Cryptographic Key
Each identity is rooted in an asymmetric keypair, the irreducible primitive of self-sovereign attestation.
A primer on identity attestation across Layer-2 networks.
Each identity is rooted in an asymmetric keypair, the irreducible primitive of self-sovereign attestation.
Private material is sealed within the user's local enclave; only signed assertions ever reach the chain.
Every attestation is linked to a Layer-2 commitment, then anchored periodically into the base layer.
Zero-knowledge circuits prove identity attributes without ever exposing the underlying credentials.
A 32-byte digest summarises the identity manifest, forming the on-chain pointer to the off-chain document.
Identity transactions accumulate inside an optimistic rollup, then settle to L1 in a single signed bundle.
A counter-party signs the manifest, producing a portable credential that travels with the user across networks.
The published commitment becomes a beacon -- queryable, verifiable, and replicated across Layer-2 nodes.
Authentication is the first contact between user and protocol -- the moment at which the network asks, in cryptographic terms, who is presenting themselves?
On layer-2.id, authentication is not a session cookie nor a centralised token but a fresh signature produced from a user-held key. The challenge nonce is broadcast by the verifier, and the signed response is committed to the rollup as a transient leaf. There is no authority that stores a password; there is only a public key and a chain of signatures pointing back to it.
A signature is the only legitimate self-introduction in a trustless system.
The implication is structural: the identity primitive is portable. A user authenticated to one Layer-2 protocol is, by definition, also authenticatable to any other protocol that recognises the same key, without any handshake between the two services.
Where authentication answers who?, authorization answers what may you do? -- and on a Layer-2 network, this is a problem of capability, not of role.
Each capability is a signed statement, narrow in scope and bounded in time. A capability to read a profile expires; a capability to mutate a credential is revocable; a capability to delegate authority is, itself, audit-logged on the rollup. The classical model of "user has role" is replaced by a graph of signed delegations, with the user always at the root.
Power, in this system, decays by design.
Verifiers therefore do not consult an access-control list; they evaluate a chain of signed delegations and reject any link that has expired, been revoked, or exceeds its declared scope.
Attestation is the layer at which third parties speak, and the network listens. It is the social fabric of the identity stack -- the place where reputation is anchored.
An attestation is a typed, signed statement: "I, the issuer, assert that the subject possesses property P at time T." The subject collects attestations as a portfolio. Each is a leaf in a Merkle tree whose root is published to the Layer-2 commitment chain. Selective disclosure is then a matter of revealing the path to a leaf without revealing its siblings.
An identity, in the end, is the set of statements others have agreed to make about it.
The protocol is intentionally silent on which attestations matter -- that is a question for applications and communities. layer-2.id only ensures that, once published, an attestation cannot be quietly withdrawn.
_
layer-2.id · 2026 · editorial protocol vol.02