(A)symmetry: How identity will be improved by decentralized biometrics and zero-knowledge proofs
Decades ago, digital identity had a revolution: symmetric to asymmetric. HTTPS, Email, iMessage, Whatsapp…almost every internet service or app we use daily relies on technology from this shift to asymmetry. But identity in the real world, such as for banking, civic services, and health care, is still symmetric — meaning both parties see the same secret — and that’s insane.
I’m taking an analogy here from symmetric vs. asymmetric key cryptography and extending it to real-world identity. Hopefully the parallel is clear and illustrative of our need for an “asymmetric” identity. While in symmetric key cryptography, you share a secret, in asymmetric cryptography you only need to share a public key — you don’t need to share any secrets.
A secret is, well, …secret. Whether it’s a social security number, password, or credit card number, it’s supposed to be known only to you and a select few parties. The question is: how many people do you want to share this secret with? At some point, it’s no longer very secret. In a symmetric protocol like entering a password or credit card, each time you use the secret you share it with someone — both parties know this secret so there is symmetry. The amount we share secrets regularly on the internet has had a massive negative effect on peoples’ lives while losing people and companies hundreds of billions of dollars (a conservative estimate). Here’s an odd world to imagine:
- You have to use the same password and credit card for every website and can’t change it if one is hacked
- Every website had to share your password and credit card with any partner companies they use to process your data
- Your password could unlock your bank account and could be used to impersonate you and/or steal your funds
This is a world where secrets are known to every party need them for. This world is pretty ludicrous. Except, if you simply swap password and credit card for government-issued ID, this is how vital instutitions such as government services and banks operate today. It would be great if this could be fixed overnight. But there are legitimate reasons why this is the case and why it is easily fixed.
Why exactly is this true today? One is because we don’t have widespread privacy-preserving proofs of government ID yet — you just have to give someone your ID in the clear. The other is that government IDs are often the only practical way of proving to a stranger you are yourself. We will see that decentralized biometrics along with ZK proofs will allow real-world identity to finally shift to being asymmetric, unlocking a safer world.
Problem I: The only secure way to prove you are a certain person is your government ID
This is an interesting and challenging problem. We will be releasing research on decentralized biometrics soon: but TL; DR: it is possible, yet hard, to prove you’re a certain person without a government ID. This proof needs to:
- Not reveal information about your underlying biometrics
- Be flexible in case your biometrics change over time
- Be immune to deep-fakes and brute-force attacks
- Ensure you and no other “trusted” party has access to any biometrics
We’ll dive into each of these topics in a subsequent article. Make sure to subscribe to follow this topic closely.
Problem II: We rely on symmetric proofs
Instead of the status quo of sending your super-sensitive data everywhere, ZK allows asymmetric proofs of having this data. With ZK, you can prove you have a valid ID with certain characteristics, without revealing this ID. E.g., you can prove you have a valid ID and aren’t on a sanctions list, or that you are old enough to buy alcohol. If these proofs are stolen, your identity is safe. It’s one of the most obvious solutions for identity — far less damage after data breaches, far less compliance hassle that comes with storing personal data, and of course far less spending on security and compliance.
Solutions on the Horizon
Real world identity has been in need of a transition to asymmetric from symmetric. This transition soon will be enabled by zero-knowledge proofs of identity and by decentralized biometrics. When digital identity became asymmetric, email, HTTPS, encrypted messaging were invented. When real-world identity becomes asymmetric, who even knows what will be happen? It will improve compliance and data breach safety at least, and likely far more. Likely universal basic income, wallet recovery, and bot attacks can be solved too!
About Holonym
Holonym is a privacy-preserving custody protocol for data and keys. The protocol uses zero knowledge proofs for users to prove facts about themselves on-chain and import attributes of their identity while remaining cloaked against third party trackers and snoopers.
Verify your identity in ZK to augment your web3 reputation
