Self Sovereign Identities: Towards Blockchain-Based Decentralized IDs
Blockchain technology can disrupt multiple sectors. One of those areas which are ready for disruption has to be “identity.” Even though several steps have been taken to improve the identity industry, incorporating the blockchain can truly disrupt this space. Through RSK, Bitcoin can easily incorporate self-sovereign identities into its protocol.
However, before we go any further, let’s look at the difference between traditional and self-sovereign identities.
Personal identity is one of the fundamental human rights as per Article 8 of the UN’s Convention on the Rights of the Child. At its most basic level, identity consists of:
- First and last name.
- Date of birth.
- Some form of a national identifier such as passport number, social security number (SSN), driving license, etc.
The importance of identity can’t be overstated. Without a valid form of ID, one can’t own property, vote, receive government services, open a bank account, or find full-time employment. Without control over one’s identity, it is easy to become invisible and be unable to participate in society simply because one can’t prove that they are who they say they are.
However, there is a big problem plaguing this space. All this data, such as passport number, SSN, driving license are stored in centralized servers and databases. This leads to three major issues:
- Only these centralized entities can give out identities.
- These centralized entities can mishandle your personal data.
- Identity theft.
Since traditional centralized identity is maintained in centralized servers, these entities have the right to issue and validate these identities to anyone they want. According to the United Nations, 1.1 billion people worldwide don’t have a way to claim ownership over their identity. Without a valid identity, it is near impossible to open something as basic as a bank account. As such, the number of unbanked people around the world keeps increasing.
Take a look at the landscape that we are living in right now. There are multiple platforms online, and each platform requires you to create an identity to access it. You must create a Facebook profile to access Facebook, similarly, you must create a Reddit account to access Reddit.
Now, what is the problem with that?
Every single one of these platforms is creating their own identity silo. We are renting out our identity to them without having any ownership over it. This can lead to some pretty devastating results as we have observed with Facebook.
From 1997 to 1999, in San Diego, California, one of the most infamous cases of identity theft happened. Bari Nessel would be hiring people for a job, and in the process, she obtained their personal information. One of the people she duped was Linda Foley. She accrued large amounts of debt on Foley’s credit card.
However, there is another instance of identity theft that we want to look into. This instance has far more severe repercussions than the case discussed above. In 2017, Equifax, one of the top credit-reporting companies disclosed that they were hacked. The hackers stole customer names, Social Security numbers, birthdates and addresses in a hack that stretched from mid-May and July. This attack affected half the US population.
Now, what is so scary about this attack?
- You had no control over your data. You trusted some third-party to keep it secure for you, however, since everyone’s data is kept with this party, it becomes open for hacks and attacks.
- The company probably knew that they were getting hacked and yet they didn’t inform the people in time. This lack of transparency can be a huge problem when dealing with these companies.
Self-sovereignty is the idea that it is an individual’s moral right to have ownership over their own body and life. While this idea was largely idealistic till now, with blockchain integration, this can be a reality. Due to its underlying technology, the blockchain can organically solve the three main problems affecting the cryptospace:
- Digital units shouldn’t be easy to replicate.
- Digital files should be tamper proof.
- Digital processes should be tamper proof.
#1 Digital Units Shouldn’t Be Easy To Replicate
Anything of immense value should be complicated to replicate. The same is true for personal digital identity. It shouldn’t be possible for two people to use the same identity details. This is not just limited to identities. In the cryptocurrency space, this problem is called “double spending.”
Double spending means that you are using the same coin to conduct more than one transaction. Think about it like this. If you had a $10 note with you, it should be impossible for you to spend that money in more than one transaction at a time. If you are in a shop, then it should be impossible for you to buy two $10 items at the same time using the same $10 bill. You can mitigate that in fiat scenarios because:
- You are either physically transferring cash from one hand to another.
- You have a centralized entity i.e., a bank which oversees all the transactions.
Digital money is different from fiat in that regard. When you are making a transaction, you are simply broadcasting to the network that you want to send a particular amount of money to someone else. What is stopping you from making another transaction with the same coins before the entire network agrees to validate your previous transaction? How will the network know which transaction is genuine and which isn’t?
Bitcoin mitigates this via the utilization of blockchain technology:
- Each transaction has to be verified by the users of the blockchain network.
- The miners validate the transaction in exchange for a fee.
- If the miners don’t catch a double spend transaction, then they will lose the fees.
If someone attempts to double spend using the same Bitcoin, then both the transactions will get automatically rejected. Once a transaction is verified for a particular bitcoin, its details get added into a block.
All the blocks in the blockchain are linked via a hash pointer. Each block stores a hash of all the data that is stored in the previous blocks. Plus, as we have said before, the blockchain is transparent so all the data inside the blockchain can be visible to everyone who is part of the blockchain’s network.
So, applying this logic in Bitcoin, every single bitcoin can be accounted for via its transparency. Also, any attempt to change the coin’s history will be impossible as the transactions stored in the blockchain are hashed cryptographically to the previous blocks. The immutability and transparency of the blockchain prevents double spending.
#2 Digital Files Should Be Tamper-Proof
Back in the day, all the personal record files used to be physically stored in registers, this brought in a host of problems.
- Anyone can steal the registers.
- It is very simple to bribe someone to tamper with the records.
- Registers are susceptible to wear and tear.
Even when the system was made digital, specific problems persisted.
- The system could always be hacked.
- The bribe angle still remained. Anyone could bribe an official and make them change the records.
What was needed was a system that could store all these files and make them “non-tamperable” or immutable so to speak. The blockchain could bring this feature into the system.
Each block in a blockchain has its unique digital fingerprint called “hash”. Once the files go inside a block, they cannot be tampered with because the cryptographic hash functions will prevent that from happening.
A cryptographic hash function is a particular class of hash functions which has various properties making it ideal for cryptography. There are specific properties that a cryptographic hash function needs to have to be considered secure. One of those properties happens to the “Avalanche Effect.”
What does that mean?
Even if you make a small change in your input, the changes that will be reflected in the hash will be huge. Let’s test it out using the SHA-256 algorithm:
Do you see that? Even though you just changed the case of the first alphabet of the input, look at how much that has affected the output hash.
So, anytime someone tries to change the data inside the blockchain, it becomes instantly evident that a tampering-attempt has been made.
Plus, all the blocks are also linked to each other via hash functions. Each block in the blockchain has the hash of the previous block. As such, if tampering does occur, it changes the entire structure of the chain, which is an impossibility.
#3 Digital Processes Should Be Tamper-Proof
The third problem that the blockchain can fix is securing a trustless process. Every official institution has a process for each and every activity but they may not be strictly adhered to. This could happen for two reasons:
- General human negligence.
- Malicious intent.
As you can see, these problems are both human-related.
To secure something as important as personal identities, a set process should be followed which cannot be tampered with. A lot of actors need to follow specific steps every single time to ensure the safety of the process and to eliminate any corrupt human behavior.
The blockchain pretty much solved this problem a long time back through “consensus mechanisms” such as Proof-of-Work, Proof-of-Stake, etc.
Rootstock (RSK) is a smart contract platform that is connected to Bitcoin’s blockchain through sidechain technology. Rootstock allows you to create applications compatible with Ethereum (the web3/EVM/Solidity model) while still enjoying the Bitcoin blockchain’s security. At its very core, Rootstock is a combination of:
- A Turing-complete resource-accounted deterministic virtual machine (for smart contracts) is compatible with Ethereum’s EVM.
- A two-way pegged Bitcoin sidechain (for BTC denominated trade) based on a strong federation
- A SHA256D merge-mining consensus protocol (for consensus security relying on Bitcoin’s miners) with 30-seconds block interval. (for fast payments).
Rootstock will also be using its tech stack – the Rootstock Infrastructure Framework Open Standard (RIFOS or RIF) to help build a healthy economic system on top of Bitcoin. It’ll facilitate the use of blockchain technology by making it as simple for everyone as possible.
RIF officially released their long-awaited self sovereign identities solution. Developers and users will now be able to access RIF Identity’s developer library and repos to integrate their new Self Sovereign Identity solution into their respective projects. Users can check the GitHub repositories to integrate or collaborate with the newly released solution.
RIF Identity: The ultimate self-sovereign identity solution
The decentralized identifiers (DID) are compliant with W3C’s VC and DID standards, making them compatible with other W3C DID and VC systems. With these solutions, developers can focus 100% on users. So, what are the main advantages of RIF’s self-sovereign solutions:
- Holders of credentials will be able to control their digital identity without issues. This gives them complete control over the information they share.
- The solution allows you to show specific aspects of your information. For example, if you need to prove your age, you can just show your birth year without revealing any more sensitive data items.
- RIF is working with various blockchain use cases like DeFi, Blockchain Oracles, Fungible & Non-Fungible tokens, etc. that are leveraging the Self-Sovereign Identity solutions created.
- The RIF Identity solution is not just exclusive for crypto projects. Governments, organizations, private companies, and individual developers can incorporate self-sovereign identity with RIF’s solution.
- As a result, organizations won’t have to spend a huge amount of money to create their own solutions.
While Bitcoin is the oldest and most secure blockchain in the world, till now it has only been known as a payment-only protocol. However, RSK provides developers a platform where they can build solutions on top of the Bitcoin blockchain. RIF Identity is just one of the several tools that they have created for Bitcoin.