Distributed identity

The distributed identity is a challenging quest in the world of blockchain

A quick summary of this problem is the following:

1) We have an open distributed database like a public blockchain.

2) How to create identity service on top of this system?

By identity service we mean some virtual token that can be used to confirm that some transaction was performed by a person.

The open decentralized nature of the underlying database implies this system also should be incentive-compatible. An average node owner of a public blockchain should have an incentive to hold such a database on his node. At the same time, this distributed identity database should not be prohibitively expensive to use. Therefore the easiest solution of “Just make an encrypted international id database (for example with passport scans) and blockchain that” will not work. The maintenance of one node of such database will require a dedicated datacenter. A distributed network of such datacenters will require so much upfront investment so it is doable only by coordinated effort of several national governments or corporations.

The current blockchains need to find some sort of a smart shortcut. It should be some reasonably small piece of information that is easy to produce and store by the distributed network but hard enough to fake to prevent attacks with fake identities.

Here is a brief overview of various attempts at these shortcuts and their tradeoffs:

Pseudonym parties - events hosted in real life that have QR codes for proof of attendance tokens. One of such attendance token can be used for one online verification. A wallet with a collection of attendance tokens represents a unique person. The idea behind this is physical attendance and manually scan the QR code to get one token will make the price of getting an ID sufficiently low but. At the same time the price of a massive fake ID attack will be pretty detrimental, as it would require a coordinated effort of lots of people.

The drawback of such system is reliance on trusted pseudonym party organisers. One compromised party node will compromise the entire system. Also this looks a lot like reinventing bureaucracy.

Bright ID - probabilistic social graph analysis as a way to figure out who is who. Imagine a very simplistic social network where adding a person to a friendlist means you know each other in real life. This way if we aggregate some data on connections between people we know - we can extrapolate the connection patterns further to figure out if some id in the system is a normally connected human or a suspect for a botnet.

The problem with this is the algorithm that does the analysis. Currently such algorithms is a battleground between big platforms like Google and Facebook and all kinds of spam services. Its hard to say who is winning this battle. Real people with regular messages get into crosshairs of spam-detecting systems for unknown reasons. It is quite a challenge to make any advanced social graph analysis algorithm that could be executed by entire blockchain.

Humanity DAO - proof of stake identity verification. If you sign up in the system - someone else has to vouch for you with a stake with an amount of cryptocurrency. Validity of a person can be disputed in a decentralized arbitrage and if the arbitrage decides that this is not a real person - the staked funds are lost. This is pretty much property census from the ancient Greece on blockchain.

Someone who owns a lot of cryptocurrency could stake it for more fake identities and eventually create a network of bots that overtakes the voting majority, however, the transparent nature of blockchain transactions would make this detectable.

Anyway, the main weak spot for this project was horrible design of their website and an airdrop campaign that made it look like a Ponzi scheme.

If you came across an interesting project about a distributed identity or have a bright idea for one - please let me know in the comments.