of crypto assets tightens, Web3 projects can no longer avoid a core question if they wish to operate compliantly: Do you truly know your user? As mentioned above, whether it's the EU's MiCA policy or the GENIUS Act stablecoin bill passed by the U.S. Senate, platforms are required to be able to identify, verify, and record user identities. This means the simple model of "wallet address equals user" can no longer meet regulatory requirements. A verifiable, traceable, privacy-preserving on-chain identity system is becoming a compliance necessity.

This is especially true for emerging Web3 applications like stablecoins, DeFi, and RWA (Real World Assets), which are gradually being incorporated into regulatory frameworks. For example, the GENIUS Act explicitly requires stablecoin issuers to fulfill Anti-Money Laundering (AML) and Know Your Customer (KYC) obligations, with a regulatory logic similar to traditional financial institutions. Without the support of an on-chain identity system, these protocols cannot determine who the real users are or whether they are compliant, thus preventing legal issuance or operation.

Take the Ethereum privacy protocol Tornado Cash, for instance. Unable to identify users, it was placed on the U.S. Treasury Department's (OFAC) sanctions list, accused of being used by North Korean hackers to launder over $10 billion. While the protocol itself was neutral, its complete anonymity and inability to prevent illicit use made it a primary target for sanctions. This demonstrates that the inability to verify identity itself constitutes a compliance risk. Similarly, in 2023, the cross-chain wallet Mixin Network was hacked, resulting in losses exceeding $200 million. Due to the lack of identity verification and on-chain account protection mechanisms in its architecture, tracking the attackers' funds was difficult, and post-incident compensation and liability allocation became chaotic due to the absence of user identification. This further confirms that without identity mechanisms, systems are not only non-compliant but also insecure.

Simultaneously, building an on-chain identity system is crucial not only for compliance but also for Web3's own development. Without an identity system, DAOs are vulnerable to Sybil attacks, NFT lending cannot assess credit, airdrop activities are easily exploited by bots, and DeFi protocols struggle to connect with real-world users and assets. In other words, if Web3 aims to attract institutional participation and connect with the real economy, it must possess a set of identity infrastructure that is both compliant and decentralized.

In recent years, several leading DeFi protocols, including Aave, dYdX, and Uniswap, have been forced to restrict functionality or access for U.S. users precisely because they cannot determine if users belong to regulated jurisdictions or high-risk groups. For example, dYdX once attempted to introduce facial recognition KYC but faced strong user opposition. Ultimately, these projects found themselves caught between compliance and user freedom, impacting market expansion. Such situations highlight a core problem: without finding a balance between decentralization and identity verification, DeFi's globalization process will be constrained. An on-chain identity system that achieves privacy protection + verifiability could become the optimal solution.

In the future, whether it's on-chain KYC, Decentralized Identity (DID), or new technologies like Zero-Knowledge Proofs and Verifiable Credentials, they will all become important components of the Web3 identity system. The gradual implementation of regulatory policies is becoming the primary driver pushing this system forward.

2. DID: Definition and Standards of Decentralized Identity

2.1 Basic Concepts and Key Characteristics of DID

In the centralized world, users' identity information is controlled by large corporations. Whether it's social media accounts, transaction records, or credit history, it all depends on centralized platforms and services, making it difficult to migrate and impossible to control. DID (Decentralized Identifier) attempts to break this pattern, allowing users to truly own, control, and autonomously manage their identity information. Simply put, DID is like a digital ID card for the Web3 world. One key reason it's called a decentralized identity is that it is not issued by a centralized authority but is generated autonomously by users locally through cryptography and blockchain technology, and is widely recognized.

To understand DID (Decentralized Identity), it's essential first to recognize its fundamental difference from the traditional identity systems we encounter daily. In the traditional internet, user identities often rely on accounts issued by platforms like WeChat, Google, or Facebook. These accounts seem to belong to us but are actually controlled by the platforms, subject to restrictions, suspension, or complete loss if the platform shuts down. DID is a form of Self-Sovereign Identity (SSI), meaning users have complete control over their identity. This is not just technical decentralization but a return of rights. Identity is no longer an appendage of a platform's service but is held and maintained by the user themselves.

Another key characteristic of DID is Verifiability. Through cryptographic signatures and other means, it allows third parties to verify the authenticity of an identity without relying on centralized institutions or exposing users' sensitive information. It's akin to proving you graduated from a certain university without having to show your complete personal information or original certificate. Combined with Selective Disclosure mechanisms, users can reveal only necessary information based on actual needs, thereby completing verification while protecting privacy.

DID is also Persistent, meaning the DID identity does not disappear if a platform goes bankrupt or a service terminates. DIDs are typically stored on blockchains or decentralized networks (like IPFS, Ceramic, Arweave). Unlike traditional servers prone to downtime or tampering, these networks are maintained by thousands of nodes, ensuring your identity data exists long-term, is not easily lost, and can be verified by others as genuinely issued by you. This decentralized storage mechanism avoids the single point of failure (where data across different platforms is isolated, leading to repeated user registration and difficulty in sharing, limiting flexible data use) and data tampering risks associated with centralized servers.

Interoperability is also a crucial foundation of the DID system. DID is not an isolated technology but a set of universal standards being promoted by the W3C (World Wide Web Consortium) to become a global standard. As long as different platforms and applications follow unified protocols, they can recognize and use the same DID, significantly reducing the cost for users to switch between services. It's similar to email; whether you use Gmail or Outlook, you can communicate with each other.

2.2 Self-Sovereign Generation of DID

The self-sovereign generation of DID is essentially a process where users create, own, and manage their digital identity themselves, without relying on traditional centralized platforms like governments, social media, or companies. It can be understood as issuing yourself an ID card, rather than applying for an account or document issued by an institution.

Specifically, when a user generates an identity in a system supporting DID, the system creates a pair of cryptographic keys locally (typically on the user's device or within a wallet application): one is a private key (kept secret, belonging only to you), and the other is a public key (can be public, used by others to verify you). Subsequently, the system generates a unique identifier, the DID (often in a format like did:example:123456789abcdefghi), based on the public key and other information. This DID can be registered on a blockchain or decentralized storage network, ensuring it is public, verifiable, and tamper-proof.

The entire process involves no centralized registration authority, no username/password, and no forms to fill out; it relies entirely on cryptography to guarantee the uniqueness and security of the identity. Users only need to safeguard their private key, and the DID remains theirs. The benefit of this approach is that identity no longer depends on any single platform and will not become invalid due to platform failure or policy changes, truly achieving user ownership of identity.

2.3 W3C DID Specification

Currently, the Web3 ecosystem has gradually formed several mainstream DID standards and protocols. The most core is the W3C DID specification, which provides a unified format for global decentralized identities. Around this specification, many implementation frameworks and tools have emerged. The goal of these standards and tools is consistent: to enable users to use a unified identity across applications, chains, and platforms while achieving privacy, security, and verifiability.

The W3C DID specification not only defines the DID format (e.g., did:example:123456abcdef) but also details how to resolve a DID to obtain its associated DID Document. A DID Document is a JSON file recording public information related to the identity, such as verification public keys, service endpoints, etc. This information enables DID holders to prove ownership of their identity through cryptographic means, achieving true decentralized identity control.

Furthermore, the W3C DID specification introduces the concept of DID Methods. A DID Method defines the specific methods for creating, reading, updating, and revoking a particular class of DIDs, allowing DIDs to adapt to different underlying infrastructures, such as blockchains, distributed storage systems, or even traditional databases. For example, did:ethr: represents a DID method on Ethereum, while did:key: generates DIDs directly based on public keys without relying on a blockchain. This method mechanism design greatly enhances the standard's extensibility and cross-platform compatibility.

The greatest significance of the W3C DID specification lies in providing a unified, open, and extensible identity representation standard, enabling global developers and organizations to build and integrate DIDs based on a common language. This standard breaks down platform silos, allowing users to truly control their identities and freely migrate and interact across different platforms. It is the cornerstone of the entire decentralized identity ecosystem and lays a trusted identity foundation for a series of upper-layer applications.

2.4 Core Architecture of DID

The core of the DID (Decentralized Identifier) system's technical architecture lies in building a decentralized, user-controlled, verifiable, and cross-platform interoperable identity system. This architecture relies on a complete set of open standards and protocols developed by the W3C and Web3 communities, ensuring identities can be uniformly used and securely verified across different platforms, blockchains, and applications. It mainly consists of the following key components.

2.4.1 Decentralized Identifier (DID Identifier)

A DID is a globally unique identity identifier that does not rely on a centralized registration authority. It is generated through a local key pair and published or resolved in conjunction with a specific DID Method. Its structure is typically: did:method:unique-id

• did: