Building a Decentralized Identity Verification System in Solidity

By Robert F4 min readMarch 12, 2026

Overview of the System

The decentralized identity verification system will consist of a smart contract that allows users to register their identity information, which can then be verified by authorized entities. The following functionalities will be implemented:

User registration with identity details.
Verification of identities by authorized verifiers.
Revocation of identity verification.

Smart Contract Implementation

We will create a smart contract named IdentityVerification. Below is a breakdown of the contract's structure and functionalities.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract IdentityVerification {
    struct Identity {
        string name;
        uint256 age;
        string documentHash;
        bool isVerified;
        address verifier;
    }

    mapping(address => Identity) public identities;
    mapping(address => bool) public authorizedVerifiers;
    
    event IdentityRegistered(address indexed user, string name, uint256 age, string documentHash);
    event IdentityVerified(address indexed user, address indexed verifier);
    event IdentityRevoked(address indexed user, address indexed verifier);

    modifier onlyAuthorized() {
        require(authorizedVerifiers[msg.sender], "Not an authorized verifier");
        _;
    }

    constructor() {
        // Initialize the contract with some authorized verifiers
        authorizedVerifiers[msg.sender] = true; // Contract creator is an authorized verifier
    }

    function registerIdentity(string memory _name, uint256 _age, string memory _documentHash) public {
        require(bytes(_name).length > 0, "Name cannot be empty");
        require(_age > 0, "Age must be greater than zero");
        require(bytes(_documentHash).length > 0, "Document hash cannot be empty");
        
        identities[msg.sender] = Identity(_name, _age, _documentHash, false, address(0));
        emit IdentityRegistered(msg.sender, _name, _age, _documentHash);
    }

    function verifyIdentity(address _user) public onlyAuthorized {
        require(identities[_user].isVerified == false, "Identity already verified");
        
        identities[_user].isVerified = true;
        identities[_user].verifier = msg.sender;
        emit IdentityVerified(_user, msg.sender);
    }

    function revokeVerification(address _user) public onlyAuthorized {
        require(identities[_user].isVerified == true, "Identity not verified");
        
        identities[_user].isVerified = false;
        identities[_user].verifier = address(0);
        emit IdentityRevoked(_user, msg.sender);
    }

    function addVerifier(address _verifier) public {
        require(msg.sender == address(this), "Only contract can add verifiers");
        authorizedVerifiers[_verifier] = true;
    }

    function removeVerifier(address _verifier) public {
        require(msg.sender == address(this), "Only contract can remove verifiers");
        authorizedVerifiers[_verifier] = false;
    }

    function getIdentity(address _user) public view returns (Identity memory) {
        return identities[_user];
    }
}

Key Components of the Contract

Feature	Description
`Identity` Struct	Holds user identity details including name, age, document hash, verification status, and verifier address.
`identities` Mapping	Maps user addresses to their corresponding `Identity` struct.
`authorizedVerifiers`	Maps addresses to check if they are authorized verifiers.
Events	Emits events for registration, verification, and revocation of identities.

Functionality Breakdown

User Registration: The registerIdentity function allows users to register their identity details. It checks for valid inputs and emits an event upon successful registration.

Identity Verification: The verifyIdentity function allows authorized verifiers to verify a user's identity. It ensures that the identity is not already verified before proceeding.

Revocation of Verification: The revokeVerification function enables authorized verifiers to revoke the verification status of a user's identity.

Adding and Removing Verifiers: The contract owner can add or remove authorized verifiers, ensuring that only trusted entities can verify identities.

Fetching Identity Details: The getIdentity function allows anyone to retrieve the identity details of a registered user.

Best Practices

Access Control: Use modifiers to restrict access to certain functions, ensuring that only authorized users can perform sensitive actions.
Event Logging: Emit events for critical actions to allow tracking and transparency within the blockchain.
Input Validation: Always validate user inputs to prevent erroneous data from being stored on the blockchain.

Conclusion

The Decentralized Identity Verification System built in this tutorial provides a robust foundation for managing identities on the blockchain. By leveraging smart contracts, we can ensure secure and verifiable identity management without relying on centralized authorities.

Learn more with useful resources: