Ethereum Usecase: Identity Management (Take 2)

Identity verification is one of the hottest usecases for the blockchain. I already wrote on this topic few months ago with the idea of a fictive government binding hashed identity data to citizen’s ethereum address.

Recently, I ran into ShoCard, a mobile app which is able to locally store user’s identities (driver’s license, passport, tickets, credits cards, online accounts, …) on the mobile phone and seal this data by putting the hashes via the BlockCypher API on the blockchain. Furthermore, institutions, like banks for instance, can verify user’s identities and store this fact on blockchain too, effectively confirming that the sealed id record is correct.

I did the experiment of implementing ShoCard’s concept on the Ethereum blockchain. A very interesting point is that we only need one simple contract for the implementation of the concept. It simply binds a hash value to an address:

contract DataSeal {
address owner;
uint256 dataHash;
function DataSeal(uint256 _dataHash) {
owner = msg.sender;
dataHash = _dataHash;
}
}

First, for every user’s identity record of the form

idRecord = {idData_1, ..., idData_n, randomValue} 

we create in Ethereum a DataSeal instance storing idRecord‘s hash value.

idRecordSeal = new DataSeal(<idRecord hash>)

From now on, idRecord can not be modified without breaking idRecordSeal.

If we want to prove to X that our idRecord has been sealed by us, we will send to X the idRecordSeal address and idRecord signed with the private key of the Ethereum account used to instantiate idRecordSeal. Having this informaton, X can verify that idRecord matches the hash value in idRecordSeal contract and that the signature matches its owner.

So far, we have the proof that idRecord was created and sealed by us, but we have no proof yet that idRecord matches our real identity as documented on our id card. For instance, we could steal the id card from someone else and  seal it on the blockchain. In order to make the idRecord trustworthy, we need a trustworthy witness verifying our idRecord and committing the proof to the blockchain.

The most direct witness for this proof would be the public authority issuing the id cards to the citizens. The next best instance, could be a commonly accepted institution like the mailing company (see POSTIDENT solution of Deutsche Post AG) or a bank.

If the user has been successfully authenticated, the witness will produce

witnessRecord = {idRecordSeal, secretKey}

and create a new instance of the DataSeal contract with the hash of it:

witnessRecordSeal = new DataSeal(<witnessRecord hash>)

Finally the witness shares the following record with the user:

{witnessPublicAddress, witnessRecordSeal, secretKey}

Assuming that X is trusting W, and that we already were authenticated by W, we can pass to X

  1. the witness data {witnessPublicAddress, witnessRecordSeal, secretKey}
  2. our idRecord signed with the corresponding private key
  3. our idRecordSeal address

Now X, can check that idRecord hasn’t been modified, that we’re the owner of the record and it’s blockchain seal, and that we already were successfully authenticated by W. If X trusts W, then he doesn’t need any further verification of our identity and he can do business with us.

The concept is universal and it works with any kind of document. There are also usecases where no witness is needed at all. For instance I can seal my credit card data like this:

creditCardDataSeal = new DataSeal(<hashed credit card data>)

Every time I purchase something, I also sign my purchase with my Ethereum private key and the merchant can verify that credit card data is in my ownership. So even if someone steals my credit card, he won’t be able to purchase something with it, because the thief can not prove he’s the owner of the credit card.

BitBond – the future of Loans

Last week the P2P lending platform BitBond got a license from the German BaFinBitBond is a fine little platform with lot of nice features. It’s unique selling point is that it is completely bitcoin based. You can get loans and invest on a USD and BTC base, but the complete backend is based on bitcoins. This will simplify the backend processes for all participants in a radical way and it can be used by unbanked population from undeveloped regions all over the planet. 

The internal account will be managed only in BTC. Yes, this radical bitcoin p2p implementation will be a barrier for anyone who is not familiar with BTC, but it shows how easy this complicated business can become in the future.

The amount of loans is still rising and the platform has good chances for the disruptive network effect. It also has an open API to integrate the functionality into the own business or application and it gives us an idea about the connected business processe for small business.

Another nice feature is “AutoInvest” for all lazy investors, which are not interested in studying the loans on their own.

Ok, lets look on the other side of the coin. The interest rates are pretty high, up to 30% and the credit risk is also really high. On the platform you can look on the credit portfolios of the investors, they diversify their capital to a lot of loans and do not win in every case. Over all they earn money, but it’s not the holy grail. 

BitBond Team, good luck with your platform, thumb up for your platform implementation and ideas !

KW 39 – Weekly Blockchainers Recap

The kind of blockchain news are rapidly changing these days.

  • Two years ago: Bitcoin is some dirty stuff for anarchists and criminals. 
  • One year ago: Hmm, the blockchain behind Bitcoin, it sounds interesting, lets have a look on it.
  • Half year ago: Let’s start some prototyping to find out how to use it for us, if we can’t stop the technical progress let it work in our direction.  
  • And today? I see more and more commercial projects or productive systems using the BC, DLT how ever they call it. It’s really inspiring to be a part of the development of this disruptive technology, let us have a look on some brand new examples: