Of the many use cases touted for blockchain technology, digital identity is perhaps one of the most intriguing. Data held on a blockchain is permanent, tamper-proof, and transparent – all properties that lend themselves well to upgrading traditional databases of identity, such as those held by passport or motor licensing authorities.
However, the real potential lies in several other features of blockchain. Digital signatures allow us to choose how their digital identity is shared, and zero-knowledge proofs can offer the ability to verify identity without the user having to provide visibility of the identity itself. But decentralization is perhaps the most potent concept underpinning blockchain-based digital identities. Understanding why this is so important involves looking back at the evolution of online IDs and just how much control we’ve ceded to only a small handful of companies.
The Erosion of Privacy
In the earliest days of the internet, when it was purely a communication tool and nothing else, the need to identify other parties was fairly limited. The Domain Name System (DNS) system was developed to meet the requirement that existed. The Internet Corporation of Assigned Names and Numbers (ICANN), an independent US entity, administers DNS records to this day.
Alongside the internet, the field of cryptography developed increasingly sophisticated means of securing data and communications online. However, encryption by itself doesn’t provide a means of establishing trust – someone has to know that a particular person or entity is behind the encryption to trust that it’s secure. Therefore, public key infrastructure systems are managed by trusted third parties, or certificate authorities, who issue public keys matched to a user. Each time we log onto a site with the “HTTPS” prefix, we’re trusting in the website owner’s identity, as certified by a certificate authority.
Then came the era of social networking and the rise of the tech giants. These days, we can log in to many different sites and services using just our Facebook or Google credentials, and those sites trust who we are based on that alone. While it’s undeniably more convenient than having dozens or hundreds of individual usernames and passwords, we’ve effectively outsourced the management of our digital identities to a small handful of tech firms.
Bitcoin – A New Model for Privacy
The cypherpunk movement gained traction as a result of a growing sense of horror at this scenario unfolding. Writing in “A Cypherpunk’s Manifesto,” Eric Hughes called for anonymous transaction systems that allow individuals to reveal their identity only when they choose. This was back in 1993 when Mark Zuckerberg was only nine years old.
In 2008, Satoshi Nakamoto invented Bitcoin as a peer-to-peer version of electronic cash. There’s no way of knowing whether or not Satoshi foresaw the potential future applications of his invention, but he alluded to privacy in the Bitcoin white paper, outlining how public keys, and thus identities, could be kept anonymous.
Now, thanks to Satoshi’s efforts, we look set to be entering a new era of digital identity. One challenge with blockchain adoption to date is that while individuals can transact with anonymity freely between themselves, businesses have to be more cautious due to regulatory and compliance requirements. Starting from 2021, it will become possible for organizations and individuals to interact via a blockchain platform called Concordium, which balances privacy and identity.
A Built-In Identity Layer
Concordium is a Swiss-based blockchain project aimed at overcoming the regulatory challenges faced by enterprises wanting to benefit from the security and decentralization of public blockchain architecture. As part of its technology stack, Concordium operates an identity layer that’s connected to the real world via off-chain identity providers.
When a user wants to open an account, they have to get verified by the identity provider first. The provider creates an on-chain object that serves as a zero-knowledge proof that the user has passed the identity check. They can then transact with privacy using whichever application their identity would permit them to use. The identity provider can’t associate their account with their identity.
So let’s imagine the user is a customer of a lending application run by an accredited financial institution on Concordium. They would undergo a standard KYC check with the identity provider, who checks their passport and proof of residence.
Because they also want to take out a loan, they also share their credit history. They can then use the application to apply for the credit. The identity object uploaded by the provider verifies to the lending institution that the user is a good candidate for a loan but without disclosing any of their documentation or details.
However, further down the line, the user defaults repeatedly on their loan repayments. The lender decides to take legal action to enforce the loan agreement. In this case, Concordium has a process for allowing the relevant authorities to identify the individual so that they can be legally compelled to repay the loan according to the contract.
The Concordium Foundation appoints trusted third parties known as anonymity revokers. The anonymity revoker can decrypt the user’s unique identifier. This authorizes the identity provider to hand over the identifying documents to the authorities so the lender can recover the loan under the agreement’s legal terms. It’s important to note that neither the identity provider nor the anonymity revoker can act independently.
One Platform, Multiple Use Cases and Accounts
Users can also create more than one Concordium account, with no requirement that multiple accounts are linked. So the user above could also have created a second account, say, based on their driver’s license and vehicle registration identity documents. They can use this account to participate in a car-sharing app. It’s not linked to their other account used with the lending app.
So far, these are hypothetical examples. However, they illustrate just a few use cases for a decentralized self-sovereign blockchain-based digital identity.
It’s a far cry from the current status quo. However, the point at which we wrest back control of our online identities from centralized entities and private companies is nearer than it may seem.