Decentralized password manager is the first step in building decentralized digital identity
Digital identity = Decentralized password manager + Sybil attack protection
We are developing an identity proof system Upala. Its purpose is to distinguish people from bots and clones (people with multiple IDs). One person — one ID. It is a huge goal. To get there we started a series of posts, showing our thinking process. We will then transform the posts into whitepaper.
A simpler version of Upala digital identity
I tried to imagine a simpler version of Upala. I thought it could only provide some sort of blockchain-native CAPTCHA or provide human uniqueness in some other way, requiring very little of efforts from a user. No deposit, no complicated procedures, no user data stored, uniqueness index is comparatively easily gained. Those who lose their account simply create another one or recovers.
Sounds obscure, but the point is that I tried to redefine the goal of research and lower it. Which is one of invention process techniques, described by Genrich Altshuller in his books.
The adoption concerns however made me quickly abandon the idea. Why should anyone bother to participate in another version of captcha? There is still something to do, but not much of a new value. And why should services participate? The easier it is to recover or to create another account for a user the less trust there is from services. I refused the idea. However I stumbled upon some interesting thoughts…
Considering adoption gap it probably makes more sense to deliver something which is harder to build but easier to adopt. Something more complicated but which brings more benefits.
It made me think again of an alternative to state ID. The one which is trusted enough to take a loan, cast an important vote or order an airplane ticket.
What it takes to build a decentralized identity system
There are Uport, sovrinID and other great projects, but most of them rather provide a storing solution for existing credentials rather than issue a fully decentralized one. Often Sybil attack protection is based on state issued ids. The most decentralized systems are BrightID and Idena.
David Birch noted in his talk that the problem of digital identity is the problem of account recovery. He believes there is no sane way to solve the problem without forcing users to store their private keys in a bank. Which kinda defeats an idea of building a decentralized identity system.
Let’s not be so pessimist.
This is a much tougher challenge, but there is a lot more value. It is definitely worth trying to unlock it. It not only helps to overcome adoption gap by providing more value. It can create value so to say in portions and help to start building user base even before digital identity.
Digital identity = recovery mechanism + Sybil attack protection.
We can build it in parts
Looking at the formula above I realized that there are two completely independent systems in the right part of the equation.
Let’s drop the Sybil attack protection part from it. Then we are left with just a Recovery mechanism.
If we have a recovery mechanism we can provide an authentication tool for users. And if we can build a decentralized authentication tool, we can build a decentralized password manager and even a crypto wallet. Which is a holy grail of blockchain adoption! I’m getting too excited as usual. Let us be satisfied with just a password manger for now.
Recovery mechanism = Decentralized password manager
A free opensource decentralized password manager, 100% trusted, 100% available — sounds great. It would be even better than centralized solutions in terms of security. Due to decentralization there will be no mass database hacks. With a product like that I believe it is quite simple to get a fair user base.
The problem may become a solution. Everything we will need then is “just” to add a Sybil attack protection. We are solving account recovery problem and adoption at the same time.
Building a decentralized password manager
Without a central server and banks we have to rely on friends and biometry. Biometry seems to be prone to hacking. I believe we can do without biometry, but we cannot do without friends (You see, blockchain is like real life, you can loose your face, but if there are friends to support you, you are fine). Our social connections are as unique as our biometry. In my opinion in a set up like this we will have to share our responsibility of keeping an account with our trusted ones. Here are some facts that make me hopeful, that it is possible.
Social responsibility works. Not quite direct comparison, but social responsibility works fine in microfinance.
Facebook is already doing it. Facebook can recover your account with 3 friends out 5 confirming it is you. A working example from a centralized world.
ZeroPass is building a decentralized solution. ZeroPass is building a decentralized password manager.
Gnosis Safe is building a Etehreum-based solution. Gnosis Safe in my current unserstanding they provide a framework to build a decentralized account recovery mechanism.
Challenges
Keeping aside the fact, that we will have to invent a decentralized password manager first…If we are about to use biometry or friends we’d have to remember that we are exposing our users to unfamiliar attacks. Instead of database hacks and stolen passwords we’d then have to deal with dolls, makeups and masks when someone tries to trick biomentry. And even worse — bribery and blackmail when someone tries to pass through our friends and notaries.
We are moving threat from hackers to performers (ransoms and social hacking). Responsibility from coders to users and to those who teaches them security.
Conclusion
There is no identity system without authentication and recovery. But there is an authentication and recovery without identity system.
- It is simpler to build an alternative to state ID than an alternative to CAPTCHA.
- Digital identity = Decentralized password manager + Sybil attack protection.
- It makes sense to start with a Decentralized password manager as an independent project, build user base and attach Sybil attack protection afterwards. Helps to jump over the adoption gap.
Clap and support
Please donate: Ethereum, Bitcoin, Zcash, PayPal. Or buy advertisement space (help Upala and charity). Join us/Subscribe Twitter, Telegram channel, Telegram chat, GitHub, Reddit, Medium
