Version 1.0
September 4, 2018
General Questions
What is Metadium?
Metadium is the next-generation identity protocol powered by blockchain.
Metadium aims to build an identity blockchain ecosystem through a system service called the “Meta ID”. The role of the Meta ID is to provide a service that supports user authentication and personal information verification. Personal information is not stored in the blockchain in order to prevent privacy violations.
Online and offline services that require an ID can provide services using information accumulated in the Meta ID. For example, a service associated with a Metadium blockchain can provide basic services for subscription and login, and provide services in the form of decentralized apps or centralized apps.
How do you pronounce Metadium?
Metadium is pronounced [mé;tədiəm].
What problems can Metadium solve?
Metadium tries to solve an important problem faced by the society today: that individuals (and “things”) do not have ownership of their personal data. Every time we sign up for an account on a service or a platform, we are actually providing these platforms with our personal information. These platforms/services then can maliciously sell and share these personal data to third parties. Since most users have signed up to many different services, keeping track of where and how our personal information is being used can be an extremely daunting task. In this case, our personal information becomes extremely vulnerable to data breaches. While data breaches are sometimes caused by hackers with a malicious intent, most of them are actually a result of accidental data leakages by service providers with poor security practices.
Metadium is a project to give back these personal information to their rightful owners so that everyone can claim control over their own identity. Through Metadium, users can manage and have absolute control over their personal information at a minimum number of predefined points. Since these information are not prone to data hacking and leakage, we can prevent the side effects that arise from providing our information to different platforms and services.
An ID in Metadium is an identity smart contract that the individuals can use as their identity. Users do not have to upload their personal information on these identity contracts; the contracts will only contain the meta print for verifying the information. Personal information are stored in personal devices, eliminating the risk of any information leakage. Users have full authority over these identity contracts, and they can capture the entire usage flow by tracking them.
In addition, the Metadium blockchain brings forth a great infrastructure for managing our identity. While the TLS(Transport Layer Security)/SSL(Secure Sockets Layer) method frequently used on the Web is vulnerable to MITM (Man In the Middle) attack, since blockchain does not require a cipher spec exchange through hand shaking, this problem can be prevented in advance. Furthermore, Metadium provides a decentralized Identity infrastructure that lowers the existing centrally generated and managed identity data down to a personal level. This reduces the economic incentive for hackers, reducing the possibility of an attack.
What are PKI and dPKI? How do you plan to decentralize the PKI?
Public Key Infrastructure (PKI) refers to all configurations that utilize digital certificates commonly used in websites and apps. The current PKI is supported by a belief in a Trusted Third Party (TTP), such as a Certificate Authority (CA). The CA issues the certificate to network participants, and the network participants confirm the identity of each other based on this certificate. Under the current PKI structure, if the TTP is attacked or contaminated, the whole network may be at risk.
The decentralized PKI (dPKI) is a concept devised to solve the problems of the existing PKI. In dPKI, an attack or contamination of a single party will not disrupt the entire network. A good example of a dPKI is the blockchain such as Bitcoin, which does not have a specified CA or TTP. So even when a particular node fails, the network itself will not be affected.
Since Metadium is a blockchain, it has the dPKI structure without a TTP. The decision to execute an action is carried out by a consensus of multiple nodes. The Metadium network will thus operate perfectly fine even when a certain node is contaminated.
What are the Patents that are going to be used for Metadium?
- Certificate issuance system and method based on blockchain
This patent will be utilized in Metadium’s dPKI to replace traditional Certificate Authority (CA) and to store certificates on blockchain. Key element of the PKI system is a CA that assures individual certificates and the public / private key of each individual. CA is an institution that can manage and guarantee transaction records in accordance with the Electronic Signature Act, and can establish and securely manage authentication system. Therefore, CA must be trusted by all users as CA verifies the authenticity of the user’s personal information using the private key and proves ownership of the public key provided by the user. In Metadium, trustlessness of the blockchain technology will replace CA. In addition, privacy problem does not occur even if the certificate is stored in the public blockchain as certificate is stored on a blockchain with a hashed value of personal information in the certificate.
2. Managing private key in a PUF (Physical Unclonable Function)
This patent addresses on how to generate a private key with high entropy and proceed with authentication in a hardware device while eliminating private key leakage problem. The private key is a random length of bits (e.g. 512 bits in ecdsa256). The private key must be created in a situation where the entropy is as high as possible to guarantee the maximum safety. One of the biggest problems with the widely used PKI systems is that it is difficult for a user to securely store a private key. The role of the private key is to create a signature, which is not a physically memorable value for the user and should not be moved outside the generated terminal. If a private key is generated and managed utilizing PUF, it is possible to prevent a private key from being leaked out to other parties.
3. Method to utilize certificate information through biometrics
This patent addresses methods to utilize private key with biometric information of a user. It is impossible to directly input private key in order to allow the operation of the private key to generate the signature in the PKI system. Therefore, user utilizes private key with a pre-generated password to decrypt the encrypted private key. However, passwords are easily leaked and the more passwords the user has to remember, the more problems they can cause. As the use of personal terminals becomes common, accessing services using the biometric authentication information (ex. fingerprint touch ID) without using a password is becoming common. Metadium platform allows access and manage of private key with the use of individual’s biometric information.
4. Method for providing certificate service based on multiple signatures
From a service perspective, different approaches in accessing certificate must be possible depending on the use of the certificate. Currently, the authorized certificate distinguishes only the conditions under which a specific user can use the authorized certificate. Therefore, the system does not support the use of multiple signature-based certificates, where use of certificate can be possible when two or more parties authorize the use of certificate with the pre-registered public key through a consensus. This patent addresses the multi-signature certificate technology that provides a function of registering several public keys in a certificate, to make various use cases including recovering Meta ID even when a private key is lost.
5. Method for providing certificate service based on smart contract
Current certificate has a condition that certificates can be used only in specific cases such as bank, insurance, securities, etc. It does not have the function of conditional-availability of the certificate (ex, proof of third party, limits on use, date and weather conditions). In this patent, smart contract which operates in a decentralized way without administrator’s intervention, writes and records the execution conditions of the certificate in code form, and deals with the smart contract based certificate that is automatically executed according to the user’s action.
6. Method for certifying a user through blockchain and Merkle tree structure
When storing a certificate in a blockchain, it is not safe to store private information because all the data stored in the blockchain is accessible. Though hash value of personal information are encrypted, privacy is not guaranteed as disclosing all original data that generated the hash value is necessary to verify authenticity of the hashed information. For this reason, personal information is processed using the Merkle tree and the root hash (that is the final value of the Merkle tree) is stored in the blockchain. In this case, users can disclose only the desired information to the subject. The authenticity can be verified by using the root hash value on the blockchain. It is also possible to disclose parts of information without disclosing entire information using the hierarchy structure of the Merkle tree. For example, to disclose the city users live in, users can disclose ‘Seoul’ rather than disclosing the full address.
What is Identity Blockchain?
Identity blockchain refers to a system in which all CRUD operations (create, read, update, delete) and the use of IDs are controlled by ID owners, and all actions related to IDs are stored in the form of transactions in the blockchain.
Are there transaction fees on Metadium Blockchain?
Yes, there are transaction fees to prevent DDoS (Distributed Denial of Service) attacks. In a DDoS attack, an attacker tries to flood the network with dummy transactions. If the attacker has to pay a sufficiently high fee for each of those dummy transactions, this form of attack will become too expensive to carry out.
How do I mine META?
Metadium utilizes the proof of authority algorithms, meaning that only those with authority can produce blocks and mine META. To participate as an authority, you will need to meet minimum requirements of computing power and hold a certain amount of META for staking. Once you are voted in by existing authorities, you can operate a node to mine META.
What is self-sovereign identity and how do you manage it on blockchain?
Self-Sovereign Identity refers to the concept that individuals have the ability to control their own identity. Blockchain will store a unique identifier and a proof of verification, while all of the user data is securely saved on the user’s personal device, fully controlled by the user.
As the term “self-sovereign” indicates that individuals verify their own personal information, individuals become the verifier. In the Metadium blockchain, users can verify their personal information of their Meta ID to upload their information.
Meta ID can be used only through a private key that users register in advance. Users can register many different keys in the Meta ID contract. With these keys, and the Meta ID as their identity, individuals can participate in the Metadium blockchain.
How does Metadium address the scalability, expandability, and the performance problem?
Metadium’s performance is outstanding, because it is a Raft-based PoA. Unlike PoW, it does not allow random nodes in the network to participate in mining, which makes it much easier to consider in terms of scalability. In order to increase scalability and achieve higher performance, the Metadium team is continuing to explore various solutions. We are considering some well known methods in the Ethereum scene such as the Sharding, Plasma, and the Plasma Cash, and we are also looking into operating our own side chain to boost the performance.
Our team has developed various blockchain projects including both public and private blockchains. We especially have a lot of experience and knowledge about the distributed ledger technology and distributed processing. Through numerous testing procedures, we will ensure that our users enjoy the best benefits.
What is the current status on personal identity management?
In the present day, our personal identity is not managed by ourselves. Instead, they are stored in the servers of the service providers whom, as a matter of fact, came to own them. In this way, users were unable to track how and where their personal information is being used, and were threatened by black marketeers who buy and sell these information without our notice. This is an inevitable weakness in existing underlying identity schemes. Metadium resolves this through a Decentralized ID (DID) using a Metadium blockchain.
Is Meta Token a ERC-20 standard token?
Yes. On the Ethereum blockchain, there is a Metadium ERC-20 contract that implements ERC-20 standard with a few modifications for some operations. We have plans to freeze the token along with our launch of the Metadium Mainnet. Then you can swap your Metadium ERC-20 token on the Ethereum mainnet to the ‘META’ — the native coin of Metadium — on the Metadium mainnet.
Is Metadium on progress to meet its roadmap?
Metadium’s development progress is in accordance with the roadmap. The alpha test has been completed since the present initiative, and we are in the process of developing an open beta service. The Metadium team is constantly trying to solve the identity problems we experience in the current blockchain world.
Consensus
What is Meta Consensus?
Metadium has adopted the PoA agreement algorithm based on the Raft leader selection algorithm. It can provide a stable service to users participating in the network and a performance of several thousand tps or more. Block producers for producing blocks in Metadium have already been agreed upon. They will take block commissions in exchange of processing transactions generated by the users and providing services to them.
Metadium is considering to implement a concept of a Validator Group to alleviate the somewhat centralized configuration of a PoA model. The Validator Group will monitor the actions of the Block Producer, and report any abnormal behavior to manage and check the reputation of the Block Producer.
In Metadium, nodes can utilize voting for adding a new node to participate and for removing a particular node with abnormal behavior.
What is Proof of Authority (PoA)?
The Proof of Authority is a consensus algorithm in which nodes that have been validated through a consensus take turns to generate blocks (not just round-robin, but it can be shuffled). In PoA, validated nodes gather transactions and produce blocks that will provide service to network participants. Block producers can take the block commissions. In PoA, you can decide whether to accept or exclude other block producers via a voting procedure between the nodes.
What are the advantages of PoA over PoW or PoS?
PoA is a method in which nodes that have been previously agreed generate blocks in turn (not just round-robin, but it can be shuffled.) Metadium uses the Raft algorithm to select the leader that generates the block. Since we have decided to trust these block producers in PoA, we do not use the mining processes that are used in PoW. As a result, new blocks are often said to be “forged” instead of “mined”.
In PoW, nobody can trust each other, so we gain trust through mining. In the mining process, we use a lot of resources such as the CPU, memory, and the electricity. Also, it is difficult to have more than two digit tps in terms of performance.
PoS is a method designed to overcome the shortfalls of the PoW. Instead of mining, the “stake” that depends on the user’s wealth in the network determines the level of authority to produce and verify the blocks. However, the PoS method requires users to stake their assets in order to produce or validate blocks, and there’s also the added problem of having “nothing at stake”. Ethereum tries to resolve this by introducing the casper and slashing condition.
In PoA, predefined nodes carry out the service. There is no problem of wasting monumental resources related to mining in PoW, and there is no need to stake the user’s assets as in the PoS. Although one can point out that the PoA method is centralized, the number of nodes participating in the PoA can be substantially extended. The network maintenance and performance also far exceeds the PoW/PoS methods.
Metadium uses a consensus algorithm based on PoA with Raft. Each node participating in the PoA can have something similar to a “governance token” by staking the META token, and each node has the power to participate in the metadata network according to its governance token. Governance token is used in voting procedures to decide the addition or removal of PoA participating nodes, forking, and the reserve pool management. The voting power is proportional to the amount of governance token. An additional governance token can be secured by staking additional META tokens, and all of the governance tokens are incinerated when attempting to suspend activity with a PoA node.
What is RAFT consensus algorithm?
The RAFT algorithm is a distributed processing system whereby distributed nodes agree on each other. The RAFT system is mainly divided into a 1) Leader Election and 2), Follow Leader (Log Replication). This leads to the consensus among distributed nodes. The node that receives a majority vote from other nodes through real time voting assumes the leader position. Followers then agree to update their data according to the leader. The most popular algorithm in distributed processing is Paxos, whereby an easy-to-understand version of Paxos is RAFT.
If we try to understand DPoS in the perspective of RAFT, the procedure would be as follows: 1) a block producer (leader) is elected, 2) it generates a block, 3) propagates to the network, and 4) the leader changes. Metadium uses the “etcd” which is one of the “Go-implementations” of the Raft consensus, which is a mixture of PoA and DPoS. Voters can add or exclude block producers on the network.
Here is a friendly explanation of the RAFT consensus. : http://thesecretlivesofdata.com/raft/
Governance
Does Metadium allow forks?
With respect to mining, since Metadium uses a consensus method that combines PoA and Raft, a fork is less likely to occur than other blockchain platforms adopting a PoW method. However, a fork can happen, and in this case, we select the longest chain. Even if a particular node generates a fork as a result of a misbehavior, the network will function normally if the majority behaves properly.
In terms of non-fork protocols related to block production, a Metadium blockchain can generate fork under the agreement of network participants. When a specific issue that might need a fork arises, participants can judge the importance of the issue and decide whether to hard fork or soft fork. These processes will be open to all and proceed in a transparent and rational manner. As with many platforms, including Ethereum, which has experienced the DAO situation, it is not easy for platforms to run perfectly from the beginning. The Metadium platform also has the potential for a fork.
How does Metadium handle governance?
Metadium handles governance through a system governance smart contract. The system smart contract will change the Metadium protocol flexibly reflecting the status of the participant nodes of the metadium network, and the behavior of Metadium consensus participating nodes, and the network participants. We know the importance of governance in a blockchain project, and we want to bring forth this governance in a very transparent and rational procedure. Metadium is continuing its research on governance and its status will be constantly updated.
Meta ID
What is Meta ID?
Meta ID is the address of the meta-identity contract autonomously created by each individual. It is an unchangeable unique value that can be used immediately after its creation. Users can use the service within and outside of the blockchain by using this Meta ID as their own ID. Meta ID contracts contain keys and meta print that users can use and information for verifying the authenticity of personal information. Only the users with registered keys can add, change, delete, and use information to prove their authenticity of their personal information. A claim is stored in the meta-identity contract, and information outside the blockchain can be verified through the claim. In a Meta ID, a claim can be created and registered by anyone including oneself, others, and specific organizations.
How can you protect from data leak and hacking attempts using Meta ID?
The Meta ID is a smart contract that exists on the blockchain. Personal information is not registered in this Meta ID; only the authentication information about the personal information is registered. All of the personal information is encrypted and stored in the terminal device of the individual and is not revealed outside without user’s permission. Therefore, data leaks and hacking attempts are not appropriate terms.
The Meta ID can be used with the user’s private key. Besides the Meta ID, the entire blockchain scene, including Bitcoin, experiences the problem of the private key getting hacked and leaked. Metadium is fully aware of the importance of this key, and we have the ability to restore the Meta IDs and transfer their assets when users lose or have their private key stolen. In addition, through the various certified patents we hold, the team is developing a secure creation and storage of private keys at the highest level of security.
How do you guarantee the total control over the Meta ID?
The Meta ID is a smart contract, which is distributed transparently over the blockchain. Users can control the Meta ID with their private key, and the entire process is carried out on the blockchain. Unless the user grants permission to others, no one can ever control the user’s own Meta ID.
Authenticated personal information in the Meta ID is encrypted and stored in the most inaccessible and secure location within the device. This makes it impossible for information leakage. Thus, the individual who owns the device will have absolute control and authority over the personal information. Even when the device gets lost, the Meta ID is not changed and it can be restored in various ways.
How can you optimally manage, use & protect user’s personal identity on blockchain?
Metadium is doing a lot of research to find an optimal method. For operations that are expected to generate high traffic, such as the sign in, we are considering methods such as plasma and plasma cache. We are also considering a variety of sidechain structures.
The basic design and implementation direction of the Metadium blockchain is that it does not put any of the Personal Identity Information on a blockchain. On the blockchain, only exposable data will be handled, such as the authentication status (attestation) or certain values that confirm the authenticity of the information transmitted under the individual’s authorization.
In the aspect of the use of Meta ID service, Metadium helps to relieve the burden of secure key management for users with Meta ID application and SDK. The app provides a solution that enables the end users to easily and securely store their key and identity information, and provides a method of interlocking for the disposal, restoration and usability of the key through the smart contract.
