Decentralized Identity — Ushering in an Era of Transferrable IDs
Digital ID related project:
There are many digital ID related projects, and based on different identity needs of people, things, institutions, etc., a very large number of related blockchain projects have been established. The figure below shows the distribution of some prominent projects.
However, among the numerous projects, many of them are only putting the data on the chain, providing no actual reasonable solution to the issues above. This is just claiming “blockchain” for the sake of blockchain. It can’t really solve the digital ID issues nor build the corresponding platform to generate the corresponding ecosystem and form a virtuous full-cycle.
Below is an introduction to some of the projects.
Uport
Uport is a relatively early digital ID project, and its main contribution is the development of the corresponding mobile app, making the use of digital ID more convenient and easy to implement.
Based on the Ethereum platform, Uport has established an integrated system of smart contracts, developer databases and mobile apps. Smart contracts allow users to use agent contracts and control contracts to recover lost information by recovering quorum contracts. The developer database and the trusted third party give the mobile app access to connect online decentralization with offline centralization. The mobile app is a wallet with many different kinds of data, and can use multiple ID data with only one identity identifier.
Uport supports digital IDs for individuals, things, entities, and organizations, and stores identity information on IPFS. However, for privacy protection, Uport still needs further development.
For Privacy protection, ID Hub uses OpenPDS technology for mobile and PC browsers. OpenPDS can only give the “yes or no” answer, and leave the original data. At the same time, when the system detects an exhaustive questioning behavior, it would refuse providing further services. However, OpenPDS is more like a black box, and its related vulnerability information is unknown.
For Data storage, ID Hub uses the Merkle tree to store data, reducing information disclosure, while adopting Kademlia method to improve query performance and security; as for the identity interaction, this is stored in the identity map.
IDHub’s ideas are very detailed and I hope to be able to witness the day of its realization.
Velix.ID
Velix.ID builds an efficient, low-cost, privacy-protected ID verification ecosystem through blockchain.
Velix.ID divides personal information into four levels based on different security and privacy needs, from Level 0 to Level 3. Level 0 contains the basic information such as personal phone number. At Level 3, it would be about work information, insurance and other information that only relevant organizations can have.
Velix.ID has designed a decentralized data acquisition mechanism that allows information extraction from the blockchain only with the consent of the information holder.
The user information forms a Merkle Tree in the HD wallet, which generates different sub-accounts from the main account and stores a large amount of different information. The user only needs to save the mnemonic of the main account.
The consensus of Velix.ID is the stellar consensus, which allows the user to select a slice in the jury that can represent the whole to authenticate, reducing the damage to the authentication process by the fallen node. In addition, there is PoET (time-proven) to encourage nodes to remain on the network for a long time to resist the nothing-in-stake attack.
In terms of privacy, Velix.ID uses digital signatures for zero-knowledge proof to maximize privacy security.
Velix.ID has a long way to go in the future due to the need of offline promotion.
Thekey
The project builds an identity ecosystem through NEO Smart Contracts and builds a network (BDMI) that delivers the value of multi-dimensional identity data.
Since the real-name system and the bio-verification mechanism still cannot guarantee the characteristics of non-falsification and non-repudiation, and there are a large number of repeated verification steps during the complex service process that could affect user experience and efficiency, Thekey intends to use NEO’s virtual machine to create a blockchain dynamic multi-dimensional ID verification mechanism (BDMI). It has an important feature: building multi-dimensional data intersection with identification, behavior and scene data of the same user, to verify and ensure the reliability of identification.
To this end, thekey intends to work with agencies such as the government to modularize various identity data and promote it with an ID verification engine. In order to improve operational efficiency, they will work with Qtum to build the infrastructure layer.
Thekey has reportedly started actual verification and hopes to improve the public’s ID-related service experience as early as possible.
Current Issues
1. Establishment of a complete security system.
Security is not equal to a single encryption protection, nor is it equal to the control on smart contracts, but a bottom-up complete system to ensure security. SSL has been used for so many years and a serious heart-bleeding vulnerability has still been discovered. It is not easy to build the unbreachable firewall, for one tiny loophole could mean devastating destruction to all the efforts. For digital IDs, which are closely related to each person’s identity, there is no tolerance for “what if”s. Only 100% security can be called security. Any serious loophole will destroy the water capacity of the entire bucket.
2. Lack of mutual support for data.
As mentioned above, when filling out various forms, a lot of data is redundant, while the important data that really needs to be interconnected is buried in a large amount of trivial data, actually wasting social resources.
3. Storage mechanism and cost.
Most projects now only have a small amount of data and a relatively low update frequency, so for the moment we don’t need to take this into account. However, as the projects scale up, the volume of transactions increases, if there is no platform with a high enough TPS and low cost, then either the project party will waste their efforts in promotion or the project would be naturally unable to grow.
4. Anonymity and privacy protection.
At present, this aspect has gradually received attention, but it is still not enough. Privacy protection is not only something needed upon summons, but should also be considered from the uploading data onto the chain, storage, processing and other aspects.
5. Convenience and trust.
A big problem of blockchain is its high technology threshold, and it is difficult for merchants and users to directly access the blockchain Dapp with a high entry barrier. This requires an easy-to-use interface and SDK so that the merchant will be willing to use. For users, the DApp needs to be easy to use, convenient and practical. Only in this way, can the masses convert their trust to the traditional authorities to the trust of the blockchain decentralized system, opening up the future market.
DREP’s consideration of digital ID
I think that a digital ID should actually have two major functions:
The first is to integrate and protect personal information.
The protection of personal privacy information is something I have always been thinking about, from the encryption mechanism, homomorphic encryption, secure multi-party computing and other aspects of the underlying data protection. DRApps will require technologies such as ring signature to protect the user’s transmission and acceptance privacy. For the sake of safety, the relevant data will not be directly stored on the main chain. Instead, the data of each DRApp is processed via a secure multi-party calculation. The IPFS is used for safe and economical data storage and only retain reputation images and other data that cannot be traced back to specific users on the main chain. In consideration of potential data-sensitive attacks that IPFS stored data might face, applications related to data desensitization are also considered during the storage process. These are all designed to assure users in safely synchronizing and saving data on the DREP chain.
For the convenience of users, we will allow users to generate a unified public and private key for each DRApp, and the public key of the cooperation platform for convenient and fast data management. This public and private key is obtained from each data source through an encryption algorithm, and the private key can only be saved locally, which ensures maximum security. For sensitive data related operations (such as reading, modifying, etc.), it is managed by a one-time key, lowering the risk of losing the DREP main chain private key or DApp private key as much as possible. Among the various services, we believe that one-time addresses can be assigned. Although each visit uses comprehensive data information, the addresses will be completely different, and sensitive information is desensitized to protect personal information as much as possible.
We also noted that the security requirements for personal information are not the same on every level. The security requirements of information can be categorized into two dimensions: usage frequency and degree of privacy. The usage frequency cases can be demonstrated as follows: emails may be used everyday, while taxes need only to be considered once per month. As for the degree of privacy — say if the e-mail address is leaked, it could cause spam, but this wouldn’t make a significant privacy threat. If it was the tax payment info that got leaked however, it wouldn’t be hard for people to speculate income, expenses sort of information, thus posing a much greater threat. We will design different permission controls according to the different needs of users so as to better meet different security requirements while reducing system operating costs and enhancing security.
The second is to connect the islands through personal information to form a multi-dimensional and multi-level personal digital ID network.
As mentioned in the cross-chain article, DREP’s cross-chain is not just a cross-chain of values, but a synchronized chain of reputations as a valuable resource. What is the use of reputation after cross-chaining? The purpose is to form a detailed portrait of the user’s image with the consent of the user and feed back to the reality, converting reputation into one of the indicators of credibility in reality. In doing so, we can potentially reduce the trouble of verifying identity in all aspects of reality, and a DREP ID can correspond to various services both online and offline.
In addition, we consider such a digital ID as an interoperable information platform. For example, the data on ETH can be referenced to the DREP platform, and you can authorize viewing your address and currency information on ETH. In the ETH-related operations, the DREP plug-in is authorized to perform seamless docking operations to enhance the user experience. In the end, we hope to establish DREP as a reputation ecosystem network.
Thanks for reading.
ABOUT Myself (Xiaolong)
Xiaolong Xu, Co-founder of DREP Foundation
Former lead developer at QTUM, with extensive experience in blockchain technology and public chain development. Current technical advisor for a range of established blockchain projects. Instructor of NODE Blockchain Accelerator.
Previous software developer at Microsoft and Tencent. Master of Chinese Academy of Sciences.
