Assertions: The Missing Piece & Precursor of Attestations
In the past few articles about attestations and Sign Protocol, we’ve delved deeply into the concept of attestations and how they offer a promising solution for strengthening the trust systems of the web and the world around us, such as our Web of Trust, via the delivery of provable trustworthiness and rich insights. However, we’ve only subtly hinted at another core and critical piece of the equation used to achieve this goal via attestations: Assertions.
Currently, attestations made in the wild often have their assertions either confined to locations outside the public domain, such as within an app’s backend server, or they do not exist at all. This inadvertently leads to an apparent innocuous misuse of attestations, as they are utilized as a means to make claims about a subject matter, instead of their intended purpose of verifying such claims.
In this article, we’ll explore the often overlooked concept of assertions and their fundamental role as the precursor to an attestation. Additionally, we’ll discuss some of the side effects and shortcomings observed in certain attestation ecosystems in the wild, primarily due to the oversight of assertions as a core component of their framework. Let’s dive in!
What Is an Assertion?
An assertion is a statement or declaration made by a party regarding a subject matter. Such statements usually lack substantial evidence, necessitating verification in the form of an attestation. The subject matter can encompass various aspects, including historical events, information, observations, calculations, analyses, or even facts.
Ideally, an assertion is crafted by a responsible and honest party, using a structured schema that adheres to specific criteria for organizing the data intended to express or represent the subject matter. This data, serving as the foundation for assertion-based engagement, provides the guiding scope for an attester to evaluate and issue an attestation.
Assertions aren’t a new concept in any form or way. In fact, every day, we engage in activities i.e. assertion-based engagements that involve either making an assertion, such as stating the winner of the 2022 FIFA World Cup, or providing an attestation to validate a presented assertion about the winner of the 2022 FIFA World Cup by presenting recorded footage from sources like NBC Sports, BBC Sports, and other news outlets.
Another real-world example that illustrates the role of assertions and the use of assertion-based engagements in our daily lives can be found in an app like X (formerly known as Twitter) and its Community Notes feature. This feature enables community members to attest to the validity of statements made in posts, providing added context. The attestation is then attached to the original post, informing other readers (verifiers) about the credibility and context of the post.
The Importance of Assertions
Assertions play a crucial role in establishing the criteria, via a schema, according to which an attester can evaluate and validate to issue an attestation. A well-crafted assertion provides a clear framework, enabling attesters to directly validate key points stated in an assertion. This standardization influences the consistency and reliability of assertion-based engagements across a given attestation ecosystem, promoting uniformity, composability, and efficiency.
Without assertions, attesters face the daunting task of identifying the relevant points of a subject matter in order to issue a reliable attestation. This lack of assertions may lead to inconsistencies and subjectivity in the attestation process, as different attesters may prioritize different criteria. Consequently, observers and verifiers are left to construct their own criteria to sift through the various attestations for one that suits their needs, introducing further subjectivity, overhead, and potential for error. Essentially, the absence of assertions leaves attesters and verifiers operating blindly, resulting in attestations issued or verified in a more opinionated manner.
In an attestation ecosystem devoid of assertions as a core provision, all attestations are essentially ‘Blind Attestations.’ Without the provision of assertions in an attestation ecosystem, there is no proper means to assess the origin or criteria of the subject matter when constructing attestations. This lack of transparency undermines the reliability and trustworthiness of the entire ecosystem.
To grasp the importance of assertions within an attestation ecosystem, consider attestations as keys and assertions as the corresponding keyholes. Just as a key without a matching keyhole serves no purpose, an attestation lacking an assertion is essentially worthless. The assertion acts as the antecedent, setting the subject matter criteria of measurements and benchmarks which an attester evaluates in order to issue an attestation.
What the Mainstream Gets Wrong About Attestations.
The emergence of attestations in the Ethereum ecosystem and broader crypto mainstream was catalyzed by the efforts of the Ethereum Attestation Service (EAS). This initiative witnessed a surge in attestation issuances, expansion into other blockchains like Base, and significant adoption campaigns by major entities such as Coinbase.
However, despite this growth and activity, it’s unfortunate to note that the EAS standards and attestation ecosystem do not include provisions for assertions. Consequently, this has led to a normalization of deficient attestations being issued, which ultimately hampers the utilization and effectiveness of assertion-based engagements in mainstream contexts.
To illustrate, consider a scenario where Taylor creates an attestation with a very elaborate schema on the EAS platform, stating her age as 22. Other observers or verifiers, such as apps and businesses, may naively accept Taylor’s stated age as truth based solely on it being an attestation on EAS. A more appropriate approach would entail Taylor making an assertion about her age and providing additional evidence, such as an ID card or birth certificate. Subsequently, Travis (the verifier), who works at the DMV (the attester), would verify this assertion by reaching out to the internal resources of the DMV to receive an issued attestation that will either confirm or debunk Taylor’s assertion, with added context such as physical description, date of birth, etc.
From the scenario described above, it becomes observable to the astute reader that the issuance of an attestation is a dynamic and interactive process, rather than a unilateral action. This interactive process, which entails the presentation of an assertion, and evaluation and validation by an attester to issue an attestation, is commonly referred to as an assertion-based engagement.
Another scenario we will use to highlight this issue in certain mainstream attestation ecosystems, such as EAS’, is the operation of Onchain Verification initiative by Coinbase. Through the Onchain Verification initiative, Coinbase issues batches of onchain attestations on the Base chain to publicly certify customers’ ownership of a Coinbase account and their nationality, relying on internal KYC data. However, despite the progressive nature of this initiative, it is inherently handicapped by shortcomings of EAS’ standards and design, particularly the oversight of assertions.
The composition of the assertion, particularly the criteria guiding the measurements and benchmarks used for Coinbase’s Onchain Verification attestations, appears to be internal or proprietary to Coinbase. This does not involve the specific details of the assertion, which often include sensitive customer information, but rather the criteria guiding the assertion, as expressed through its schema. In essence, while we acknowledge Coinbase’s role in attesting to Alice’s nationality, for example, the absence of visibility into a relevant premise, i.e., the assertion, that necessitates this attestation leaves much to be desired in terms of ensuring efficiency, accountability, and independent verifiability within the ecosystem.
Despite the aforementioned shortcomings, numerous apps and services confidently rely on Coinbase verification attestations to conduct their operations. This reliance stems from Coinbase’s reputation as an entity traditionally perceived as honest and credible. However, this practice diminishes trust assumptions, overlooks security considerations, and limits the overall purpose of these attestations to a “trust me bro” standard. Instead, they should embody key attributes that foster open verifiability.
It’s important to emphasize that these observations are not a direct critique of Coinbase. They reflect broader challenges within mainstream attestation standards and ecosystems.
A notable consequence of adopting flawed or poorly designed standards in attestation ecosystems is the overloading of attestations, causing them to perform tasks or functions beyond their intended purpose. We have observed the tendency for everyday users and businesses to issue attestations where assertions would be more appropriate. Essentially, we’re observing instances where the mainstream populace tends to present statements about subject matters as attestations upfront, rather than generating assertions that could subsequently be validated by an attestation.
Another case that illustrates the overloading of attestations caused by inefficient standards and methodologies within an attestation ecosystem is evident in a feature introduced by the EAS known as “Referenced Attestations.” These are attestations issued to validate other attestations. However, this feature only creates redundant usage of attestations and merely serves as a makeshift solution made in lieu of the appropriate considerations and provisions, specifically assertions.
Building the Change We Wish to See with Sign Protocol
After exploring the concept of assertions and how some mainstream attestation ecosystems lack the necessary infrastructure and standards to provide effective attestations to users, applications, and businesses, you may wonder how we plan to address these issues and enhance attestation ecosystems with Sign Protocol.
Our investigations and observations of attestation ecosystems in both traditional trust frameworks like the Microsoft Azure Attestation Service and alternative ones like the Ethereum Attestation Service have shaped our scope and strategy for building Sign Protocol as a competent and efficient attestation ecosystem and stack. We aim to rectify the flaws of previous projects and set new standards, tools, and practices for a robust and effective attestation ecosystem.
The hallmark of a well-equipped and efficient attestation ecosystem lies in the consideration and provision of all core elements essential for enabling assertion-based engagements. This comprehensive approach ensures that the ecosystem becomes a beacon for effective attestations, fostering trust and reliability in the broader landscape of trust systems.
To achieve this, we at EthSign will be researching, proposing, and advocating for new standards and methodologies to the public, especially the active participants and stakeholders of the various attestation ecosystems. As we keep developing and releasing new features and provisions that evolve Sign Protocol, you can anticipate improvements that will progressively bring in a more advanced and well-equipped attestation ecosystem. These improvements will incorporate more core aspects and provisions such as assertions, allowing anyone to conduct and interact with assertion-based engagements properly.
This endeavor enables Sign Protocol to offer a strong, secure, and verifiable attestation ecosystem, empowering the web of trust of tomorrow and strengthening trust systems worldwide.
In Conclusion…
In an attestation ecosystem, assertions serve as foundational elements, laying the groundwork for subsequent attestations by defining the subject and criteria for verification, thereby providing essential context. A deficiency in provisions and functionality for assertions within an attestation protocol leads to the issuance of inefficient or flawed attestations.
It’s crucial to note that attestations do not assert claims; rather, this responsibility falls squarely on assertions. Without a well-defined assertion, an attestation remains inherently incomplete, lacking the necessary subject matter and supporting criteria for its issuance. This highlights the pivotal and indispensable role of assertions as the precursors to attestations.
