Dans le domaine de la sécurité informatique, une vulnérabilité est une faiblesse qui peut être exploitée par un acteur malveillant pour effectuer des actions non autorisées (modification du fonctionnement, manipulation de données, etc.) au sein d’un système informatique.

A l’aide de divers tests, des chercheurs en sécurité découvrent quotidiennement des vulnérabilités et la question se pose de la communication de ces découvertes. Il y a aujourd’hui débat au sein de la communauté sur la méthode de divulgation de vulnérabilités à employer.

Certains affirment qu’il est nécessaire de communiquer publiquement et immédiatement toutes les informations à propos d’une vulnérabilité dès qu’elle a été découverte (divulgation complète). D’autres affirment qu’il est préférable de limiter en premier lieu la communication uniquement à l’entreprise du système informatique ciblé, voire utilisateurs qui en ont un besoin important (divulgation responsable). …

Image for post

Until now, making use of personal data could not be done without either revealing a part of this information or compromising its trustworthiness.

We present here a new solution able to build a trust system which keeps sensitive data undisclosed. This new method opens countless perspectives for business use cases, of which we are going to introduce an example.

With the help of this example followed by a technical explanation, we introduce the concept of Zero-Knowledge Decentralized Identity.

DiDerot : a preliminary example

Alice drives her car everyday to commute to work. …

Thanks to its original approach to the scalability problem, ThunderCore gives us today a first idea of scalable smart contract platforms in practice.

Image for post

A first glimpse of practical scalability

Since 2015 and the day the Ethereum mainnet went live, the world has enjoyed the first smart contract platform and witnessed the rise of decentralized applications. Since that day, the world has also been waiting for scalability on this platform, unsatisfied with the limit of 25 transactions per second the network can support. While Ethereum 2.0 plans to overcome this cutoff through sharding in the years to come, other initiatives like Cosmos or Zilliqa may also reach this goal and receive the attention they deserve.

Since May 1st, 2019, another project is live that meets some of these objectives but receives far less coverage : ThunderCore. That is the blockchain that we, at Blockchain Partner, chose to deploy our new product on. Tim, our corporate solution aiming to help business transformation through the exchange of tokens, could only be brought to life with the support of a blockchain which would fulfill a few requirements. …

Reputation systems are necessary to organize social interactions, power connected objects or prioritize ideas. With the advent of decentralized identities and claims, blockchains reinvent these systems, simultaneously assuming their role of trust machines for the world wide web.

Image for post

Reshaping reputation

Reputation systems are nothing new, particularly on the Internet. Whether they are used to run online markets or fight misinformation and fake news, current algorithms mostly rely on third parties and have proven to reach the limits of such highly centralized models prone to manipulation, opacity and, in a way, inefficiency. Truly decentralized technologies could help tackle these flaws [1] and at the same time strengthen their own models, reaching neglected populations or supporting the rise of decentralized finance for instance [2].

In order to be accepted and adopted, new systems of this kind must check some prerequisites :

  • Innovation should not add a burden to the user. Ideally, reputation systems should be autonomous, not requiring any dedicated interaction to operate. …

While smart contract wallets have succeeded in their mission to reconcile good user experience and security, much still remains to be done in order to mitigate shortcomings of proprietary solutions.

Image for post

The boom of smart contract wallets

In just a few months, a significant number of smart contract wallet projects arose and proved to some extent their superiority over traditional key management solutions (most notorious initiatives include Dapper, Gnosis Safe, Argent and Authereum).

As expected, they indeed often bring together the best of two worlds :

  • Like custodial wallets, they are easy to use.
  • Like non-custodial wallets, they are secure, fulfilling original visions and needs in regards to key management and sovereignty.

But this fusion of designs came at the price of a few concessions :

  • Different solutions were provided to specific issues, sometimes introducing new dependencies to third parties. That can easily be the case when the experience goes so far as to include free ENS registration or gas relays. …

As common encryption techniques reach their limits when applied to complex decentralized identity schemes, proxy re-encryption may emerge as a suitable solution.

Image for post

Experimentation is the key to mastering a new framework and actively participating in its construction. Like so many enthusiasts around the world, at Blockchain Partner we constantly strive to innovate through a series of products, proof of concepts and open source projects. The present one tries to tackle privacy issues in new decentralized identity schemes.

Decentralized identities and claims

With the advent of blockchains, decentralized identities have taken on a new dimension. Bitcoin addresses represent digital identities supporting transfer of value on the decentralized ledger. On Ethereum, many projects intend to build platforms dedicated to the management of these new items. …

Image for post

Bug-free programming is a difficult task and a fundamental challenge for critical systems. To this end, formal methods provide techniques to develop programs and certify their correctness.

Formal verification is a laborious work. It is highly demanding, requires significant brainpower, assumes substantial investments, and yet it has become a mandatory standard in many fields of the software industry.

Since the early days of blockchains, this science may have seemed to go against the necessary but reductive need for developer adoption. Doesn’t the most popular smart contract language owe its success to its JavaScript-like syntax ?

But with adoption comes a double-edged sword : more value, be it financial or not, becomes directly at stake than with any other network before. …

In our wonderful Blockchain Partner office, we have a great sound system that can stream music around the entire place (there are three floors). Sadly, some of us still can’t understand why listening to Maitre Gims or One Direction at a very high volume is great. Quickly, it became unbearable for some. Chaos was upon us: we had to find a way to let people choose music “democratically”.

Because cryptocurrency use is sadly still not that user-friendly, some of Blockchain Partner shamelessly didn’t know very well how to use Ether or ERC 20 tokens. Wallets, MetaMask, Ethereum are not easy concepts to master even for those who work around blockchain subjects everyday. We thought choosing music that was played in our office was a good way to teach everyone how to use a wallet and a dApp. We could have designed a very functional centralized system but we thought it was an interesting use case to make people at Blockchain Partner use cryptocurrencies and Ethereum. …

Blockchain Partner

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store