The Basics of Decentralized Identity

How Blockchain Technology & Cryptographic Primitives Embolden the Future of Digital Identity

Kames
uPort
8 min readJun 27, 2018

--

Let’s talk about decentralized identity. What is it. How is it possible.
And perhaps most important — Why you should even care?

I’m going to assume you’ve heard about this “blockchain” and “cryptocurrency” thing. You may or not be a developer. Chances are you simply want to understand what this hype about. And your interest has been peaked.

Below is an overview of the high-level, albeit technical components of decentralized identity. Hopefully by the end of this article you’ll have a better understanding of both the how and why of decentralized identity.

As with all blockchain technologies, uPort’s decentralized identity platform is built atop public/private key-pair ceremonies. We take a simple concept of privately signing information using cryptographic primitives and have built a relatively mature data sharing protocol, that reaches across the entire technology stack: browser, smartphone, server and blockchain.

a borderless identity system — viva la codelucion!

Common Industry Definitions

Before we start with decentralized identity let’s start with common language used in the decentralized/identity ecosystems.

Decentralized Identities(DIDs): DIDs are fully under the control of the DID subject, independent from any centralized registry, identity provider, or certificate authority.

Self-Sovereign Identity: Self-sovereign identity is the concept that people and businesses can store their own identity data on their own devices, and provide it efficiently to those who need to validate it, without relying on a central repository of identity data.

Source: A gentle introduction to self-sovereign identity

Blockchain: A digital ledger in which transactions made in ether or another cryptocurrency are recorded chronologically and publicly.

Web of Trust: In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner.

Source: Web of Trust | Wikipedia

KYC/AML: Know your customer (KYC) refers to due diligence activities that financial institutions and other regulated companies must perform to ascertain relevant information from their clients for the purpose of doing business with them.

Source: Bitcoin Forum

A Precursor on What Makes Blockchains Valuable

Blockchains offer the ability to create unique (sometimes scarce) digital assets. The first instance of blockchains disrupting an existing vertical is currency. Currency is valuable for a number of reasons, and one core reason is scarcity. When you have an finite amount of something, it can be of value.

Blockchain can do more then just cryptocurrency though.

Blockchains are novel, because they introduce digital scarcity as a feature of the Internet. Before the advent of blockchain technology, digital scarcity simply was not possible. Let’s imagine we copy a MP3 file. Both the original and copy retain the same amount of value — in fact technically you can’t even distinguish the two.

Blockchains introduce novelty and uniqueness in the digital world by removing this “copy/paste” functionality in certain digital environments.

It’s not possible, for someone to just “copy/paste” a cryptocurrency into existence on a public ledger. Both not technically possible (consensus algorithms), and even if it was, everyone could just be like “Yeah… that person is lying about their balance” and therefore it’s also not socially possible.

I mention all this, because to create digital scarcity, first requires building a decentralized, censorship resistant, distributed ledger to track global transactions. As I stated before, a redeeming feature of the Ethereum blockchain (Universal State Management System) isn’t just cryptocurrency, but in fact a whole range of novel digital constructs.

Decentralized identity is the next (r)evolutionarily digital construct.

What Makes Decentralized Identity Possible? Cryptography.

Before starting to talk directly about decentralized identity, let’s quickly review one more key element of blockchain technology. Cryptography.

Another interesting characteristic of blockchains is they are fundamentally powered by a collection of cryptographic primitives. Literally everything in a blockchain utilizes cryptography. Ok… not everything. But a lot! Like almost everything.

A public/private key-pair is the first building block. For everyone. Anyone can easily generate a key-pair. In fact, that’s the featire that makes it
self-sovereign — no third-party is required.

Public-key cryptography, or asymmetric cryptography, is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. This accomplishes two functions: authentication, where the public key verifies that a holder of the paired private key sent the message, and encryption, where only the paired private key holder can decrypt the message encrypted with the public key.

This simple authentication and encryption tool 🔐 unlocks the blockchain.

For example you manage both a Wallet in MetaMask and Identity in uPort using a public/private key-pair setup. Cryptographic keys are everywhere.

Decentralized Wallet — MetaMask

Decentralized Identity — uPort

Saving the private key is essential. You can’t lose it.
All access and control will be relinquished.
Don’t lose a private key.
Please.

How Decentralized Identity Works.

Now that we’ve covered some of the basics. A few definitions. The critical aspect of public blockchains, like digital scarcity and cryptographic primitives. Let’s start to unravel the different components of decentralized identity.

The Ethereum blockchain is a global, decentralized immutable database. Anyone can store data and information on the blockchain. No person, business, organization, government or entity can censor a fully decentralized blockchain. Besides shutting the Internet down there is little anyone can do to disable a properly constructed 🏗 distributed ⛓blockchain.

Why do I mention that?

Because, what that means, is You, a self-sovereign individual, can create a ID on this blockchain. As a unique Human being you can issue yourself a self-sovereign identity. That’s powerful. When applied in the right context.

Decentralized Identity

Decentralized identity is a lot of things to a lot of people. For some it’s simply a technical challenge. Others it’s a chance for innovation. And for the bold it’s an opportunity for a social (r)evolution.

With a decentralized platform for democracy we can do more than revolutionize the voting process: We can create an archival, expressive, and deliberative space for inter-subjectively articulating philosophy and belief in which to develop open-source legislation grounded in that collective expression of truth. People lack this common arena in which to voice their speech and more importantly of making it coherent and resonant by context and law lacks this groundedness in actual democratic process and in philosophy.

What The Decentralized Identity Foundation Has To Say

The Decentralized Identity Foundation defines DIDs as “Decentralized identities are anchored by blockchain IDs linked to zero-trust datastores that are universally discoverable” but that’s just the beginning.

Concise. Deliberate. Expandable.

  • Blockchain IDs
  • Zero-Trust Datastores
  • Universally Discoverable

As always if you have any questions about the mechanics of decentralized identity, please join the uPort Community Channel and the uPort will be happy to answer any questions.

Blockchain IDs

A blockchain identity (ID) is a global identity that crosses all borders.
Traversing the globe’s fiber optic networks. Unstoppable. Gaining trust not from central authorities, but rather from inter-connected, yet fully decentralized networks of people, all choosing to participate in a Web of Trust.

What make’s blockchain unique, relative to other systems, like public key infrastructure, is the ability to be uncensored or controlled by a central authority and also data interoperability across potentially 1,000’s of distributed applications.

Identification is a big part of today’s globalized world.

Blockchain IDs are novel because they are borderless.

Zero-trust Datastores

A zero-trust datastore encompasses the ability to store private information locally, while maintaining trust and authenticity globally.

Using decentralized constructs, like an Ethereum Claims Registries, alongside the uPort SimpleSigner libraries, it’s possible to store encrypted data on a smartphone and pass that information back to servers and applications without losing trust in its authenticity.

Save information locally. Share data globally.
No middleman required.

Ethereum Claims Registry — Public Keys

The uPort team (Pelle Braendgaard and Joel Torstensson) recently published (in the last year) both the ERC780 EIP and ERC1056 EIP. The suggested Ethereum Improvement Proposals outline the required functionality for establishing a globally accessible claims registry protocol(s).

Establishing the first layer in Ethereum’s Web of Trust.

The Ethereum Claims Registry serve as the public registry for trust anchors. Allowing distributed applications to publicly save/register a public key.

Why is a public claims registry important?

Because distributed applications use the complimentary private signing key to generate attestations. When another application requests the privately signed information, from a private environment (smartphone/userspace) they need authenticate the information.

To verify the source of the signed information, it’s essential anyone can lookup the corresponding public key i.e. via the Ethereum Claims Registry using a decentralized identity resolver.

The Ethereum Claims Registry is the yin in the the Yin/Yang of the public/private key-pair cryptographic ceremony.

SimpleSigner — Private Keys

The uPort SimpleSigner allows trust anchors to privately sign attestations using the JSON Web Token (JWT) specification. By using JWTs, instead of saving information on a public blockchain (ERC725) user’s private information can be kept confidential… and private.

import { SimpleSigner } from 'uport-js'const appName = 'Demo Application'
const appSettings = {
clientId: '2oo7fQjxR44MnKa8n4XKDZBBa2Buty4qrug',
network: 'rinkeby',
signer: SimpleSigner('d12d8a...')
}
export default {
appName,
appSettings
}

The SimpleSigner is the yang in the the Yin/Yang of the public/private
key-pair cryptographic ceremony.

public/private keypair = digital yin/yang

Universally Discoverable

An intrinsic feature of the Ethereum blockchain is the ability to act as a globally accessible public ledger, without a centralized service. As defined in the Decentralized Identity specification, the identities must be discoverable using traditional systems protocol specifications like URL or URI.

DID architecture should make it possible for entities to discover DIDs for other entities to learn more about or interact with those entities.

A Quick Example

uPort’s Mobile Application doesn’t provide this universal discoverability, but our recently launched userspace (beta) repo will align more closely with the specification’s long-term universal discoverability.

const UserSpace = require('userspace')UserSpace.open(web3.eth.accounts[0]).then(userspace => {
userspace.get('username').then(name => {
console.log(name)
})
})

This is a library which allows you to set, get, and remove private data associated with an ethereum account. It can be used to store identity data, user settings, etc. by dapps that use a web3 enabled browser. The data will be retrievable as long as the user has access to the private key for the used ethereum account.

Joel Torstensson | uPort Decentralization Engineer

The userspace library can communicate with uPort caleuche (event hub) to provide encrypted user data storage spaces. These userspaces can be accessed directly from different distributed applications with the correct user permissions.

Conclusion

uPort is closely aligning itself with the Decentralized Identity specification.

In addition to closely following specifications, our team is highly motivated to stay interoperable and in constant communication with other decentralized identity providers. Now is the time for collaboration, communication and coordination across the entire ecosystem.

As I mentioned before, identity is a lot of things to a lot of people.

It’s important we do this right.

Join the uPort Community to help shape the future of decentralized identity.

--

--