• De-Anonimysation
• DID
• Ethereum
• SSI

As digital interactions proliferated, the need for secure, private, and user-controlled identity systems has become increasingly apparent. Self-Sovereign Identity (SSI) systems have sprung up as the lack of privacy and control from traditional centralized and federated identity management systems become more pronounced. SSI enables users to control their digital lives independently of intermediaries by implementing solutions such as Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). This work explores the anonymity of SSI, in particular its application to Ethereum-based DIDs.
The study begins with the definition of digital identity concepts, traditional identity management systems, and the paradigm shift introduced by SSI. A detailed examination of DIDs and VCs highlights their functionality, integration with blockchain, and associated vulnerabilities. Using Ethereum blockchain as a case study, this work finds significant flaws in how DIDs and their properties are designed and how they affect the privacy of users.
To evaluate the risks of de-anonymization in Ethereum-based SSI systems, the Ethereum Data Inspection Tool (EDIT) framework was employed to collect and analyze transaction data. A novel methodology was developed to resolve DIDs, extract their documents, and identify vulnerable fields such as serviceEndpoints and alsoKnownAs. Graph-based community detection methods, including the Louvain algorithm, were applied to analyze interactions between DIDs, uncovering behavioral patterns and relationships within detected communities.
The findings reveal that specific DID fields can expose sensitive metadata, enabling attackers to infer personal information or establish links between identities.