Oasis Labs
Oasis Labs Technical Briefing
Published January 10, 2023
Supported by IowaEDA and Brale
Overview
Oasis Labs demos on-chain verifiable credentials and selective disclosure on the Oasis confidential EVM. The thesis: put KYC/KYB data on-chain once with a trusted issuer (Equifax-rooted in this demo), then reuse it across web3 protocols without re-doing verification per counterparty — while giving users revocable, selective control over exactly what each verifier sees. The demo walks end-to-end through requesting a credential via identity.oasislabs.com, receiving both an NFT credential on the non-confidential Emerald chain and the full identity data stored confidentially on Sapphire (Oasis's confidential EVM, backed by trusted hardware), granting a demo website access to just the "is over 18" property, calling the isOver18 view from an Express backend, and revoking access afterwards. Broader use cases: credit score disclosure, zip-code mortgage / insurance quoting, and any flow that needs a derived fact rather than raw PII.
0:00 Introduction to Oasis Labs — on-chain verifiable credentials
Oasis Labs demos on-chain verifiable credentials and selective disclosure. The thesis: put your identity information on-chain once with a trusted issuer, then reuse it across any web3 protocol — without re-doing KYC/KYB per counterparty.
1:00 Benefits to users, verifiers, and issuers
Users approve and revoke access per verifier. Verifiers reduce their attack surface because they no longer store sensitive data. Issuers (credit unions, Equifax) amortize KYC cost across many verifiers and get a web3 distribution path.
2:00 Demo: over-18 age verification against a website
End-to-end walk-through: request a credential from an Equifax-rooted issuer, receive it on a confidential EVM, grant a "dirty website" access to the "is over 18" property only, access the site, then revoke.
3:30 NFT credential + confidential identity on Sapphire
Two artifacts come back: an NFT on the non-confidential Emerald chain saying "this person passed KYC" (a one-bit credential), plus the full identity data stored confidentially on Sapphire, Oasis's confidential EVM.
4:30 Sapphire — confidentiality via trusted hardware
Sapphire gives confidentiality via trusted hardware: only the smart contract itself can read blockchain state and incoming transactions. On-chain transactions look like opaque encrypted blobs to third parties.
5:30 Identity registry smart contract — selective disclosure
Walk-through of the Identity Registry V1 Solidity contract. grantAccess(...) toggles an access-list entry; isOver18() checks the birth timestamp only within the enclave and returns a single boolean — never leaking the date.
7:00 Express backend reads "isOver18" from the contract
The "dirty website's" Express backend just calls isOver18() on the Oasis contract. No blockchain node, no storage unit, and no other website can see the underlying age — only the approved site gets the single bit.
9:30 Revoking access and broader use cases
Revocation is a single transaction. Beyond age verification, Oasis sees use cases in credit score disclosure, zip-code-based mortgage and insurance quoting, and any flow where a site needs a derived fact rather than the raw PII.
Presented by Nick Hynes — Oasis Labs · LinkedIn · website
Topics: Blockchain & DLT, Data Infrastructure, Identity & KYC
