NEODID PREVIEW

NeoDID

NeoDID is the fourth Morpheus service: a privacy-preserving identity and authorization layer for Neo N3. It is designed as an independent contract and independent SGX/CVM service, not an extension of the Oracle contract.

Current codebase status: NeoDID now has an independent N3 contract skeleton NeoDIDRegistry, SGX worker routes for bind and action-ticket, and frontend proxy routes. This is the minimal product foundation for the master-nullifier / action-nullifier architecture.

Core Model

Master Nullifier: binds a private Web2 identity to a Neo vault account without exposing the raw Web2 account identifier on-chain.
Action Nullifier: derives a separate, task-specific nullifier so the same user can act through disposable wallets without linkability across tasks.
Independent Registry: the contract stores identity bindings and action-ticket usage separately from Oracle/DataFeed state.

Independent Contract

NeoDID is implemented as a standalone contract module:

csharpNeoDIDRegistry

[DisplayName("NeoDIDRegistry")]
public class NeoDIDRegistry : SmartContract
{
    public static UInt160 Admin();
    public static ECPoint Verifier();
    public static void SetAdmin(UInt160 newAdmin);
    public static void SetVerifier(ECPoint publicKey);
    public static void RegisterBinding(UInt160 vaultAccount, string provider, string claimType, string claimValue, ByteString masterNullifier, ByteString metadataHash, ByteString verificationSignature);
    public static void RevokeBinding(UInt160 vaultAccount, string provider, string claimType);
    public static BindingRecord GetBinding(UInt160 vaultAccount, string provider, string claimType);
    public static bool IsMasterNullifierUsed(ByteString masterNullifier);
    public static bool IsActionNullifierUsed(ByteString actionNullifier);
    public static bool UseActionTicket(UInt160 disposableAccount, string actionId, ByteString actionNullifier, ByteString verificationSignature);
}

Worker Routes

The Phala worker now exposes these authenticated NeoDID routes:

GET /api/neodid/providers
GET /api/neodid/runtime
POST /api/neodid/bind
POST /api/neodid/action-ticket

Supported Identity Sources

NeoDID is designed to support social accounts, exchange identities, and verified contact channels. The current service catalog includes:

twitter
github
google
discord
telegram
binance
okx with alias okex
email

Each provider can map into different claim types, such as follower thresholds, verified-email status, exchange KYC levels, VIP tiers, or asset-holder attestations.

Bind Flow Example

jsonPOST /api/neodid/bind

{
  "vault_account": "0x6d0656f6dd91469db1c90cc1e574380613f43738",
  "provider": "google",
  "provider_uid": "google_uid_12345",
  "claim_type": "Google_VerifiedEmail",
  "claim_value": "workspace_user",
  "metadata": {
    "proof_source": "oauth",
    "workspace_domain": "example.com"
  }
}

Action Ticket Example

jsonPOST /api/neodid/action-ticket

{
  "provider": "binance",
  "provider_uid": "binance_uid_12345",
  "disposable_account": "0x89b05cac00804648c666b47ecb1c57bc185821b7",
  "action_id": "Airdrop_Season_1"
}

Third-Party Contract Pattern

csharpDApp Ticket Consumption

public static bool Vote(UInt160 disposableAccount, string actionId, ByteString actionNullifier, ByteString sgxSignature)
{
    ExecutionEngine.Assert(Runtime.CheckWitness(disposableAccount), "Unauthorized");

    bool accepted = (bool)Contract.Call(
        NeoDidRegistryHash,
        "useActionTicket",
        CallFlags.All,
        disposableAccount,
        actionId,
        actionNullifier,
        sgxSignature
    );

    ExecutionEngine.Assert(accepted, "Invalid NeoDID action ticket");
    // ... continue DApp logic ...
    return true;
}

Launchpad

Use the unified Launchpad to move between Oracle, Compute, Templates, Studio, and Verifier flows.

Starter Studio

Keep using Starter Studio for payload generation patterns while NeoDID service routes mature.

Previous Starter Studio NextPrivacy Oracle

REVISION 1.0.2LAST UPDATED: 2026-03-11

EDIT ON GITHUB