KILT Protocol: What’s It All About?
A conversation with Ingo Rübe, Founder of KILT Protocol and CEO of BOTLabs GmbH
KILT is a blockchain protocol for issuing self-sovereign, anonymous, verifiable credentials and decentralised identifiers.
But what exactly does that mean? Who better to ask than the creator of KILT himself! Ingo Rübe breaks it down for us in his own words.
Let’s start with the things that are most associated with KILT. What are decentralised identifiers and credentials?
Ingo: KILT Protocol is a system for maintaining identities. And here comes the first interesting part: an identity is something different from an identifier.
If we have an identifier it’s just a name or a number — it doesn’t say anything about an identity. So for example, my name is Ingo. If my identifier is Ingo, that doesn’t say that I’m from Berlin, it doesn’t say that I am working on the KILT Protocol, whether I have a driving licence or not; it doesn’t say anything about me. It doesn’t really contain any information, it’s just an identifier.
And if there is only one Ingo here and you direct a question to Ingo, I know it’s me you’re talking to. But if there are two Ingos in the room we never know, so it would be good to have those identifiers a little bit unique.
This is the first part: Identity starts with an identifier, which is what all the other things are linked to. And many of these things in our world are linked to the identifier with credentials. So think of real life; I have a passport from Europe and it basically says “Ingo”. And it also has a picture of me, and other things, but it can be directly linked to me because I am Ingo and the word Ingo is there on the passport. But the passport gives more information about me because, for example, it says I’m European. And this passport is what we call a credential.
So identity is built by adding more and more credentials to an identifier.
If you want to build a digital identity you need both an identifier — for people or things — and then you need different types of credentials which are linked to the identifier. Then step by step you produce a digital identity.
If you want to register with a social media platform, for example, you choose a username and password. And they check to make sure that the username isn’t already taken and that your password has enough numbers or letters or whatever, and if everything is okay this is now your username and your password and you’ve got an identifier.
And then you go on the platform and you like certain things and maybe write a comment or two. And depending on the platform, you can add photos, or university status, and a passport or whatever, and the identity is growing. And you can link other things to it. These are your credentials. This is your behaviour, and this aggregates there — with the platform, not with you.
But this can also be done for machines. The identifier of the device could be a very long number for example. This device can be identified by this number because this number is unique to it. And then, step by step you add more and more credentials to it, like an IOT device that is compatible with a certain standard, for example. Then the device gets an identity. And if the identifier is registered on the blockchain it becomes decentralised, because the blockchain doesn’t store information in any one location; it’s spread across a network of computers.
What are verifiable credentials and why is it important that they are verifiable?
Ingo: There are several parts to this.
First, credentials are built on trust. Trust is not generated by the blockchain, trust is something that happens in the real world — that’s how our society has been working for thousands of years.
KILT takes the old process of top-down trust in the real world and puts it into the digital world.
Anyone can build a credential. You could make your own. You could print your name on a piece of paper and stick your photo on it and write on it that you can drive, but people might not believe it just because you say it and made your own credential!
It would be better to use one that is already there, that is already trusted, like a driving licence from the government department that deals with them. That would probably have your photo, your name, it would include a vehicle class. You can go to most places in the world and they will look at it and look at your photo and say, ok, I trust it. It looks like a driving licence and he looks like the person in the photo.
But digitally, when you give your credentials to someone there’s no photo. I can wave a physical credential at you; a digital one I can’t — it’s just numbers.
So now we need a trusted entity to confirm that those numbers really mean what they say they mean. In KILT we call this the attester. We’ll go into more details on how the attester works another time, and how we know we can trust them, but basically, they confirm, or attest, that the information is true. They do this by digitally signing the digital credential and then sending it to the claimer. They also create a hash of the credential — a number representing the information — and store it on the blockchain. It’s not personal data or the document itself, it’s just a hash.
The important fact is: the credential is issued by the trusted entity to the user. And the user owns the credential. They can decide when to show it, to whom and for what purpose. The trusted entity is not involved anymore. So, if I receive your credential because you want to hire a car from me, you show me your digital driving licence. I check with the blockchain to see if this hash which comes out of your credential is actually present on the blockchain. If it’s present on the blockchain, it’s fine. You can hire the car and drive away. The driving license department will never find out about you hiring a car.
That’s why we call it a verifiable credential; it’s a credential that can be verified. Simple!
But what happens if you drive crazily and the driving department says “Give the licence back, we don’t want you to drive again for the next ten years”? In the real world they would ask you to send your licence back and you don’t have it any more. But in the digital world it’s just numbers. Even if you send it to them and say “Hey, here’s my licence back” you still have a digital copy. So there needs to be a way that the attester can check that everything is still okay and, if it’s not, be able to revoke the credential.
So that’s why digital credentials need to be revocable?
Ingo: Exactly! And that’s what we use the blockchain for. The KILT blockchain makes credentials revocable; so if the attester wants to revoke your digital licence they can just put another hash of the credential representing your driving licence on the blockchain to show that it has been revoked.
Then if you go to hire the car and present your credential, your digital licence, it looks OK at first. But when I check the hash I can see, yes, there was a credential once but this one was revoked. So I don’t let you hire the car.
And that’s why it’s so important to have an entity that stores the VALIDITY of a credential. But that’s the kind of thing you don’t want a big corporation to have. They might think “Hey, we could just revoke everyone’s credentials until they pay us a lot of money” or whatever. It could be the most dangerous company in the world. This is why the validity of credentials does not belong in the hands of a company. It has to be on neutral ground, revocable for attesters but immutable to anyone else. And that’s the reason we use a permissionless blockchain to record it.
Interesting! Back to the description of KILT we started with, what do you mean by “self-sovereign”?
Ingo: Self-sovereign means something very useful. It means that you hold your credentials. In the real world you hold your credentials in your wallet, or in your home. So you have sovereignty over them, basically. But in the digital world you don’t. In our example of signing up to a social media platform with a username and password, you don’t have your credentials — the platform does.
But with KILT you own your digital credentials. You keep them in your wallet and if someone asks for your credential — your driving licence or whatever — you can send it to them. And this also affects anonymity because when you have sovereignty over your credentials then you can choose what you show to people and how much of it you want to reveal. And a blockchain-based system allows you to do that.
So the data is anonymous?
Ingo: what we do is give you control over your data. We don’t store it on the blockchain, it’s stored in your wallet. Only the hash that shows that the credential is valid — or not — is on the blockchain.
But anonymity is more than that; it’s something that has to be provided in different ways. So, going back to the driving licence example. If you want to go into a bar you might have to prove that you are over 18. In the real world you can choose any of the credentials you have in your wallet to prove that — your driving licence, or identity card, your student card, whatever. And you can show this to the person on the door. They just need to see your picture and your date of birth to prove that you are over 18, but they don’t need to know your name, or anything else about you — you can choose to put your finger over it and you will still be let in. This is what we call selective disclosure and this is also a part of anonymity.
That sounds like a great development in digital identity! One last question for you today. What exactly is blockchain?
Ingo: In simple terms, blockchain is a digital, decentralised database, or record of transactions. So when you think about blockchains you have to start with databases basically, and these are something that are even older than credentials.
Databases are around 4,000 years old. They started with our ancient ancestors — they put symbols into clay and started to record things like how much tax someone owed, and that sort of thing. And this was the first central database. You had this piece of clay with all this information on it and this piece of clay told the truth, in a way. And if you wanted to know how much tax you owed, you could look at this piece of clay. This principle of a central database is the fundament of basically almost everything we have. Our governments wouldn’t work without that, society wouldn’t work without that, banking wouldn’t work without that; this is really a huge success in history, these databases.
But they have some disadvantages. The first is that if you drop the piece of clay on the floor, then it breaks and it’s gone. Well, modern databases aren’t made out of clay, but they are still very easy to break. You could make a copy, but then there can be errors in copying it. You could have two different types of information and not really know which is the real one. The second thing which is terrible about those databases is that they are controlled by a single person normally, and that single person can be bribed. So they can be connected with corruption. So you have a lot of disadvantages.
But you have also advantages, because you have a central piece of information, very easy to handle, very easy to administer, the governance of it is totally easy — the king, or civil servant or whoever says you write this down and only you write this down on this piece of clay and everybody can read it and we’re good to go, right? As long as the person isn’t corrupt and doesn’t die. So that’s basically how central databases work.
And modern central databases are extremely fast, extremely cheap, extremely easy to administer and this is why they are somewhat successful. But like the ancient ones, they have these two little problems — they are very easy to break and very easy to corrupt.
If you want to build a system to get away from that, a nice and easy solution is blockchain, because this is a system where you don’t have only one copy of the thing. You say basically everyone can be a bookkeeper and everybody has the same book. If something is added to the book then everybody has to add it, which is extremely hard to administer, extremely slow and extremely expensive. But it is completely safe; if one of the books falls down or one of the machines explodes, because you have 999 copies of it, it’s not a problem. And if one or two of the bookkeepers goes corrupt, it’s also not a problem because you have 998 others who are not corrupt. And with every new entry they have to agree that the book they all have is the same version of the book again. And this is the basic idea of blockchain.
So what can you do with something like that? You use this if you don’t want to trust a single entity or person, because with a database you always have to trust the person running it. I can read it but I have to trust what they actually wrote into it is true. And there might even be an intermediary, and I have to trust what they wrote in there too.
If you want to get rid of the intermediary you can use the blockchain and have the actual truth in the system, which is defined by a democratic majority of the bookkeepers and mathematical algorithms. And if you say everyone can actually become part of the system and be a bookkeeper as well, then you have the wisdom of the crowd and can say it’s probably actually the mathematical truth. So we change from trust in a person or entity to the mathematical truth. And most people believe the mathematical truth.
And if there are thousands of computers that have agreed on something like the balance of my account, then I can believe it much easier than believing a single person or institution. Because they might have made a mistake, or been corrupted.
This is what you use the blockchain for. It doesn’t work for everything — in the past people tried to build many crazy things with it, like closed logistics chains, and that doesn’t make sense. If you only have three partners interacting and they run a blockchain together they actually have to trust each other because they’re running the system together and it’s not open — it would be much easier and cheaper for them to run a database and all have a key to the database. Blockchain only makes sense if you need to work together without constantly making use of a trusted entity. The blockchain replaces the trust in an entity with the mathematical truth.
There are so many uses for blockchain; I think it’s going to change the internet completely over the next ten years.
Thanks for the insights Ingo!