Skip to content

Add Mosaic DID types and pallet implementation (Phase 1 MVP)#2

Closed
MarkusMaiwald wants to merge 2 commits intodevelopfrom
claude/integrate-did-specs-kzx4X
Closed

Add Mosaic DID types and pallet implementation (Phase 1 MVP)#2
MarkusMaiwald wants to merge 2 commits intodevelopfrom
claude/integrate-did-specs-kzx4X

Conversation

@MarkusMaiwald
Copy link
Member

@MarkusMaiwald MarkusMaiwald commented Feb 12, 2026

Summary

This PR introduces the core infrastructure for the did:mosaic DID method on the Mosaic Trust Network, derived from the IOP Morpheus SSI Stack. It includes type definitions, DID document state management, and a Substrate pallet implementing Phase 1 (MVP) operations.

Key Changes

New Crates

  • mosaic-did-types — Core type definitions for the DID system:

    • Did — DID identifiers derived from BLAKE3-256 hash of initial public key
    • KeyId, ContentId — Identifiers for keys and content
    • DidOperation — 5 core Phase 1 operations (AddKey, RevokeKey, AddRight, RevokeRight, TombstoneDid)
    • Right — 6-right model (Update, Impersonate, Delegate, Issue, Revoke, Recovery)
    • KeyType, KeyPurpose — Cryptographic algorithm and W3C verification relationship types
    • MultiSignature, MultiPublicKey — Algorithm-agile signature support (Ed25519, secp256k1)
    • DidDocumentState — Internal state representation with key validity tracking and rights management
    • DidDocument — W3C DID Core 1.0 compliant JSON output structure
  • pallet-mosaic-did — Substrate pallet for on-chain DID management:

    • submit_did_operations — Atomic batch submission of signed DID operations
    • register_before_proof — Permissionless BeforeProof timestamp registration
    • Storage maps for operations audit log, nonces, tombstoned DIDs, and BeforeProof records
    • Validation logic for operation authorization and replay protection
    • Comprehensive unit tests covering DID creation, key rotation, rights management, and tombstoning

Implementation Details

  • Anti-censorship design: Transaction submitter account ≠ DID controller; authorization verified via cryptographic signatures inside operations
  • Implicit DID creation: First AddKey operation creates the DID; identifier must equal BLAKE3-256(public_key)
  • Implicit rights: Initial key automatically has Update and Impersonate rights; other rights must be explicitly granted
  • Replay protection: Per-key nonce tracking prevents operation replay
  • Atomic batching: All operations in a batch succeed or all fail; no partial state changes
  • Historical state: DID documents can be reconstructed at any block height by replaying operations
  • W3C compliance: DID documents output in W3C DID Core 1.0 format with Mosaic-specific extensions

Testing

  • Unit tests validate DID creation, string serialization, operation types, rights system, and DID document state reconstruction
  • Tests cover key rotation flows, tombstoning, and validity checking at specific block heights

Notes

  • Phase 1 focuses on core DID operations and BeforeProof; Phase 2 will add service endpoints, recovery operations, and additional key types
  • Full cryptographic signature verification is deferred to RPC query layer where DID document state can be reconstructed

Implements Phase 1 (MVP) of the Mosaic Trust Network DID specifications
from gitlab.dlabs.hu/mosaic-trust-network/specifications, integrating
them into the iop-rs codebase for the Polkadot Substrate-SDK (Mosaik
Blockchain).

New crates:

- mosaic-did-types: Core type definitions for did:mosaic
  - BLAKE3-256 for DID identifier derivation (replacing BLAKE2b)
  - W3C DID Core 1.0 compliant document structure
  - Expanded rights model (6 rights: Update, Impersonate, Delegate,
    Issue, Revoke, Recovery)
  - Multi-algorithm signatures (Ed25519, secp256k1)
  - SCALE codec support behind optional "substrate" feature flag
  - 26 unit tests passing

- pallet-mosaic-did: Substrate pallet for on-chain DID registry
  - submit_did_operations extrinsic (atomic batch of signed operations)
  - register_before_proof extrinsic (proof-of-existence timestamping)
  - DID document state reconstruction from operation log
  - Anti-censorship design: any account can submit for any DID
  - Validation flow: nonce, signature, rights, tombstone checks
  - Full event and error definitions per specification

Phase 1 operations: AddKey, RevokeKey, AddRight, RevokeRight,
TombstoneDid, RegisterBeforeProof
Both iop_keyvault_wasm and json_digest_wasm export identical
err_to_js and MapJsError symbols. Add explicit imports from
iop_keyvault_wasm to disambiguate, and remove the redundant
private glob import that was shadowed by the public re-export.
@MarkusMaiwald MarkusMaiwald force-pushed the claude/integrate-did-specs-kzx4X branch from 5f2d077 to 2276720 Compare February 12, 2026 18:14
@MarkusMaiwald MarkusMaiwald marked this pull request as draft February 12, 2026 20:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants