Building decentralized reputation management as a smart contract

The story and future of Iudex, winner of the Ether.Camp hackathon.

I’ve met Thomas Bertani at the Dublin Blockchain Hackathon last November, just at the right time for us to form a team for the Hack.Ether.Camp Hackathon in December. I think hackathons can become an addiction after a while :)

Hack.Ether.Camp was a great experience — a completely online hackathon where all coding was done in an online IDE anyone could inspect during or after the hack and where judges and the public could vote via an Ethereum contract. Kudos to Roman, the Iudex IDE is still available here.

We have looked into a very interesting and important topic addressing reputation, proof of identity, proof of individuality and KYC — know your customer.

Let’s see some of the use cases.

Reputation aka a trust score. A reputation system should give several data points to be used in different ways by different applications to determine an appropriate reputation for the given task. For example when signing up to an Uber-like service, proving that you have a great history with such services should give you a better starting point, even maybe a discount? In comparison, signing up to a blogging platform would only need to know that you are a human and not a bot.

Proof of identity must provide a reliable way of confirming the identity of a party. For example using any kind of financial services.

Proof of individuality proves that any given entity can only be presented once, but the identity is not disclosed. Think about voting.

KYC as a process encompasses multiple proofs, depending on the regulation of a given industry. An example familiar to everyone with a bank account is the requirements for proof of identity and proof of address.

Iudex had the goal for the week long hackathon to build the basics for reputation only. What did we do?

We have looked at the centralized, but (semi-)open services already available on the market:

• Onename
• Keybase
• Bitrated

All three let you prove ownership of certain digital assets, such as:

• email addresses
• domain names (websites)
• social media accounts
• Bitcoin addresses
• and PGP keys

Our goal was to do the same as a smart contract. It shows how powerful Ethereum is that we were able to create a working proof of concept with Facebook and Twitter integration during the hackathon, despite only coding during some evenings spanning across a week.

And we didn’t stop there, but added a real life example use case: a bitcoin — ether escrow exchange contract, which suggests different number of confirmations depending on your reputation. A more sophisticated version could offer a decentralized version of localbitcoins.com.

Due to lack of time there were no direct contributions to Iudex in the past couple of months, but plenty of work related to it was done independently by both Thomas and I:

• Quorum — verifying Bitcoin addresses without the need of oracles (i.e. gateways to the Bitcoin blockchain)
• RSA in Ethereum — verifying PGP keys
• EstEID in Ethereum — supporting proof of identity for Estonian e-Residents

Others have created very useful applications too:

• Proof of Address from Consensys
• Augur has launched its alpha version and it suggested that its REP (short for reputation) tokens could be used as part of reputation scoring
• and as far as I understand uPort from Consensys works in a similar space to Iudex

The architecture we have envisioned was to decouple three core features:

• data storage
• data retrieval aka the verification processes
• data processing aka reputation scoring

The storage is the fixed point, taking place on the Ethereum blockchain. With time, certain pieces of data (such as large pictures) could be stored in more appropriate locations. An obvious choice is IPFS and Swarm (when it comes around). In the case the contract would need to have read/write access, IPFS becomes problematic as it requires oracles, but Swarm supposed to fill that gap with tight Ethereum integration.

Inclusion or change of both retrieval and processing algorithms could be voted by the grand public. A process yet to defined, but not too dissimilar to the ones proposed by various DAOs.

This architecture should give plenty of flexibility and an organic way to grow.

What’s next?

Decentralized identity and reputation without doubt is one of the most anticipated features of blockchains. Countless projects are trying to address it from various angles, ranging from authentication to AML/KYC and to very ambitious projects such as Bitnation, who aim to provide identity and governmental services to anyone. The search term “blockchain decentralized identity” reveals so many different players, it would take a while to list them.

As always, one solution fits all is unlikely to be successful. I would be very happy to see something along the lines of what we have proposed with Iudex:

• to have various parties provide verification services — the more parties offer verification of the same property, the more reliable it is
• to have an open, standardized way accessing the accumulated identity data
• and finally to have flexibility in how to use that data by multiple parties offering processing and scoring options

How would you use such as system? What would you build on top of it? Does any of the above separation makes sense to you? Know any more alternatives to the above? Let me know!

And finally, please check out all the source code we made public for Iudex — it is a good starting point for experimentation.