2015-03-07

Governments - do your job. Give us unique digital signatures!

This week at Decentral Vancouver we had an interesting discussion with Gene Vayngrib, Greg Meredith and Katryna Dow (the full video of the hangout can be viewed here). We talked about the concept of decentralized identities - how people can build up online identities and trust to be able to conduct online transactions with unknown parties with minimized risk of scams. This later turned into a discussion of sybil attacks and how governments might actually be useful for something. So, lets start from the beginning...

Online identities - the current model


At the moment, online identities can be viewed as a collection of pseudonyms - it's rather hard to tell if say, ThePiachu on Twitter is the same person as ThePiachu on Reddit, etc. Similarly, it's hard to tell who this person is in real life. If we use OAuth and say, sign into multiple websites with Facebook / Google Plus / whatever, at least we can know that one entity is behind all of the accounts.

Now, why is any of this important? Well, a lot of online interactions depend on user's reputation. Everyone wants to know that the person they are talking to is the same person they talked to last time on a different website, etc. Moreover, this persistent reputation can be useful to determine how likely a person is to scam you. Building up years of online presence takes a lot of effort, so the person would only try to scam and lose the reputation if they could earn more than it would cost to build up another pseudonym. In contrast, an hour old account with no history is cheap to burn to scam, defame or troll someone online.

Decentralized identities


One could describe decentralized identities as a decentralized extension of the OAuth model. With projects like BitID or Meeco, we would be in control of our sign-in identities, just like we control our Bitcoin addresses. We can create an identity on our computer, use it to sign into some websites with our Bitcoin address and thus start building our reputation, similar to the current model. The only problem is, such identities would be vulnerable to theft. For example, if I go by the address of 1PiachuEVn6sh52Ez7o6Fymvw54qvQ4RBm and someone gets my private key, I can no longer prove that I am the original owner of this address, nor that I authorize a new address to be my identity from now on.

Moreover, there are some important use cases that this model doesn't solve. If anyone can create any number of identities, you cannot use those identities to do democratic voting, use them to distribute universal basic income to each person in a fair manner, etc. For this, we need to resort to what a lot of crypto-anarchists hate - the government.

Governments and unique identities


Like it or not, the governments (or at least some of them in the western world) do a few things efficiently. One of such things, is verifying that a given person is the person they are claiming to be. The first thing any company does when they need to verify your identity is to ask for your government ID. While they aren't 100% fraud-proof, it's pretty reasonable to assume a government can ensure:

  • that each person has a unique number assigned to them
    • the number is not shared between multiple people
    • no person has more than one such number
    • if the number ever gets stolen, it will be tracked
  • whether the person is still alive or has already died is tracked with reasonable accuracy
Now, if we took these capabilities and stick them on some hardware device say like this one:



We can solve a lot of problems quite efficiently.

Digital ID - KYC for the digital age


How a Digital ID might look:


  1. A government identifies a person and issues them an ID with a chip
    1. The ID holds a private key, performs signature on request and dispenses the public key as needed
    2. The ID is not wirelessly accessible (to avoid problems like this)
    3. They will probably need to issue them the hardware interface to use this ID online - probably some USB dongle
  2. The government keeps a record of the ID and the status of the person (alive, deceased) and the ID itself (active, stolen, replaced)
  3. The government opens up a public API for anyone to request only the most basic data:
    1. "Is ID X stolen?" - yes/no
    2. "Does ID X belong to anyone?" - yes/no
    3. "Is ID X valid?" - yes/no
    4. "List invalidated ID numbers from last year"
  4. The API responds in a cryptographically verifiable way
    1. The response is signed by the government's private key - no other party can forge the signature
    2. The response includes the request in question, validating that the inquiry was made (so the requesting party can prove they did their due diligence)
    3. The responses are aggregated into some factom-like database on the blockchain, meaning that all requests are auditable
  5. If a person ever loses their ID, the government will replace the ID with a new ID and record that the person's ID was changed and to what ("ID #245 got replaced by ID #9472")

Now, what good does this do? Quite a lot actually.

First of all, KYC becomes fully digital. No more ID scanning, photo taking, etc. A service like Kraken can just ask - "Please input your ID number here, and please verify your identity by digitally signing this verification text...". The service quickly learns that the person owns that particular ID (through challenge-response), and can take that ID to the government and ask: "A person with this ID requests KYC. Is this person in your database? Is the ID valid? Everything OK?". After a prompt positive response, the service is sure they have fulfilled their KYC requirements. If a government ever asks - "who is this person?", the service can give them their ID and the government will already know who they are looking for.

Secondly, identity theft is diminished. In order for someone to steal your identity, they would need to have access to your ID card. If your ID card gets stolen, you report it to the government and they will:
  • give you a new ID card with a new keypair
  • invalidate the old one
  • keep a record of the change for everyone to poll
This means that any digital service can periodically get the list of invalidated IDs and cross-check it against their own database. If they match, the account can be frozen, or updated (in case the ID gets replaced).

Thirdly, any service that relies on globally unique real-world identities (such as democratic voting) can utilize this system to solve the problem of sybil attacks. Similarly, if you want to build communities of real people, not just online aliases (say, LinkedIn), this also addresses your needs.

Lastly, this also solves the problem of scams. If you are unsure who you are dealing with, get their public key, verify their identity through challenge-response, and if worse comes to worse, you can pinpoint to the police who was it that did you wrong.

Conclusions


While a lot of people might oppose the governments interfering too much with the Internet through the actions of NSA and the like, there are still good for some things. If leveraged correctly, the governments can help solve one of the hard problems in cryptocurrency - unique user verification. If implemented correctly, this can make the burden of following KYC requirements cost next to nothing.

8 comments:

  1. I like this concept but do not see this truly being implement in the world wide sense.
    Know one wants to be truly known or identify by everyone or anyone.It is hard enough to get people to get a regular ID I do not see people accepting of a decentralize ID system .

    ReplyDelete
  2. Interesting. That is what I thought, too, about 10-15 years ago when I was still working for Industry Canada (a large Canadian Government Super Department responsible for all kinds of things). PGP and similar were being tested for use in government and I kept reiterating that the Government should look at digital ID's a lot like passports. My idea was that anyone being issued a passport would also be issued a digital ID gratis. Those who only wanted a digital ID would have to provide satisfactory evidence of ID and pay a fee. Anyway, I felt that this could usher in an age where documents could be confidently accepted/signed/issued electronically and could be used in legal, real estate transactions, etc. laws could be amended for courts to recognize such signatures.

    Anyway, all I got was blank stares every time I would broach the topic. I felt like they were thinking "who is this joker?"

    Nowadays, as you point out, with KYC issues front row, centre, there is even more need for efficient verification, non-repudiation,, etc, etc.

    ReplyDelete
    Replies
    1. Nice to know that some people in the government are so forward-thinking :).

      Delete
  3. This comment has been removed by a blog administrator.

    ReplyDelete
    Replies
    1. Sounds really cool! Hopefully we'll see growth in your area across the world soon ;).

      Delete
  4. This comment has been removed by a blog administrator.

    ReplyDelete
  5. This comment has been removed by a blog administrator.

    ReplyDelete
  6. This comment has been removed by a blog administrator.

    ReplyDelete