How can we leverage on distributed ledger technology and cryptography to provide identity as a global, cross-jurisdiction and accessible utility for the world?

2. hello
Calvin Cheng
calvin@cara.co
learn, design and build real world applications
with crypto and distributed ledgers

3. overview
Self Sovereign Identity
• Why
• Challenges
• How it works
• Code
• Adoption & Future?

4. Why

6. identity is…
• 10 principles -
(e.g. existence, control, access, transparency…)
• Identity is a double-edge sword - it can be used for beneficial
and for malevolent purposes
• Identity only makes sense from a 3rd party perspective

7. experts’ views…
• W3C Verifiable Claims Working Group ~ April 2017
• charter:
“It is currently difficult to express banking account
information, education qualifications, healthcare data and
other sorts of machine-readable personal information that has
been verified by a 3rd party on the web. These sorts of data
are often referred to as verifiable claims. The mission of the
Verifiable Claims Working Group is to make expressing,
exchanging and verifying claims easier and more secure on
the web”

8. current system
• W3C Verifiable Claims Working Group ~ April 2017
• charter:
• It is currently difficult to express banking account information,
education qualifications, healthcare data and other sorts of
machine-readable personal information that has been verified
by a 3rd party on the web. These sorts of data are often
referred to as verifiable claims. The mission of the Verifiable
Claims Working Group is to make expressing, exchanging and
verifying claims easier and more secure on the web

9. current system
• We can use public key cryptography (PKI, public key
infrastructure) to solve this problem?
• However, PKI is costly and centralised
• If a CA makes a mistake on a digital certificate or service fails,
everything falls apart

10. decentralized approach

11. SSI means…
• Self-sovereign identity
• “I own my identity”, not a 3rd party organization
• User-centric perspective to the concept of identity
• “truth”

12. SSI benefits
• Simplify KYC, AML regulations
• Simplify verification of credentials
(e.g. education, driving licenses, work visa…)
• Reduce dependence on organisations that monetise our data

13. SSI approach
• Blockchain technology (or DLTs) uses consensus algorithms
operating over many different machines and replicated by
many different entities in a decentralised network
• Hyperledger Indy/Sovrin - decentralised PKI (DPKI), every
public key has its own address (DID, decentralised identifier)
• DIDs enable true self-sovereign identity - lifetime portable
digital identity for any person, organization or thing that
cannot be taken away

14. SSI approach
• DID specification ensures that issuers and verifiers
everywhere can look up the necessary public keys on a public
blockchain regardless of whether they belong to the same
organization or identity federation
• Evolution from disconnected “islands of identity” each with its
own PKI to a global identity network based on DPKI
• Akin to “local area networks” to global internet

15. Challenges

16. challenges
• No standard way to verify digital credentials
• Standardising how to verify the digital signatures of credential
issuers
• Data liability and over-reliance on centralised systems
(Equifax)

17. challenge:
• W3C is standardising digital credentials
“…no standard way to verify digital credentials…”

18. challenge:
• Usually done by PKI (centralised public key cryptography)
• DID - another standard coming from W3C:
• Allows every public key to have its own address
• An open standard
• Uses cryptography
• Enables true SSI
• Anyone can issue a digitally-signed claims; others can verify it
“…how to verify digital signatures of credential issuers?”

19. challenge:
“…privacy issues for data stored on blockchain (or centralised db)?”
• Blockchain, being decentralised, is ideal; to serve as a self-
service registry for public keys

20. SSI core requirements
1. Governance: trusted by all stakeholders
2. Performance: internet scale
3. Accessibility: identity is available to all
4. Privacy

21. Solution
1. Decentralized Identifiers
2. Distributed Ledger
3. Verifiable Claims, combined with Zero Knowledge Proofs

22. hyperledger indy? sovrin?
• Hyperledger Indy - a distributed ledger framework for creating
and managing self-sovereign identities
• Sovrin - an instance of Hyperledger Indy
• Sovrin Foundation - an international non-profit, with a board of
trustees from diverse background and industries
• Public network, permissioned by stewards (a consortium of
diverse organisations)

23. How it works

24. How it works

25. illustration

26. illustration (did)

27. illustration (verifiable claim)

28. illustration (verifiable claim)

29. illustration (verifiable claim)

30. illustration (verifiable claim)

31. illustration (zkp)
https://hackernoon.com/eli5-zero-knowledge-
proof-78a276db9eff

32. illustration (zkp)

33. illustration (zkp)

34. illustration (zkp)

35. illustration (zkp)

36. illustration (zkp)

37. illustration (zkp)

38. illustration (zkp)

39. illustration (zkp)

40. components
• cryptography
• nodes
• ledger
• state and storage
• governance

41. cryptography
• AnonCred: anonymous credentials with type-3 revocation
(prove identity satisfy certain properties in uncorrelated way
without revealing other identity details)

42. nodes & ledger
• nodes:
consensus with plenum BFT (specifically Redundant BFT)
client-node and node-node network communication with
Curve ZMQ
• ledger is replicated across all nodes, backed by merkle tree

43. state & storage
• state:
Ethereum’s Patricia Trie
• storage:
leveldb as key-value storage for ledger and state

44. governance
• Sovrin Provisional Trust Framework
• Stewards

45. Code

47. indy-plenum
nodes, ledger, state, storage
• nodes:
consensus with plenum BFT (specifically Redundant BFT)
client-node and node-node network communication with Curve ZMQ
• ledger:
replicated across all nodes, backed by merkle tree
• state:
Ethereum’s Patricia Trie
• storage:
leveldb as key-value storage for ledger and state

48. indy-crypto
crypto
• AnonCred: anonymous credentials with type-3 revocation
(prove identity satisfy certain properties in uncorrelated way
without revealing other identity details)

49. indy-sdk
client
• Client-side library (Rust) to interact with Hyperledger Indy
• Compiles to .so for client-to-indy communication
• Embed in your client application

50. Code

51. demo code

53. Adoption &
Future?

54. digital identity
Philippines
• In 2017, only 44% of Filipinos used bank accounts, often
because of inefficient identity systems
• Bankers Association of Philippines, Hyperledger member
Amihan and banks including AUB, BPI and Citibank collaborate
• POC implements SSI with Hyperledger Indy
• Consumers provide information once in a privacy preserving
way and re-use that data to open new accounts. Banks can
trust the data

55. impact & opportunities
World-Wide
• Identity and access management
• Cybersecurity
• RegTech
• Data integration

56. considerations
Solutions for Users
• Centralised Applications - why are they successful?
• Decentralised Applications - how can they be successful?
• Analogy:
Unix/BSD adoption vs macOS adoption? (usability + hardware)

57. thank you
Calvin Cheng
calvin@cara.co