The Next Evolution in Blockchain: Decentralized Identity

You are in a house with transparent glass walls. Privacy would be if those walls were darkened so that no one could see what you do inside, even though everyone knows you live there. Anonymity would be that those glass walls would still be transparent but your face would be covered, so that everyone could see what you are doing but would not know your identity and would not know who owns the house.

Anonymity is the opposite of identification. Identity is directly related to privacy. 

Anonymity and privacy are often confused, equating total privacy as anonymity, but the definition is the key to understanding the difference. While they may appear to be similar, they are different in concept and application.

Anonymity is the absence of identification, privacy is the safeguarding of data over an identification. Whoever remains anonymous has data, but it is not possible to identify them or relate them to him.

In general, anonymity tends to be associated with crime, hacking, money laundering, or terrorism, but although criminals use it, not all those who remain anonymous on the networks are criminals.

Privacy is managed by selectively revealing individual information, i.e., by voluntarily disclosing only the information necessary for a given operation or procedure.

Privacy is also often confused with security, with the assumption that without privacy there is no security. Privacy may be part of security, but it is not the only component, in fact there can be security without privacy, in some cases. There can also be privacy, but without security.

An analogy can clarify the idea: security is given by a box with thick walls that protect its contents, but made of transparent glass, you can see it, but you cannot touch it.

What is Digital Identity?

Identity is the set of unique qualities and characteristics that individualize. Thus, digital identity is a technological tool for individualization. Digital data in general, or a photo, biometric data, such as a fingerprint or the reading of the iris of an eye, are technological resources that are used to identify a human person.

Proof of existence of a computing device in a network, or a node in a blockchain, also happens to be digital identity, but not of a human being. The digital identity of a device can be related to its owner, for example through the IP address.

Although several identities can be created in social networks, this does not mean that there are several IDs, but that they all refer to the same user using different individualization data. For example, my LiberLion user, which of course is not my real name, identifies me in several social networks, but another user that I have created and use in the same networks, does not identify another person, but myself with another digital profile.

This informality of digital identity is not desirable, since personal identity is unique and unrepeatable.  Digital identity is not scarce, but it is unique with respect to its creator and user, because even if there is more than one digital identity for a person, it does not mean that there are more people on the planet.

Our digital activity is as significant as our activity in the physical world, moreover, the relationship between the two becomes blurred, and they blend together. The danger is directly related to the level of visibility our data has, and who has access to it. If someone steals our identity information to take out a loan, we will have trouble proving the fraud. Today, the level of security on the privacy of personal information is very questionable, so much so that there is a trade of personal data, to be used in big data, in market analysis and for political purposes.

That is why it is necessary that digital identity is decentralized, that it is not managed by a central entity, because in the end it is our data, it is our property information. Therefore, any system that records sovereign digital identity must keep personal information decentralized and with a high level of encryption.

Decentralized Identifiers (DIDs)

As I explained, digital identity is a computer tool that individualizes, and to be decentralized it must run on a blockchain validated by independent nodes from an open source protocol. Thus, the decentralized identifier (DID), is stored cryptographically, securely, and remains immutable thanks to its distributed ledger technology (DLT) backing, allowing the holder to be identified.

The first type of digital identifier in blockchain, the primitive one, is the one used for cryptocurrencies, which has a pair of asymmetric encryption keys, identifying the holder of the funds to dispose of those holdings, with the public key visible to all, and the private key, reserved for its holder.

Coin transactions on some blockchains are traceable, i.e. the funds can be traced in the ledger register. 

For other networks, however, it is impossible, or at least difficult, to follow the sequence of the funds traded. These blockchains are referred to as privacy blockchains.

Unlike Monero and Zcash, the most well-known privacy currencies that opted for the absence of traceability, Cardano maintains transparency and traceability over block records, as do many others, such as Bitcoin.

Applications exist to prevent traceability on traceable blockchains. First proposed in 2013 by Greg Maxwell, CoinJoin is a method that combines multiple single-input single-output transactions into a single multiple-input multiple-output transaction. After 8 to 10 integrations tracking becomes impossible, though not for the transaction amount.

In Mimble-Wimble, another privacy protocol, there is no address for each transaction, and the transaction amount is also hidden. At the same time, transactions in the intermediate state can be merged, so the information available for tracking is very small. This not only reduces the storage capacity that must be consumed to process transactions, but also improves the transaction privacy coefficient. While providing high privacy, it also improves scalability.

Zcash is the first widespread application of zk-SNARKs, a novel form of zero-knowledge cryptography. The strong privacy guarantee of Zcash, stems from the fact that Zcash shielded transactions can be fully encrypted on the blockchain, and still be verified as valid under network consensus rules, through the use of zk-SNARK proofs. 

Privacy coins are more prone to illegal use, which doesn’t mean they were designed for that, but governments frown upon their development and growth in the crypto ecosystem anyway.

The idea that the Cardano network maintains transparency over its blockchain operations is no coincidence, as the mission of this blockchain is to provide global usability over decentralized finance, governance, and digital identity.

Technically speaking, Cardano is a pseudo-anonymous blockchain, meaning that only the transaction amount, date, time and public key are visible, but not the identity of the sender and receiver of the transaction. All historical records linked to a public key can be verified, as the transactions are immutable over time.

This is why I advise against disclosing public addresses, to avoid linking funds to the identity of the person. Obviously, it would be a tremendous mistake to disclose the private key.

The second application case for DIDs is the identification of individuals. Cardano has its flagship application, ATALA Prism.

DIDs for People: ATALA Prism

Microsoft is dabbling in Decentralized Identity development. It has invested in incubating a set of ideas for using blockchain and other technologies to create new types of digital identities. Microsoft, is working on implementations of DIDs to manage identifiers and metadata, which enable user routing and authentication, that reside encrypted “off-chain”, under the exclusive control of the user.

Does this identity model sound familiar? It does to me. It is similar to the one used by Atala PRISM, developed by IOHK, for DIDs in Cardano.

Atala PRISM’s vision is to provide usability in the business area by enabling instant onboarding and authentication of customers with reusable KYC credentials that reduce costs and time, so they can access products and services.  For governments, with instant access to public and private sector services, with a single, universal digital identity, simplifying control by significantly reducing fraud levels, and simplifying the citizen experience. For individuals, as the sole owners of their digital identity and data, managed across all platforms, sending only the necessary data to those they choose. No more third parties snooping on private information without consent. It allows you to store all important credentials, such as identity, licenses or qualifications, in one secure and portable place, directly on your cell phone.

Its key components are: 

  • Mobile app: provides users with a customizable application to receive, store and share digital credentials.
  • Management console: easily issue or verify digital credentials with the decentralized, easy-to-use management platform.
  • Browser wallet: a web-based browser extension to manage DIDs, access the management console and authorize credential issuance.
  • SDKs and APIs: streamlines processes, integrating digital identity and credential issuance and verification functionality into your applications and workflow.
  • Enrollment tool: (coming soon) captures biometric data as part of the onboarding process via a lightweight mobile app.
  • Smart Card: (coming soon) extends the ecosystem using a low-cost smart card to store and share digital credentials.

Atala PRISM records a case study, an identity and credential verification pilot for the Republic of Georgia, with an agreement between the Ministry of Education and universities in the Republic of Georgia. Graduates need quick and easy access to their degrees when they enter the job market, and Atala PRISM allows students to receive, store and submit their achievements directly from their smartphones. Instant verification of credentials makes background checks unnecessary, saving universities and employers valuable time and resources.

The launch of Atala PRISM in Georgia, sets a new standard for digital identity and credential authentication. Businesses, governments and individuals can reap the benefits of this smart, decentralized solution.

Ethiopia: the biggest blockchain deal ever: in April this year, it was announced that IOHK will collaborate with the Ethiopian Ministry of Education, to create blockchain-based digital identity, for 5 million students and teachers, using Cardano with Atala PRISM, with the aim of verifying grades, monitoring school performance and boosting education nationwide.

DIDs for Objects: NFT

Physical objects are unique, just like people. While they can be repeated by manufacturing more of them with the same characteristics, they are still unique. That’s why it makes sense to assign a distinct serial number to each electronic item, or an IMEI to a cell phone, or a batch number to a food production.

A cryptocurrency is a fungible token, i.e. a quantity of tokens that share identical characteristics and represent a value divisible into smaller units, according to their monetary policy, and that can be easily exchanged with each other for the same value.

A non fungible token (NFT) may share identical characteristics with another token, but it is not divisible into smaller units, and may not have the same value as its peer, and if it does, it was not designed for easy exchange between them.

The need to identify every object in the physical world makes sense not only in the art world, where a work can be worth a lot of money, but also for mass consumer goods, for logistical, inventory control, and billing issues, among other matters.

This is where the NFT concept makes sense. An NFT is the digital representation of indivisible physical world assets, on a blockchain. It can be understood as tokenizing physical reality. Of course, the tokenized good does not disappear from reality to exist in a blockchain, but takes identity in it, it is a proof of existence.

With the advent of decentralized finance, NFTs become necessary for use in smart contracts, for example in the insurance of a vehicle, to identify the insured asset.

Final Words

Decentralized identity has two fundamental purposes, certifying individuality with certainty, and preserving the data privacy of individuals.

Identity is an international right enshrined since childhood, UNICEF, Convention on the Rights of the Child, and also data privacy, internationally declared as a right in Article 12 of the Universal Declaration of Human Rights of the United Nations.

DIDs makes it possible to identify people while respecting privacy, because it allows holders to show selective information, partial or total, to whomever they decide. If a person needs to identify him/herself to a police authority, it is not necessary to show his/her medical records.

Respect for privacy, which has to do with the limits to data protection, is essential, since any participant in society can violate the privacy of another, but this problem becomes especially important when dealing with entities more powerful than individuals, and that includes governments and companies. 

4 comments
Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts