Distributed Ledger Tech for Public Good — Part 1

Awesome artwork, thanks to Joel Tai! :)

For the uninitiated, blockchain is a type of distributed ledger technology (DLT). Apart from the widely known Bitcoin and Ethereum, there are many other flavors of DLT with different attributes and value propositions. For noob, this and this might be helpful. :)

Over the past four months, our team has worked on two DLT PoCs with Institutes of Higher Learning and Intellectual Property Office of Singapore (IPOS). We tried out different types of DLTs and evaluated their capabilities in areas of performance, security, scalability, flexibility, ease of use and etc…

In this post, I will touch on the use case for educational credential, using public DLT.

OpenCerts on Public DLT

To digitize educational credential, we built on the good work of Open Badges and Blockcerts, and developed a solution on public DLT. The objective is to create digital educational transcripts and certificates that are based on open-standards, are tamper-proof and can be used across borders.

DLT is best suited for low-trust environment or one with no central authority. In the high-trust educational environment we have in Singapore, it might not make much sense to use DLT to attest local certificates. Unless, it’s for cross-border.

Using proprietary technology or platforms will greatly discourage adoption by overseas institutions, which is why our solution is based on open-standards, is open source, uses a public permissionless DLT and runs smart contracts. No prize for guessing Ethereum here. 😉

Our system has two workflows:

1. Issue/revoke certificate
2. Verify certificate

Issue/Revoke Certificate via Certificate Store Admin

Educational institutions will use our certification store admin to issue and revoke certificates.

Certificate store admin is the website for all educational institutions to issue and revoke certificates. Some videos on how this works:

1. For 1st timers, deploy a new store to store certificates.

2. Use our CLI tool to batch your certificates and issue into your store in a single transaction. Regardless one certificate or 10,000 certificates, it will take about the same amount of time to transact. 😉

3. Revoke certificates with smart contract, from our certificate store admin.

View and Verify Certificates

Employers will use our certificate viewer to verify certificates

Certificate viewer is the website for employers or 3rd party to verify the authenticity of certificates. This is where we can

1. Verify if the owner of the certificate is who he claims to be
2. Check if the certificate had been tampered with
3. Make sure the educational institution is legit — not degree mill :)
4. Check the certificate against revocation list

In comparison with other approaches

1) A self-help credential verification website per educational institution using traditional database

• The cost of setting up self-help portal might not make economic sense for small institutions, especially private training institutions.
• OpenCerts provides a certificate store admin for all institutions to use. This means zero infrastructure cost.

2) A centralized self-help credential verification website across all educational institutions using a traditional database

• Given the sheer number of private training institutions, this approach will take humongous amount of time, cost and effort to align priorities, coordinate all parties and integrate systems to store certificate centrally, establish system/data ownership and apportion the cost of ownership, as compared to a decentralized approach using DLT.
• Consider the risk of putting all the eggs in a single basket and the high infrastructure cost to secure and fortify it with high-availability. With OpenCerts, institutions only need to pay for gas — transaction cost. High-availability is free, out of the box! 😀
• Using OpenCerts, only the hash is stored on the chain and educational certificate resides with the student. No confidential data is stored centrally — nothing to hack!
• Since there’s no need to build data exchange pipes across disparate systems to store data centrally, OpenCerts is at least a hundred times more cost-effective and easier to onboard than a centralized system!

3) Traditional digital signature with CA

• This works pretty well, until institutions need to revoke the recipient’s certificate due to plagiarism or wrongly printed name.
• Using traditional digital signature, once you sign and distribute the document, you can’t retract it. This limitation is inherent because you can’t distribute the CRL worldwide. Depending on your use case, this design can be a feature or a limitation. Here’s more info.
• In contrast, OpenCerts provides a certificate store admin for institutions to to revoke certificate. It uses smart contract as the CRL.

4) Other DLT implementations

• We intentionally avoided private blockchain to avoid this seemingly unsolvable problem. Public blockchain is chosen to engender a balance of power across participating nodes. This creates higher trust and hopefully, greater participation. :)
• Low-throughput and high-cost are common issues with other DLT implementations. The original method of issuing certificate will take approximately 4 seconds to 2 minutes to publish a certificate onto Ethereum. Using OpenCerts, institutions can issue arbitrarily large number of certificates in one transaction. Saving both time and money by factors of thousands.
• Other implementations tend to publish the entire certificate on the blockchain. With OpenCerts, student is able to prove the existence of her/his certificate without disclosing any information on the blockchain — more privacy.
• We are the first in this space to implement selective privacy filter with OpenCerts. This feature allows institutions to issue one digital certificate instead of issuing a certificate, a result slip (or transcript), a testimonial, etc… because privacy filter allows individuals to have fine controls of how much data they will like to disclose.

What’s more?

Now that OpenCerts is deployed at a national level for educational sector in Singapore, we are looking for partners who are interested to use and help us grow the adoption of OpenCerts — additional info here — in Singapore and beyond! 😊

To support adoption by private sector and overseas institutions, we have decentralized the identity resolution and renderer engine, and here’s how it works! 😊

Look forward to more collaboration with citizens and businesses, and spread the ❤️ forward! 🌈 😀

Part 2: Our adventure with IPOS on copyright registry

PS: We are looking for solid software engineers who are passionate about tech and want to help us build awesome digital services for Singapore! Drop me an email at steven_koh@tech.gov.sg (ゝ‿ ・)

Cheers! 🍻

For those with the patience to read this far. 😉