Pairwise identifiers are unique pseudonymous identifiers generated for each relationship between a credential holder and a specific verifier. Instead of using the same identifier everywhere, the holder presents a different identifier to each verifier, preventing correlation of their activity across different contexts.
The correlation problem
Traditional identity systems often use global identifiers, such as a Social Security number, driver's license number, or email address, that remain constant across all interactions. This consistency creates a powerful correlation tool: anyone who knows the identifier can potentially link records from different sources.
Even well-intentioned verifiers who only collect necessary information can inadvertently enable correlation. If every verifier receives the same identifier, a data broker, security breach, or collusion between parties could connect dots that the credential holder never intended to link.
How pairwise identifiers work
With pairwise identifiers, the holder's wallet derives a unique identifier for each verifier. The derivation is deterministic, the same verifier always receives the same identifier from the same holder, but different verifiers receive completely different identifiers.
The math behind this typically involves cryptographic key derivation. The holder's wallet combines a master secret with information about the specific verifier to produce a unique value. The same holder presenting to Verifier A gets identifier X; presenting to Verifier B gets identifier Y. Properly designed pairwise identifiers are derived so that different verifiers cannot efficiently link identifiers to the same holder without additional correlating information.
Privacy benefits
Pairwise identifiers aim to directly prevent verifier collusion. If an employer receives identifier X and an insurer receives identifier Y, they cannot match records even if they compare databases because they have no common key to join on.
This protection extends beyond intentional collusion. Data breaches become less damaging because compromised records from one verifier can't be correlated with records from another. Data brokers can't aggregate profiles across sources. Surveillance becomes harder because there's no single identifier to track.
The credential holder maintains consistent relationships with each verifier, presenting the same pairwise identifier each time they interact with that specific organization, while remaining unlinkable across different verifiers.
Implementation considerations
Pairwise identifiers are most effective when combined with other privacy-preserving techniques. Selective disclosure ensures each verifier receives only the necessary attributes. Zero-knowledge proofs allow proving statements without revealing underlying data.
Some use cases require persistent identifiers, a bank, for example, needs to maintain your account relationship over time. Pairwise identifiers accommodate this need: you maintain a stable relationship with your bank using a bank-specific identifier, while remaining unlinkable to your healthcare provider or employer.
The tradeoff is complexity. Holders manage different identifiers for different relationships, though wallet software handles this automatically. And systems must be designed to function without global identifiers, which requires thoughtful architecture from the start.
A foundation for privacy
Pairwise identifiers represent a fundamental shift from "one identity everywhere" to "different identities for different contexts." This mirrors how people naturally compartmentalize their lives, work, healthcare, and social activities, while preventing the digital infrastructure from collapsing these boundaries.
By deriving per-verifier identifiers, digital identity systems can provide the convenience of verifiable digital credentials while preserving the privacy protections that selective disclosure promises.
Want to keep learning?
Subscribe to our blog.
