Civic Credential Protocol (LM-Dawn class)

Class card for the LM-Dawn cluster of protocol-mediated civic trust mechanisms — the set of open, interoperable, cryptographically verifiable credential systems that allow civic claims to be proven WITHOUT revealing the underlying identifier or routing through a central state or corporate registry. DISTINCTION FROM SIBLING DECENTRALIZED-IDENTITY-PROTOCOL: machine:decentralized-identity-protocol-class (on disk) models the IDENTITY-credential layer: proving who you are (DID Documents, Verifiable Credentials, Fediverse identity handles). This card models the CIVIC-CLAIM credential layer: verifying specific civic facts ABOUT you — voter eligibility, lawful residence, tax compliance, vaccination status, professional licensure, educational credential, criminal-record absence, age eligibility — without exposing your name, national ID number, or activating a central registry lookup. The civic credential layer USES identity protocols as substrate but its distinct machine logic is claim-selectivity and institutional-trust without institutional- capture. INVERTER MECHANIC (§1.2(b) bug→feature): DM platform-mediated civic trust (Google login as civic auth, Facebook profile as de-facto identity proxy for civic services, LinkedIn as professional credential, Apple/ Google OAuth for tax-app and government-service authentication) accumulates capture vectors: platform collapses, API closures, and data-monetization incentives all expose civic trust infrastructure to single-point-of- failure risks. The DM bug = `push_fragmentation_count` chaos of platform civic-auth dependencies + `plasticity_demand` on citizens to maintain coherent digital identity across 50+ fragmented service silos. The LM feature = civic claims verifiable WITHOUT revealing the underlying identifier and WITHOUT the verifier touching a central registry. Inversion mechanism: enforcement_becomes_protocol (DM capture mechanisms become explicit and contestable → LM protocol design principle). REAL-WORLD PROTO-LM INSTANCES (notable_instances below): Estonian e-Residency + X-Road interoperability layer (2014+; closest mature implementation — note Estonia is an MM-state operating proto-LM infrastructure); EUDI European Digital Identity Wallet (eIDAS 2.0, 2024+); W3C Verifiable Credentials (VC) Data Model 2.0 + DIF Presentation Exchange; Hyperledger AnonCreds (zero-knowledge proofs for selective disclosure without revealing holder DID); DECODE Barcelona/Amsterdam (2017-2020 civic data sovereignty pilot); BC.diploma / Blockcerts (academic credential verification, MIT 2018+); Open Credentials API (Microsoft Entra Verified ID, Mattr, Spruce ID, Trinsic); IDunion / Lissi.id (German federated VC infrastructure); Self-Sovereign Identity (Hyperledger Indy / Aries / Sovrin Network); privacy-preserving age verification (Yoti, AU Trust Exchange); Aadhaar QR-based privacy- preserving credentials (mixed MM/LM signal — capture-vulnerable but template); Taiwan digital identity reform (2023+). LM MECHANISM SIGNATURES: The machine's core design principle is zero- knowledge selective disclosure — a civic verifier can confirm that a holder satisfies a civic criterion (e.g., "is over 18," "is a licensed physician," "has no criminal record in the past 5 years") without learning the holder's name, national ID, or any attribute beyond the binary claim result. The cryptographic mechanism (ZK-SNARKs, BBS+ signatures, AnonCreds selective disclosure) is what makes the LM design principle achievable. Without ZK-proofs, the claim would require database lookup → re-centralization. With ZK-proofs, the claim is locally verifiable → decentralized civic trust. PROLETARIANIZATION RISK is MEDIUM (0.50 [EXTRAP]): civic credential systems require cryptographic competence at the integration layer (ZK-proof library implementation, VC schema design, governance-framework authoring) that is narrowly distributed. Unlike identity protocols where the W3C DID Core spec is relatively stable, civic credential schemas are per-jurisdiction and per-domain — requiring ongoing jurisdictional customization that amplifies proletarianization risk as specialist communities thin. Estonia's X-Road maintainer pool is thin; Hyperledger AnonCreds contributor community is <100 globally (2026 estimate [EXTRAP]). CAPTURE RESISTANCE INDEX is HIGH (0.75 design intent [EXTRAP]): zero-knowledge proofs + decentralized verifier architecture; no single state or corporate registry holds the master record. However, PRACTICAL capture resistance is lower (0.60 [EXTRAP]) due to: (a) issuing authorities remain centralized (states issue driver's licenses; universities issue degrees); (b) did:web method reintroduces DNS/TLS dependency on DM infrastructure; (c) EU eIDAS 2.0 governance architecture creates regulatory capture vectors at the wallet-certification layer. emergence_subtype: protocol_class (standards-body-ratified civic-trust protocol cluster; not emergent from market dynamics but from governance- pace standards coordination). All quantitative state-variable values are [EXTRAP]; framing derives from W3C VC Data Model 2.0 [CANON], eIDAS 2.0 regulation [CANON], Estonian X-Road interoperability framework [CANON], and Wave-6 inverter logic + framework-native-generators §2 inverter section [EXTRAP].