Last weekend Team Blockwise in cooperation with Eugene Pavlenko took the third place at London Blockchain Hackathon, organized by Larson Digital and Future World Financial Holdings. We have decided to publish the award-winning white paper.
Any person’s identity data today is scattered across many different organisations and data silos. Regulators require businesses to perform extensive KYC checks thus complicating the life of people. Moreover, 39% of the world’s population doesn’t have a bank account because they can’t prove their identity.
Any person can be reliably identified by a combination of his unique characteristics (e.g. biometry) and unique knowledge (e.g. passwords).
The difficulty with the knowledge is that no one can be sure who else knows the same things.
Biometry based protection implies other disadvantages:
- Special equipment is necessary to collect the biometric images
- The biometric key cannot be replaced if compromised
- Most biometric keys are easily compromised (Hi-res photos, vendors’ access to touch-ID data, etc)
The Blockwise Global ID system is designed to address the following requirements:
- The person owns their identity (self-sovereign identity)
- The person is able to share any part of the data with any entity which requires the identity check in an easy and secured way (secured selective disclosure)
- The person can revoke the access to their data
- The person is guaranteed that no part of their identity, including biometric data, is used for any identification purposes without their consent
- The system can be used as a platform for storing and sharing any personal data, such as health records, educational records, credit scores, etc.
With all challenges of the biometric identification, biometry is the only way to reliably identify the person today. The biometric data cannot be stored in a blockchain smart contract because all the data in contracts is public. Encryption is not a solution either as the biometric data has to be decrypted before use, which means it can be compromised at the moment of decryption. Biometric data is fuzzy, the samples are always slightly different and therefore is it not possible to use traditional hash functions as the results will be dispersed and not comparable.
Blockwise proposed to use so-called Fuzzy Hash functions which, for similar arguments, produce hashes of the same degree of similarity in terms of Hamming weight.
We have designed the following solution for fingerprints hashing:
1) The fingerprint image is processed by NIST mindtct function (minutiae extraction)
2) The ssdeep or similar fuzzy hash function is applied to the result
3) The resulting hash is compared to the hash generated from the other sample
There are alternatives schemes available. Our research shows that the technology is mature enough to achieve reasonable accuracy.
Multi-factor Identity Check
We propose to create a ‘Hash Silo’ in the form of smart contract in Ethereum. This smart contract will store the hashes of the factual data (names, addresses, etc) and fuzzy hashes of the biometric data (photos, fingerprints, etc). As all the data is hashed we are able to maintain anonymity and prevent any possible data misuse as all the hashes, including fuzzy hashes are irreversible and therefore, it is not possible to recover the original data from the hashes. The hashes array is linked to the address of the smart contract containing the real ID data which is encrypted to ID owner’s public key (Global ID contract).
Every time someone wants to check the identity by using any data, including biometric, the Hash Silo contract will inform the ID owner’s contract. Before the identity check is confirmed to the requestor, Global ID contract will require the owner to digitally sign the consent.
The identity is therefore checked against the biometric data, the knowledge (password) and the ownership of the blockchain private key at the same time.
Governance is very important part of any globally distributed system. The blockchain is a perfect rule enforcement machine, but it has to be transparent who creates the rules to be enforced via blockchain.
Identity data normally cannot be changed by the owner, for example, to change the name the person has to apply to the relevant authority. Some of the data, such as address, must be confirmed by a reputable organisation, such as bank or utility provider. If the biometric data is collected, someone has to confirm that this particular biometric sample belongs to the particular person.
Personal data creation has to be regulated as well. For example, the health record can only be updated by the qualified healthcare provider. On the other hand, the person should have full ownership over their personal data, including the ability to change healthcare provider or share the health records with another one or with an insurance company.
Our Governance smart contract defines the list of the organisations which have the rights to create or change identity data. Every organisation is entitled to update only the data it creates throughout the life of a person. For example, DVLA can update the driving license data, while the City Hall can update the name or the date of birth, police can collect the fingerprints, etc. Any operation they perform is authorised through multi-factor identity check on the blockchain.
The organisations entitled to create or change the identity data form so-called ‘Governance Circle’.
Same principles work for the personal data. For example, health records can only be updated by a healthcare provider, educational records by an education provider etc.
There should be a Steering Committee which decides what organizations are to be added to the Governance Circle, define the types of organizations able to work with the personal data and certify that the particular entity belongs to the particular type.
Through the course of life, any person communicates with the organizations from the Governance Circle. Every time the interaction happens, the identity data is being added to the Global ID. For example, the name and date of birth can be added by the City Hall at birth, the photo can be updated by a passport issuing authority from time to time, the biometric data can be collected by the police, etc.
Every such operation has associated score recorded in the Governance smart contract. The total score of an ID is the sum of the scores of all the data collection operations performed.
The scoring provides a convenient mechanism for the enterprises accepting Global IDs. For example, a bank can set up a threshold of ID score, so that the IDs having lower score are not accepted while people having Global IDs of higher score can be served by the organization.
Another example: The Steering Committee may allow self-identification when the person adds the name and the selfie as their only identity data. Such a Global ID will have lower score which will not be enough for some institutions. However, this type of IDs can be accepted by a financial inclusion start-up, like Humaniq, which can limit the transaction volume.
Blockwise Global ID has several ways of secure sharing the identity and personal data and protecting the ownership of it.
Selective ID disclosure. Any part of the ID data can be sent over blockchain to any recipient via the message encrypted to the recipient public key. The recipient is able to confirm the correctness of the received data by running multi-factor identity check through the Hash Silo.
Know your Customer. Some organizations are required to have a copy of the identity data for the purposes of KYC compliance. For this purpose we suggest creating the copy of the Global ID smart contract where all the data is encrypted to the recipient public key. The data can be repossessed by deleting the copy.
Personal data disclosure. We use additional off-blockchain layer of symmetric cryptography to protect the personal data. Any part of the data can be encrypted with the key which is stored in the wallet on the client side. Whenever the owner wants to grant the access to someone, they send the message via blockchain containing the symmetric key encrypted to the recipient public key. The access is revoked by re-encrypting the data to the different symmetric key.
As an additional security measure, we have created the Smart Access List contract which stores the permissions granted to any party. Every individual ID or personal data contract, when called by any party, sub-calls the Smart Access List before returning any data to the caller. Smart Access List returns the confirmation of the caller’s rights. This mechanism helps to quickly revoke the access to the data without re-encrypting it.
As mentioned above, the only reliable way to identify the person is the biometry. Therefore, only those Global IDs having the biometric data attached can be reconnected in case of loss or theft of the cryptographic keys.
The reconnection procedure works as follows: the person gets the new blockchain key pair and visits a Governance Circle organization. The organization re-collects the biometry sample and creates new Global ID. After that the person sends the message to the special Mayday contract which matches the new ID with the old one by searching the Hash Silo and reconnects the personal data smart contracts to the new Global ID.
The Mayday contract can also trigger the re-issuance of ERC-20 tokens or re-sending the native pre-mined tokens to the new address.
Human interactions and transactions are moving online and rapidly growing. Social media, shopping, personal finance, wealth management, insurance are just few examples.
More and more customers adopt digital payments through all type of channels, such as phones, contactless cards and even watches. We believe that the trend will continue and the penetration rate of new payment media will increase.
Customers want to get value for their money and expect personalised experience and highly tailored solutions. This personalisation based on the personal data and behavioural preferences means one needs to share this data.
It is hard to decide whom to trust and whom to provide your data with when you are not sure how the data will be used. If the data is protected and it is you who ultimately owns it, you feel more confident sharing it.
There are numerous use cases of the Global ID platform:
1. Digital registry (life events records).
2. KYC for online financial services.
3. Visa and travel management – tax residency management.
4. Broader access to financial services (banking unbanked) subject to compliance with laws.
5. Refugees identity management.
6. Identity theft/cyber security protection.
7. Enhanced protection for personal e-commerce retail activity.
8. Personal data monetization for data owners.
9. Secured access to bank and segregated access to banking operations history, including its transfer when the person changes banks/countries.
10. Better risk scoring for the banks and financial services providers, i.e. you can prove your credit, trade history and wealth.
11. Electronic health records history which implies more effective treatment.
12. Insurance history and personalised insurance products pricing.
13. Education history
14. Employment history
15. Skills and CV verification
16. Clients’ investment experience and knowledge verification (asset allocation recommendations and portfolio allocation rules)
Ethereum allows integration of various private solutions between each other. This means the easiness of platform customization and adaptation for any business and regulatory needs.
The solution uses open source libraries and SDKs. The core of the system is based on Solidity smart contracts. Genesis block should be configured with pre-mined native Token (~10^12 ETH) or ERC-20 specification contract Token.
Proposed Tech Stack:
- Parity nodes with POA
- Smart contracts with Solidity
- Golang-coded backend
- Fingerprint recognition (NIST libraries)
- Fuzzy hash functions (to be further researched)
- Hashing Blake2s or SHA3 for security encryption
- Geth - Golang Ethereum node implementation (sources) for backend integration with blockchain for deploying the smart contracts and sending the transactions
- Solc - solidity contract compiler.
Being a Blockchain practitioner, I am a great advocate of this technology. However, it is pretty complicated, and therefore, to achieve greater adoption, we need to find the simplest possible way of explaining it to the public. There are many evangelists doing this job and I do appreciate their efforts. It is totally normal, however, that sometimes they overpromise. After all, most prominent sales people do.
The purpose of this post is to note the typical overpromises of Blockchain. It is worth studying, especially if you deal with an enterprise customer that will eventually ask you to put your promises into a legally binding contract.
By the myths of Blockchain, I understand the promises which cannot be delivered either with the current software realizations or ever. I will also talk about existing features of Blockchain which make it legendary. I will start with the myths and finish with the legends for the purpose of making this article optimistic as the blockchain technology well deserves it.
Myth 1. Decentralization
Blockchain is lot more decentralized than most other systems we know, however, the devil is in the details. The software runs in totally decentralized manner, but there are two very important questions: who writes the code and who runs the nodes. To illustrate the importance of the first one: there are just fifty developers of bitcoin with more than ten commits. It is a pretty small community which can totally affect how the bitcoin evolves as a system. The bitcoin blockchain is a perfectly decentralized rule enforcement machine, but the rules are created by a few people.
The situation is even worse when it comes to the second question: the mining of bitcoin is dominated by a one-digit number of ASIC vendors, which can easily sit around one table. In fact, they do so from time to time.
As we see from the past events with public blockchains, such as Ethereum and Bitcoin, if the network is under attack or at a capacity threshold, the rules can be changed quite quickly by a very small number of people. All the users do not have a choice but to trust those people. Which brings us to the next myth of Blockchain.
Myth 2. Trustlessness
Blockchain is a trustless system. Indeed, if you send the money over blockchain, you don’t have to trust the second party. More importantly, your transfer is not processed by trusted central authority. However, there should be many trusted ecosystem participants in order for the blockchain to function. Here are some examples:
The developers. We have to trust that the core contributors will not change the rules of the game on the fly.
The oracles. The external applications feeding the data into the smart contracts have to be trusted. For example, if the smart contract pays out an insurance for the delayed flight, the information on the delay has to be kosher.
The cyber-physical gateways. Whenever the physical asset is being digitized and tracked on a blockchain, there has to be a trusted way to confirm that the particular physical item corresponds to the particular digital token in the blockchain. The good example is the Bitnation integrated with Estonian e-residence. In this case, Estonian government is a trusted cyber-physical gateway because before issuing an e-residency they perform a KYC and therefore can confirm that the digital identity corresponds to the physical person.
The custodians. When the digital tokens are issued against the real money, shares, bonds or other similar assets, there should be an organization which holds the asset and issues the tokens and vice versa, delivers the asset against the tokens balance. The example of such an entity is the bitcoin exchange which holds the deposits both in bitcoin and fiat currency. It comes without saying, that this entity has to be trusted.
As you can see, the blockchain is not totally trustless. Moreover, if any one of the entities mentioned above cannot be trusted, the whole system looses its attractiveness.
Myth 3. The Internet of Value
Blockchain is often referred to as the Internet of Value. It is not exactly accurate. The thing is that blockchain transfers digital tokens, not value. There is no intrinsic value in digital tokens unless all the participants are in an agreement on that. It can be quite difficult to reach such an agreement, especially if the number of participants is large. This problem is not in the technology itself but rather in adoption and presence of the legal and regulatory frameworks. The situation will change when either an existing fiat currency will be re-digitized as the crypto currency or when an existing crypto currency will get the legal tender status. I guess it is a very long way to go.
Myth 4. The interoperability of blockchains
The interoperability of blockchains, which is the ability to receive a blockchain transaction from another blockchain, for example, to send bitcoins from an Ethereum smart contract, is currently not possible. It is because all current blockchain realizations are based on the asymmetric cryptography scheme. To sign the transaction, one has to be in possession of the private key. The wallet software signs the transaction with some interaction with the user, who enters the password which protects the private key. After that, the transaction is being sent to the blockchain network. Interoperability assumes no human interaction which means that the private key for the blockchain receiving the transaction has to be stored in the blockchain sending the transaction. If this is the case, the private key loses its privacy and the owner of the account loses the control over it.
Now let us talk about the bright side of the things: the "killer features" which make Blockchain legendary.
Killer feature 1. Automation, distributed by nature
Old school IT people remember how difficult and expensive were to build the distributed databases. Algorithms like Paxos were used in some file systems, but aside from those, there was no progress in using consensus algorithms for distributed applications before blockchain. Now, your smart contract, which is essentially the virtual machine containing the application and an embedded database, can be replicated easy and cheap as many times as necessary. Intrinsic consensus scheme guarantees that the data is in the same state across all the nodes and that the application logic is executed as programmed. This is the foundation for building the systems which are orders of magnitude more reliable than before.
Killer feature 2. Resolving conflict of interest
Imagine the following scenario: the business process involves several parties. Let's take an example of motor accident which will include a customer, an insurance broker, an insurance company, a reinsurance company, a service provider which fixes the damage, and a regulator. Some of the parties have an inherent conflict of interest and therefore are motivated to obtain full control over the transactions and prevent transparency. Blockchain in this scenario creates an opportunity unseen before: every party can have the exact replica of the entire application with all the business logic enforced automatically, where all the transactions are transparent and any interference from a conflicted party disabled by design.
The blockchain-based information system for the business process can be created and maintained by the third party software company which is paid by all the participants proportionally to their use of the system and which does not have any control over the data.
Killer feature 3. The money is blended into the application
Imagine, that in the insurance example above, all the parties agreed on the value of the digital tokens of the blockchain and that there is a trusted custodian holding the real money, emitting the tokens and settling the tokens balances with the real money once the agreed period ends.
Effectively, we now have the business application which automates not only the business process but also payments. The money flow can now be programmed in the same way as the information flow used to be programmed before. The money is now blended into the application which is totally unprecedented.
Killer feature 4. Irrefutability and non-repudiation
In order for the consensus to be achieved, blockchain is designed in a way that all the changes to the data are stored since the system started. Moreover, all the requests to change the data are digitally signed by the initiators. Two very important things are derived from this design.
First, one can check the state of the data at any given moment in the past. It makes the data irrefutable and creates totally new horizons for the audits, investigations, and research.
Second, one of the main characteristics of the digital signature scheme is non-repudiation which means that any data change initiator is not able to challenge their authorship of this initiative. Therefore, if the proper KYC procedures are put in place, the information system becomes unprecedently transparent.
To summarize, I am a bit skeptical of blockchain becoming the medium for the global value exchange over the Internet available to anyone to use. This may or may not happen because of various non-technological reasons. What I firmly believe in though is that blockchain has a humongous potential to disrupt the corporate IT and streamline corporate business processes. This, in turn, will make the life of those using corporate and government services easier while giving the ability to use these services to people not currently able to do so.
Blockchain is one of the top buzz words today along with AI, IOT, and big data. Many call Blockchain the ‘new Internet’. Is this analogy relevant? This post is my attempt to find the place Blockchain occupies in the modern IT landscape.
Technologies to handle the information (aka Information Technologies or IT) had arisen and evolved around serving the business needs of the corporations and governments. The central part of any information system is the database which literally stores the data. The data stored in a traditional database is accessible and changeable by the users of the system according to their ‘access rights’. Then there are ‘super users’ who are administrators of the database itself as well as sysadmins of servers on which the database physically resides. These users have the highest level of access and administer other users rights.
Banks and financial corporations were among the earliest users of IT and therefore they had to figure out how the money can be put into the information systems. Their solution was to record account balances in the database as the numerical values against the account numbers. And since any super user could change any value in their database (and potentially create the money out of nothing), financial information systems had to be isolated from everyone's access by additional security measures.
At the same time, the business, which needs to be served by IT, is essentially the flow of transactions exchanging the goods or services for money. Traditional IT were only able to partially serve these transactions as the systems managing the money are isolated from everything else.
Here comes Blockchain.
The first realization of Blockchain, known as bitcoin, totally changed the way the money is accounted in the information system. Instead of the numerical balance in a database, every currency unit is represented as a promissory note which is digitally signed by the owner whenever they want to pass it to anyone else. Furthermore, there is no single database: the copy of the ledger, which includes all the notes with the endorsements, is stored on many servers. Any change to the database state is only possible if the majority of the servers approves it.
The digital signatures used to sign the endorsements are derived from asymmetric cryptography scheme hence the public key is essentially the account number while the private key is the only mean to sign the endorsement. The traditional form of the ledger which is the account number with associated balance can be therefore derived from the Blockchain database by summing up all the endorsements made for a particular account.
This is not all the beauty of Blockchain. What makes it complete is smart contracts. The smart contract is the computer program which can be associated with the particular account of the ledger described above. Whenever the transaction touches the account containing smart contract, it executes, automating some pre-programmed business logic. Therefore, now it is possible to create the application which automates both sides of the business transaction: exchange of the product for money.
Apart of blending the money into the information systems, Blockchain has many intrinsic features resulting from its design. The database is naturally distributed hence there is no single point of failure as well as no dependency on the single point of trust. All the changes are tracked and recorded, therefore making it possible to see the state of the data at any given moment in the past which gives unprecedented capabilities for audits, research, and investigations. Last but not least, all the changes are authenticated with the digital signature of the change initiator, which adds non-repudiation to any system built upon Blockchain. This all allows for an unprecedented levels of access, without the risks of erroneous or malicious interference from the super user.
Is Blockchain similar to Internet? Probably not as it is not enabling so many types of new businesses. It is obvious, though, that Blockchain has a great potential in corporate information systems as those can now be more reliable, efficient and secure.
Being part of blockchain industry, I read and hear a lot about tech itself, use cases and scenarios, future applications etc. At the same time, I never saw a formal scientific definition of what
the technology really is. Under blockchain here I mean not the data structure – chain of blocks – but the technology framework which includes the distributed ledgers, smart contracts, and all
these nice new widely adored features. In the end of the day, all this blockchain tech is part of computer science, isn’t it? So here is my definition of blockchain technology for your judgment
and further discussion:
“Blockchain is the technology which allows trustless Turing machine replication over an asynchronous network.”
If we speak about distributed ledger without smart contracts layer, Turing machine can be replaced by the state machine in the definition above. Indeed, every node of Bitcoin network is a finite state machine while the smart contract in Ethereum is Turing machine which works simultaneously and identically on all network nodes.
My view is that it is replication which is the most important. The proper replication of the database (ledger) or a process (smart contract) enables all these new business ideas because it brings the data and the process closer to where it is needed therefore cutting the costs and improving efficiency.
The replication itself exists since quite a long time and has been widely used for building fault-tolerant systems. There are also some technologies dealing with asynchronous networks. But trustless and asynchronous taken together create the real innovation. The trust is a fundamental concept in the blockchain technology. When dealing with someone in the real world, you have to trust them. Trustlessness in the blockchain world sets up an interesting paradox, you don’t have to trust any of the counterparties, but you can trust all of them taken together. Indeed, you don’t have to care whether the node you are sending your transaction to is legit. If it is not, the failure will be corrected by the consensus algorithm (if a certain majority of the nodes are legit), so in the worst case your transaction will not be processed while in the best case it will be processed correctly.
You may ask: what about immutability, irrefutability and other nice features of blockchain? The answer is that all these features are consequences of the fact that data is organized as the chain of blocks, each referring to the previous one. Why would we need such a data structure? Because it allows the above-mentioned consensus algorithm to function properly. So the logical chain here is: trustless replication requires consensus algorithm which in turn requires the data to be organized in a blockchain. This logical chain can be evolved further to systemize the blockchain tech stack of protocols, but it is the topic for separate discussion.