Crypto 2.0 Musings : Simple Attestations
Just finished Hackcoin — was meant to be a judge but got into a very interesting discussion with some brilliant people and ended up becoming a team member.
The challenge was pretty simple — how to create a digital identity solution on blockchain, and make it useable via on-chain smart contracts or off-chain by some means.
Went through a number of pivots, and ended up with the most narrow use case we could think of that could potentially be useful — a car hire company needing to check with DVLA if the renter is allowed to drive a car.
Recently, UK’s DVLA stopped supporting paper part of the driving license — the bit that contained any points and other information about status of your licence. So the only way that a car hire can now check validity of the license is to either use DVLA’s website or phone up a DVLA support number.
Maintaining a website capable of supporting millions of concurrent calls is always expensive, and if you experience teething problems like the ones reported at launch, it can lead to loss of business to car hire companies and frustration to car renters.
So, could blockchain come to the rescue? Of course, why would I be blogging about it :) Diagram below shows the flow.
The car renter rocks up to the car hire place and presents their driving license. Assuming the car rental office has internet access, they use a mobile or desktop app to either key in or OCR the driving license number, plus the set of driving permissions.
The app would then hash the concatenation of these two values and search the blockchain for a transaction with the hash value in it’s body and issued by the DVLA’s public address as advertised on their official website. This preserves driver’s identity as hash functions are one way only i.e. you can’t determine the driving license number based on hash value, just check if it is the same by re-running the hash function on the data.
The found transaction should contain the hash value plus a True or False flag to confirm if the status of license is as advertised on the driving licence. If multiple matches are found, as DVLA updates the status due to points being added or removed etc. then latest should be used. Assuming that a latest transaction is found with a True flag, car hire company is now satisfied and releases the car.
But how does the transaction end up on the blockchain in the first place? Whenever the DVLA issues a new driving licence or processes an event e.g. new points from police, expired points, expiry etc. they hash the concatenation and send it as a transaction.
Note, so far no mention of which blockchain is to be used. The nice thing about this solution is that you don’t need a Turing complete smart contract enabled chain i.e. you can use Bitcoin, NXT or Ethereum etc. A more powerful solution could of course be built with better access controls if a smart contract capable chain is used. As these attestations have little monetary value, they should not upset the proof of work incentives.
Finally, DVLA could either send a message to it’s own address e.g. Bitcoin, or upload it as tagged data e.g. NXT, but it could also send it to the user’s public address. Why would you do that?
Well, let’s say DVLA sends the driving licence along with a secret number to your home address. You could then create a transaction using a hash of your driving licence, your face’s key features extracted from photo and the secret number and send it to the DVLA as a trasnaction, thus proving that you indeed got the licence and associating it with your public wallet address and face.
The DVLA could monitor the blockchain and when it spots such a transaction it could then as described above issue an attestation transaction, but this time it would send that data to the user’s public address. This creates a link between the public address, driving licence and the attestation.
A renter could then in principle turn up to the car hire shop, who take a photo of the person and issue a challenge to the user’s app that can only be solved if it is the bearer of the private key and knows the driving licence number, assuming a successful response and a face key features match verified against the hashed version would verify the bearer as license holder, all without having to even have the driving license.
Appreciate that this is all dependent on on-line services being available, and do not propose that this is the only channel, just another one for now. I also assume there are a million and one flaws in the above proposal.
On the other hand, maybe it can be fixed up to be workable and if it can be made to be better enough than today’s solutions, and cheaper, in which case if other agencies and service providers e.g. utilities, universities, employers etc. join this method, you could see how it can used then for digital identity and KYC for on-chain manual or smart contract checks.