“Identity on the blockchain” — chapter 3
One of the hardest, open problems of modern society is how to evolve the concept of personal identity from the current national government sanctioned model to a digital-first, borderless and trustless one.
Attempts to establish a digital personal identity protocol without relying on external trusted authorities have been already made in the past, the most important and long-lasting being the Open Pretty Good Privacy standard (OpenPGP). Unfortunately, a difficult user experience has limited the success of the project.
In recent times, there has been a renewed interest in the identity problem, both online and offline. On one side, there has been a higher concern for the privacy of communications due to extensive governmental surveillance programs and by the rise of social networks. On the other side, the ongoing migration crisis has brought challenges for both humanitarian and security agencies trying to identify migrants where previous data is either lacking or it cannot be trusted.
Many new initiatives and projects are trying to tackle the problem and one of the conclusions they have agreed on is the necessity of separating claims regarding personal informations from identity.
Claims such as date of birth, place of residence, place of work are all piece of information backed by a trusted actor: the hospital; the billing company; the employer. E.g a passport is a governmental-backed claim regarding a number of personal information. The identity can then be a personally-owned key pair where those claims are attributed.
The eID project
The eID project leverages the Estonian e-Residency — a Public Key Infrastructure (PKI) program started by the Estonian Government that enables anyone, regardless of one’s nationality or residence, to get a smart card, called Digi-ID, containing digital certificates attesting the cardholder’s personal information.
The approach followed by the eID project is compatible with the abovementioned recent developments in self-sovereign identity research. It is in fact a claim, made by a national government, that the asymmetric, cryptographic key pair residing on the smart card is controlled by the person matching the card’s associated information.
For those who follow Oraclize since the beginning what written until here won’t sound new. Our team firstly proposed the project one year ago — since then it won multiple awards, including a grant from the Wanxiang Blockchain Labs to continue the development. We are releasing today a complete, fully working product.
The eID project leverages the eResidency smart-cards, a system of smart contracts and the Oraclize infrastructure to enable:
- the linking of any Ethereum addresses to the person’s serial number, which is tied to the personal information;
- the controlling of transfers from a smart contract-based Wallet, which can receive and send Ether or any ERC-20 based tokens, between other cardholders or Ethereum addresses, with nothing else than their digital identity card.
The eID project also fits right in place with Oraclize’s core philosophy of bringing data to smart contracts without being a trusted party. The data here is incorporated of the signatures and the public key certificate, which are sent to the smart contract for verification. Specifically, the elements to be checked are the RSA signature, the Digi-ID’s certificate and the revocation list (including all revoked Digi-IDs due to theft or lost of the card).
Initially, the smart contract system was supposed to verify the RSA signatures natively during smart contract execution. Given the postponing of the protocol upgrade (Ethereum’s Metropolis) enabling this feature, the current iteration of the project delegates the verification of RSA signatures to an off-chain secure environment via Oraclize’s computation datasource. We plan to leverage RSA verification on-chain, once the appropriate EIPs are passed and implemented.
The smart contract system implemented is composed of a number of modular parts working in unison, with the goal of providing a future-proof and extensible system.
So to recap, the very features provided by such architecture are:
- funds (both Ethers and any ERC-20 token) are controlled by a given digital identity card
- anybody can send funds to a third party, given its identity, without knowing his Ethereum address: he might even not have one yet (anybody said “helicopter money”?)
- a given Ethereum address can be provably-linked to a real identity (“proof of identity”) and such information can be leveraged by any other smart contract in the network when a real identity might be required
- if/when the card is lost: the old card certificate can be instantly revoked, securing the funds linked to that now-compromised card
- if/when the card is lost: a new one will be issued by the government and the funds will still be available for the user
What we release today is a fully working version of the above:
- ewallet website: to use your estonian eresidency card to control ETH/tokens. Note that the eid drivers and an ethereum node running on the Ethereum Kovan Testnet has to be installed.
- proof-of-identity website: to provably-link your estonian id card to an Ethereum address
For those interested in the technical details, we have prepared a detailed report of the work we have been doing on this project during the last few months. The source code (with the Solidity smart contract, the tests and the website) is also available on the dedicated github respository!
While it has already been tested by different users while being built, we are now looking for feedback from the wider community before proceeding with our future plans which are all about improving the UX and making the general usability easier.
We believe that this project can massively benefit the community. While in its current form it does not provide privacy (and for sure, other solutions are more appropriate when looking for cold storage options), we feel like its potential to lower the entry barrier can provide an effective mechanism to control your everyday funds: we look at this like a digital alternative to your physical wallet.
The community feedback is what matters most, so please try it out: as usual, any idea/critics/bug report is very welcome!
Note: The company has now rebranded into Provable.