SlideShare a Scribd company logo

Defi MOOC Fa21 - Decentralized Identity.pptx.pdf

S
ssuser00208b

Defi decentralized finance blockchain

Technology
1 of 59
Download to read offline
Decentralized Finance Instructor: Dan Boneh, Arthur Gervais, Andrew Miller, Christine Parlour, Dawn Song Decentralized Identities
1. Linking External Accounts to DeFi - Attestation model, Decentralized Identifiers - Anonymous credentials from Zero Knowledge Proofs 2. Identity Authorities and Real Names - Real names and regulations - Using CanDID to bootstrap credentials from legacy authorities 3. Future of Defi: relying less on authority - Webs-of-Trust - Proofs of Personhood Outline
1a: Linking external Accounts https://defi-learning.org
Motivating Example: Airdrop to twitter users Sign me up! I’m @AliceToGo on twitter Alice @AliceToGo $$$ New token on Ethereum
Motivating Example: Airdrop to twitter users Sign me up! I’m @AliceToGo on twitter Alice @AliceToGo New token on Ethereum account: @AliceToGo Real name: Alice Profile: “My eth address: 0x932ijgf….098j309jsd” 0x932ijgf….098j309jsd $$$
Why would DeFi want to link external accounts? - Airdrops, tips, giveaways to social media accounts - Reputation as collateral - Simplifying user registration & login with Single-Sign-On - Avoid spammers, botnets, farms, and sybil attacks - Provide an alternate way to recover a lost account - Ensure “one person one vote” for fairness in governance 6
Simple Attestation Model 7 Attestation: “something about the subject” Subject Relying Party Issuer
Twitter Airdrops in the Attestation model account: @AliceToGo Real name: Alice Profile: “My eth address: 0x932ijgf….098j309jsd” Attestation: Any problems? Sign me up! I’m @AliceToGo 0x932ijgf….098j309jsd
Entering a Bar in the Attestation model Real Name: Alice State of Residence: IL Birth year: 1990 Credential Real Name: Alice State of Residence: IL Birth year: 1990 The age of the person with this photo is at least 21 years old
- Privacy. What does the issuer learn about the Subject’s interaction with Relying party? - Availability. Can the Issuer prevent the interaction? - Revocation. Does the Issuer have the ability to revoke the attestation? Does the Subject? - Meaning. What does the attestation say? Does the Issuer guarantee it’s accurate? Summary: questions to ask in Attestation model
1b: From OAuth to Anonymous Credentials https://defi-learning.org
12
13
Logins with OAuth Account: @amiller Email address: amiller@email.com Attestation: Requests login Approve: Share email with discourse.pro? GitHub discourse.pro Requesting: Read Email address
Credentials based on digital signatures Account: @amiller Email address: amiller@email.com Enrollment dates: 2021-2022 Attestation: Presents certificate Signed enrollment certificate Defi University studentdiscount.com Defi University certifies that @amiller is enrolled Defi University certifies that @amiller is enrolled
Improvement: Fine-grained disclosure Account: @amiller Email address: amiller@email.com Attestation: Signed enrollment certificate consisting of 3 different attestations Defi University studentdiscount.com Defi University certifies that @amiller is enrolled Account: @amiller Enrollment dates: 2021-2022 Account: @amiller Date of birth: 05/05/2005 agediscount.com
Improvement: Fine-grained disclosure Account: @amiller Email address: amiller@email.com Attestation: Only discloses the enrollment attestation Signed enrollment certificate consisting of 3 different attestations Defi University studentdiscount.com Defi University certifies that @amiller is enrolled Account: @amiller Enrollment dates: 2021-2022 agediscount.com
Improvement: Fine-grained disclosure Account: @amiller Email address: amiller@email.com Attestation: Signed enrollment certificate consisting of 3 different attestations Defi University studentdiscount.com Defi University certifies that @amiller is enrolled Account: @amiller Date of birth: 05/05/2005 agediscount.com Only discloses the date of birth attestation Problem still remaining: Privacy!
Anonymous Credentials 19 Only discloses the enrollment attestation Defi University Defi University certifies that @amiller is enrolled Use a ZK SNARK! (like from Lecture 10) I have a document, signed by DeFi U, showing I’m enrolled during 2022 Defi University certifies that @amiller is enrolled Statement: session key enrolled during 2022 Witness: document signature from DeFi U Account: @amiller Email address: amiller@email.com Enrollment dates: 2021-2022
Anonymous Credentials w/ Revocation 20 Only discloses the enrollment attestation, revocation status Defi University Defi University certifies that @amiller is enrolled I have a document, signed by DeFi U, showing I’m enrolled during 2022, in and it’s in the non-revoked list Defi University certifies that @amiller is enrolled Public list of non-revoked document IDs Statement: session key enrolled during 2022 non-revoked list Witness: document signature from DeFi U position in the active list
Summary so far Lots of uses for linking external accounts into the DeFi system It’s simple to do, if we don’t consider privacy at all. Digital signatures and zkSNARKs can enable anonymous credentials that require minimal privacy and reliance on the issuer. 21
1c: Decentralized Identifiers https://defi-learning.org
Identifiers and Short Names Does this string identify a unique person? - Alice 23 What about - 0xj980w43g90j0934g09j43g09jw (Alice’s public key)
Identifiers and Short Names Surely at least this is global… - 0xj980w43g90j0934g09j43g09jw (Alice’s public key) 24 - eth:address:0xj980w43g90j0934g09j43g09jw - etc:address:0xj980w43g90j0934g09j43g09jw
Identifiers and Short Names Does this string identify a unique document? - bitcoin.pdf 25 - https://bitcoin.org/bitcoin.pdf - https://bitco.in/bitcoin.pdf - ipfs://QmTzD4g5FFgn...XQCnYyfffxN/bitcoin.pdf - https://ipfs.io/ipfs/QmTzD4g5FFgn...XQCnYyfffxN/bitcoin.pdf
“There are only two hard things in Computer Science: cache invalidation and naming things.” - Phil Karlton https://www.karlton.org/2017/12/naming-things-hard/ “A name is good if it survives into its future context, but of course you don’t know what other names it will coexist with.” - Simon Hui
address Alice = 0x230923907230984230994823; Smart contracts provide rich and flexible access control by default - a public key? - a multi-user policy - some other program? Really, it doesn’t matter to your defi smart contract function letMeIn() { require(msg.sender == Alice); // carry on }
address Alice = 0x230923907230984230994823; Some imaginative language features for the future…. address Alice = twitter:@AliceToGo; function letMeIn() { require(msg.sender == Alice); // carry on }
To summarize… a few insights on Identifiers Expect to manage between Implicit and Explicit Context alice vs context:alice 29 Including cryptography in the identifier makes it longer, but adds support for access control: - hash for uniquely defining a static document - public key for identifying an owner who can update it - a program defining some other policy Try to pick names that will survive into their future context
2: Authorities and Identity https://defi-learning.org
Real Names vs Accounts Lending and Borrowing in DeFi: 0x230923907230984230994823 $$$ Here’s my security deposit, $100 of ETH Let me borrow $90 worth of TOK. Price of ETH crashes relative to TOK…. Liquidate! If Alice becomes insolvent and owes more than she can pay, she can simply abandon the position The mechanism will liquidate the collateral, as best it can. Her other accounts are unaffected.
Real Names vs Accounts Borrowing in the world of real names: Alice $$$ I’d like to borrow $100. 010111001010101
Some obvious ways Real Names differ from accounts - Can’t abandon them to escape debts, indictment, etc. - Each person only gets one, can’t create a second - Not allowed to transfer or sell it to someone else vs
Real name identities are required for: - exchange services - even cryptocurrency ATMs - … many others
Regulations create specific Identity requirements Example 1: Office of Foriegn Asset Control (OFAC) Sanctions List - The US OFAC provides a sanctions list: parties (countries, groups of individuals) US organizations are not allowed to transact with. - “using the blocking of assets and trade restrictions to accomplish foreign policy and national security goals.” Example 2: Bank Secrecy Act (BSA) aka Travel Rule - All “money services businesses” must comply with travel rule. - Regulations regarding collecting and storing (for govt. audits) user data. - Crypto exchanges and wallet providers are now deemed “money services businesses”. Exposes Tension between privacy and accountability... 35
Some more nuanced features of real name ID - Ability to show up in person to reissue - Example: Personally Identifying Information (PII) as a Liability Service providers that suffer data breach affecting PII of customers or employees, often have obligations to report it - Example: Right to be Forgotten Service providers that receive consent to store PII, must also respect requests to remove them - Example: Bankruptcy protections Alternatives to real name IDs may aim to satisfy some of these
2b: Bootstrapping Legacy Credentials with CanDID https://defi-learning.org
The Bootstrapping Problem Anonymous credentials assume there exist issuers willing to sign statements. Several problems with this: - Chicken and egg problem: - Actually convincing issuers to sign credentials: incentive if identity ecosystem exists. - No identity ecosystem without issuers. - Limited APIs: - Even if issuers are convinced, the capabilities would be limited. - Issuers have incentive to hoard data, taking away user control of it. - Privacy loss: - Issuers learn the credential APIs users are accessing.
CanDID: Can-do Decentralized Identity CanDID is meant to provide an identity system which provides the following capabilities: - Bootstrapping identity, using legacy data [flexibly!]. - Key management / ability to re-issue - Sybil-resistance (one-person-one-ID) - Support for regulation compliance
Bootstrapping Identity: Current Infrastructure Example: Bootstrapping an ID with Department of Motor Vehicles 010111001010101 010111001010101
Bootstrapping Identity: For DIDs? - Solution: Oracles from Lecture 8. - Can be used for porting authenticated data from legacy sources. ssa.gov healthinsurer.com bankofamerica.com workday.com 010111001010101 Turns any web server into an issuer!
Oracle-based Credential Issuance Properties - Privacy: Committee learns only attested data - Legacy compatibility: No web server modification - Unlimited attestation types: Any web data can feed attestation
Tool for Key-Management: Secret-Sharing Committee of nodes - Each node in the committee holds a “share of a secret”. - No node learns secret by itself. - Some threshold t-out-of-n nodes needed to reconstruct the secret. - Eg: to store the binary random number 1011 secret shared by 3 nodes: - Share 1: Picked at random = 0001 - Share 2: Picked at random = 1010 - Share 3: Picked to allow reconstruction = 0000 = 1011 XOR 0001 XOR 1010 - 3-out-of-3 secret sharing
Oracle-based Key Recovery - Secret-share the key with a committee of nodes. - Set a policy for the accounts you need to show you can log in to for recovering the key.
Summary: Bootstrapping legacy credentials Desired properties of anonymous credentials can still be compatible with the use of identity authorities. This can work even without requiring legacy providers to support this. Key technique: oracles, using technology like zkSNARKs or trusted hardware
3: Future of Identities in DeFi https://defi-learning.org
Principle of Least Authority From information security: never log in as “Admin” when “guest user” will do When something goes wrong, limited damage Trust premium…. less reliable alternatives are often cheaper Avoid collecting PII… it’s a liability
Idea 1: Can we build a reputation system without relying on an authoritative credit score? 48
Webs of Trust Nodes: People, Accounts, entities Edges: an expression of “trust,” a credit line, or a record of prior interaction Paths / Flows: indicate a “friend of a friend,” transitive trust Should we recommend an $18 trade between Alice and Carol Alice Bob Carol Dave “I trust Carol up to $10” “I trust anyone Bob or Dave trusts up to $20” “I trust Carol up to $15”
Bitcoin-OTC: 12,000 users with PGP keys “Web-of-Trust” reputation tracking tool
Webs of Trust for Identity 51 Alice Bob Carol “I know Carol and her public key is 0x2039940293489284” “I know Bob’s public key, and I trust him to inspect public keys in person.” imported Carol’s public key based on transitive trust Buddy List Pubkey Carol 0x20390...
Idea 2: If all we want is one-person-one-account, but no other identifying info is needed, can we do this in a privacy-preserving and least-authority way? 52
Quadratic Funding & Why it needs identity Donors contribute to public goods project they want to see funded. A large matching organization is willing to match donations, but still wants to harness the wisdom of the crowds Tension: Want to encourage small contributors, while still allowing large contributors to contribute. Idea: scale the amount of “matching” by the square-root of each contribution
What can go wrong if a large contributor can create dozens of identities?
How can we achieve one-person-one-account without requiring real name identity? 56
Proofs of Personhood - Pseudonym party Public Keys Public event space w/ limited exists One person one vote, no Real Name identities collected!
Closely related: Proofs of Attendance 58
Summary: Decentralized Identity in DeFi - DeFi developers have a variety of technical tools for dealing with identity management…. digital signatures, zkSNARKs, oracles. These can minimize the reliance on issuers for privacy, availability - We can expect needing to be flexible with naming schemes due to forks, competing projects, and rapidly evolving nature. - The Future of decentralized identity may require creative ways to use low-authority identifiers rather than traditional ones

Recommended

Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Kaliya "Identity Woman" Young
 
Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008eComm2008
 
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized IdentityData Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized IdentityData Con LA
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018Kaliya "Identity Woman" Young
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Kaliya "Identity Woman" Young
 
Intro phishing
Intro phishingIntro phishing
Intro phishingSayali Dayama
 

Recommended

Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Kaliya "Identity Woman" Young
 
Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008eComm2008
 
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized IdentityData Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized IdentityData Con LA
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018Kaliya "Identity Woman" Young
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Kaliya "Identity Woman" Young
 
Intro phishing
Intro phishingIntro phishing
Intro phishingSayali Dayama
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
Self-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSelf-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSanketKulkarni94
 
Crypto Valley Conference 2019 - CULedger
Crypto Valley Conference 2019 - CULedgerCrypto Valley Conference 2019 - CULedger
Crypto Valley Conference 2019 - CULedgerDarrell O'Donnell
 
Matt Luallen Explains What, How and Responding to Identity Theft
Matt Luallen Explains What, How and Responding to Identity TheftMatt Luallen Explains What, How and Responding to Identity Theft
Matt Luallen Explains What, How and Responding to Identity Theftguest3151b0
 
What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?Evernym
 
Introduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityIntroduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityKaryl Fowler
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy ExamLisa Olive
 
Social Media and Estate Planning presented to Wayne State University Law Scho...
Social Media and Estate Planning presented to Wayne State University Law Scho...Social Media and Estate Planning presented to Wayne State University Law Scho...
Social Media and Estate Planning presented to Wayne State University Law Scho...gallowayandcollens
 
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221David Wood
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksEvernym
 
The Immune System of Internet
The Immune System of InternetThe Immune System of Internet
The Immune System of InternetMohit Kanwar
 
IST Presentation
IST PresentationIST Presentation
IST Presentationguest1d1ed5
 
Cap Tech Talks Webinar April=l 2020 business email cybersecurity
Cap Tech Talks Webinar April=l 2020 business email cybersecurity Cap Tech Talks Webinar April=l 2020 business email cybersecurity
Cap Tech Talks Webinar April=l 2020 business email cybersecurity Bill Gibbs
 
Trust in the age of blockchain
Trust in the age of blockchainTrust in the age of blockchain
Trust in the age of blockchainMicheleNati
 
Validide Corporation Pitch Deck 20210617
Validide Corporation Pitch Deck 20210617Validide Corporation Pitch Deck 20210617
Validide Corporation Pitch Deck 20210617Lifelog Health
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
Online Fraud Detection- A Review
Online Fraud Detection- A ReviewOnline Fraud Detection- A Review
Online Fraud Detection- A ReviewIRJET Journal
 
How To Prevent The World Wild Web Identity Crisis
How To Prevent The World Wild Web Identity CrisisHow To Prevent The World Wild Web Identity Crisis
How To Prevent The World Wild Web Identity Crisiswieringa
 
CRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfCRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfssuser7464571
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 

More Related Content

Similar to Defi MOOC Fa21 - Decentralized Identity.pptx.pdf

Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
Self-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSelf-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSanketKulkarni94
 
Crypto Valley Conference 2019 - CULedger
Crypto Valley Conference 2019 - CULedgerCrypto Valley Conference 2019 - CULedger
Crypto Valley Conference 2019 - CULedgerDarrell O'Donnell
 
Matt Luallen Explains What, How and Responding to Identity Theft
Matt Luallen Explains What, How and Responding to Identity TheftMatt Luallen Explains What, How and Responding to Identity Theft
Matt Luallen Explains What, How and Responding to Identity Theftguest3151b0
 
What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?Evernym
 
Introduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityIntroduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityKaryl Fowler
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy ExamLisa Olive
 
Social Media and Estate Planning presented to Wayne State University Law Scho...
Social Media and Estate Planning presented to Wayne State University Law Scho...Social Media and Estate Planning presented to Wayne State University Law Scho...
Social Media and Estate Planning presented to Wayne State University Law Scho...gallowayandcollens
 
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221David Wood
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksEvernym
 
The Immune System of Internet
The Immune System of InternetThe Immune System of Internet
The Immune System of InternetMohit Kanwar
 
IST Presentation
IST PresentationIST Presentation
IST Presentationguest1d1ed5
 
Cap Tech Talks Webinar April=l 2020 business email cybersecurity
Cap Tech Talks Webinar April=l 2020 business email cybersecurity Cap Tech Talks Webinar April=l 2020 business email cybersecurity
Cap Tech Talks Webinar April=l 2020 business email cybersecurity Bill Gibbs
 
Trust in the age of blockchain
Trust in the age of blockchainTrust in the age of blockchain
Trust in the age of blockchainMicheleNati
 
Validide Corporation Pitch Deck 20210617
Validide Corporation Pitch Deck 20210617Validide Corporation Pitch Deck 20210617
Validide Corporation Pitch Deck 20210617Lifelog Health
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
Online Fraud Detection- A Review
Online Fraud Detection- A ReviewOnline Fraud Detection- A Review
Online Fraud Detection- A ReviewIRJET Journal
 
How To Prevent The World Wild Web Identity Crisis
How To Prevent The World Wild Web Identity CrisisHow To Prevent The World Wild Web Identity Crisis
How To Prevent The World Wild Web Identity Crisiswieringa
 
CRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfCRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfssuser7464571
 

Similar to Defi MOOC Fa21 - Decentralized Identity.pptx.pdf (20)

Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)
 
Self-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSelf-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptx
 
Crypto Valley Conference 2019 - CULedger
Crypto Valley Conference 2019 - CULedgerCrypto Valley Conference 2019 - CULedger
Crypto Valley Conference 2019 - CULedger
 
Matt Luallen Explains What, How and Responding to Identity Theft
Matt Luallen Explains What, How and Responding to Identity TheftMatt Luallen Explains What, How and Responding to Identity Theft
Matt Luallen Explains What, How and Responding to Identity Theft
 
What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?
 
Introduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityIntroduction to Self-Sovereign Identity
Introduction to Self-Sovereign Identity
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
 
Social Media and Estate Planning presented to Wayne State University Law Scho...
Social Media and Estate Planning presented to Wayne State University Law Scho...Social Media and Estate Planning presented to Wayne State University Law Scho...
Social Media and Estate Planning presented to Wayne State University Law Scho...
 
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For Banks
 
The Immune System of Internet
The Immune System of InternetThe Immune System of Internet
The Immune System of Internet
 
IST Presentation
IST PresentationIST Presentation
IST Presentation
 
Cap Tech Talks Webinar April=l 2020 business email cybersecurity
Cap Tech Talks Webinar April=l 2020 business email cybersecurity Cap Tech Talks Webinar April=l 2020 business email cybersecurity
Cap Tech Talks Webinar April=l 2020 business email cybersecurity
 
Trust in the age of blockchain
Trust in the age of blockchainTrust in the age of blockchain
Trust in the age of blockchain
 
Validide Corporation Pitch Deck 20210617
Validide Corporation Pitch Deck 20210617Validide Corporation Pitch Deck 20210617
Validide Corporation Pitch Deck 20210617
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
 
Online Fraud Detection- A Review
Online Fraud Detection- A ReviewOnline Fraud Detection- A Review
Online Fraud Detection- A Review
 
How To Prevent The World Wild Web Identity Crisis
How To Prevent The World Wild Web Identity CrisisHow To Prevent The World Wild Web Identity Crisis
How To Prevent The World Wild Web Identity Crisis
 
CRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfCRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdf
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 

Recently uploaded (20)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 

Defi MOOC Fa21 - Decentralized Identity.pptx.pdf

  • 1. Decentralized Finance Instructor: Dan Boneh, Arthur Gervais, Andrew Miller, Christine Parlour, Dawn Song Decentralized Identities
  • 2. 1. Linking External Accounts to DeFi - Attestation model, Decentralized Identifiers - Anonymous credentials from Zero Knowledge Proofs 2. Identity Authorities and Real Names - Real names and regulations - Using CanDID to bootstrap credentials from legacy authorities 3. Future of Defi: relying less on authority - Webs-of-Trust - Proofs of Personhood Outline
  • 3. 1a: Linking external Accounts https://defi-learning.org
  • 4. Motivating Example: Airdrop to twitter users Sign me up! I’m @AliceToGo on twitter Alice @AliceToGo $$$ New token on Ethereum
  • 5. Motivating Example: Airdrop to twitter users Sign me up! I’m @AliceToGo on twitter Alice @AliceToGo New token on Ethereum account: @AliceToGo Real name: Alice Profile: “My eth address: 0x932ijgf….098j309jsd” 0x932ijgf….098j309jsd $$$
  • 6. Why would DeFi want to link external accounts? - Airdrops, tips, giveaways to social media accounts - Reputation as collateral - Simplifying user registration & login with Single-Sign-On - Avoid spammers, botnets, farms, and sybil attacks - Provide an alternate way to recover a lost account - Ensure “one person one vote” for fairness in governance 6
  • 7. Simple Attestation Model 7 Attestation: “something about the subject” Subject Relying Party Issuer
  • 8. Twitter Airdrops in the Attestation model account: @AliceToGo Real name: Alice Profile: “My eth address: 0x932ijgf….098j309jsd” Attestation: Any problems? Sign me up! I’m @AliceToGo 0x932ijgf….098j309jsd
  • 9. Entering a Bar in the Attestation model Real Name: Alice State of Residence: IL Birth year: 1990 Credential Real Name: Alice State of Residence: IL Birth year: 1990 The age of the person with this photo is at least 21 years old
  • 10. - Privacy. What does the issuer learn about the Subject’s interaction with Relying party? - Availability. Can the Issuer prevent the interaction? - Revocation. Does the Issuer have the ability to revoke the attestation? Does the Subject? - Meaning. What does the attestation say? Does the Issuer guarantee it’s accurate? Summary: questions to ask in Attestation model
  • 11. 1b: From OAuth to Anonymous Credentials https://defi-learning.org
  • 12. 12
  • 13. 13
  • 14. Logins with OAuth Account: @amiller Email address: amiller@email.com Attestation: Requests login Approve: Share email with discourse.pro? GitHub discourse.pro Requesting: Read Email address
  • 15. Credentials based on digital signatures Account: @amiller Email address: amiller@email.com Enrollment dates: 2021-2022 Attestation: Presents certificate Signed enrollment certificate Defi University studentdiscount.com Defi University certifies that @amiller is enrolled Defi University certifies that @amiller is enrolled
  • 16. Improvement: Fine-grained disclosure Account: @amiller Email address: amiller@email.com Attestation: Signed enrollment certificate consisting of 3 different attestations Defi University studentdiscount.com Defi University certifies that @amiller is enrolled Account: @amiller Enrollment dates: 2021-2022 Account: @amiller Date of birth: 05/05/2005 agediscount.com
  • 17. Improvement: Fine-grained disclosure Account: @amiller Email address: amiller@email.com Attestation: Only discloses the enrollment attestation Signed enrollment certificate consisting of 3 different attestations Defi University studentdiscount.com Defi University certifies that @amiller is enrolled Account: @amiller Enrollment dates: 2021-2022 agediscount.com
  • 18. Improvement: Fine-grained disclosure Account: @amiller Email address: amiller@email.com Attestation: Signed enrollment certificate consisting of 3 different attestations Defi University studentdiscount.com Defi University certifies that @amiller is enrolled Account: @amiller Date of birth: 05/05/2005 agediscount.com Only discloses the date of birth attestation Problem still remaining: Privacy!
  • 19. Anonymous Credentials 19 Only discloses the enrollment attestation Defi University Defi University certifies that @amiller is enrolled Use a ZK SNARK! (like from Lecture 10) I have a document, signed by DeFi U, showing I’m enrolled during 2022 Defi University certifies that @amiller is enrolled Statement: session key enrolled during 2022 Witness: document signature from DeFi U Account: @amiller Email address: amiller@email.com Enrollment dates: 2021-2022
  • 20. Anonymous Credentials w/ Revocation 20 Only discloses the enrollment attestation, revocation status Defi University Defi University certifies that @amiller is enrolled I have a document, signed by DeFi U, showing I’m enrolled during 2022, in and it’s in the non-revoked list Defi University certifies that @amiller is enrolled Public list of non-revoked document IDs Statement: session key enrolled during 2022 non-revoked list Witness: document signature from DeFi U position in the active list
  • 21. Summary so far Lots of uses for linking external accounts into the DeFi system It’s simple to do, if we don’t consider privacy at all. Digital signatures and zkSNARKs can enable anonymous credentials that require minimal privacy and reliance on the issuer. 21
  • 23. Identifiers and Short Names Does this string identify a unique person? - Alice 23 What about - 0xj980w43g90j0934g09j43g09jw (Alice’s public key)
  • 24. Identifiers and Short Names Surely at least this is global… - 0xj980w43g90j0934g09j43g09jw (Alice’s public key) 24 - eth:address:0xj980w43g90j0934g09j43g09jw - etc:address:0xj980w43g90j0934g09j43g09jw
  • 25. Identifiers and Short Names Does this string identify a unique document? - bitcoin.pdf 25 - https://bitcoin.org/bitcoin.pdf - https://bitco.in/bitcoin.pdf - ipfs://QmTzD4g5FFgn...XQCnYyfffxN/bitcoin.pdf - https://ipfs.io/ipfs/QmTzD4g5FFgn...XQCnYyfffxN/bitcoin.pdf
  • 26. “There are only two hard things in Computer Science: cache invalidation and naming things.” - Phil Karlton https://www.karlton.org/2017/12/naming-things-hard/ “A name is good if it survives into its future context, but of course you don’t know what other names it will coexist with.” - Simon Hui
  • 27. address Alice = 0x230923907230984230994823; Smart contracts provide rich and flexible access control by default - a public key? - a multi-user policy - some other program? Really, it doesn’t matter to your defi smart contract function letMeIn() { require(msg.sender == Alice); // carry on }
  • 28. address Alice = 0x230923907230984230994823; Some imaginative language features for the future…. address Alice = twitter:@AliceToGo; function letMeIn() { require(msg.sender == Alice); // carry on }
  • 29. To summarize… a few insights on Identifiers Expect to manage between Implicit and Explicit Context alice vs context:alice 29 Including cryptography in the identifier makes it longer, but adds support for access control: - hash for uniquely defining a static document - public key for identifying an owner who can update it - a program defining some other policy Try to pick names that will survive into their future context
  • 30. 2: Authorities and Identity https://defi-learning.org
  • 31. Real Names vs Accounts Lending and Borrowing in DeFi: 0x230923907230984230994823 $$$ Here’s my security deposit, $100 of ETH Let me borrow $90 worth of TOK. Price of ETH crashes relative to TOK…. Liquidate! If Alice becomes insolvent and owes more than she can pay, she can simply abandon the position The mechanism will liquidate the collateral, as best it can. Her other accounts are unaffected.
  • 32. Real Names vs Accounts Borrowing in the world of real names: Alice $$$ I’d like to borrow $100. 010111001010101
  • 33. Some obvious ways Real Names differ from accounts - Can’t abandon them to escape debts, indictment, etc. - Each person only gets one, can’t create a second - Not allowed to transfer or sell it to someone else vs
  • 34. Real name identities are required for: - exchange services - even cryptocurrency ATMs - … many others
  • 35. Regulations create specific Identity requirements Example 1: Office of Foriegn Asset Control (OFAC) Sanctions List - The US OFAC provides a sanctions list: parties (countries, groups of individuals) US organizations are not allowed to transact with. - “using the blocking of assets and trade restrictions to accomplish foreign policy and national security goals.” Example 2: Bank Secrecy Act (BSA) aka Travel Rule - All “money services businesses” must comply with travel rule. - Regulations regarding collecting and storing (for govt. audits) user data. - Crypto exchanges and wallet providers are now deemed “money services businesses”. Exposes Tension between privacy and accountability... 35
  • 36. Some more nuanced features of real name ID - Ability to show up in person to reissue - Example: Personally Identifying Information (PII) as a Liability Service providers that suffer data breach affecting PII of customers or employees, often have obligations to report it - Example: Right to be Forgotten Service providers that receive consent to store PII, must also respect requests to remove them - Example: Bankruptcy protections Alternatives to real name IDs may aim to satisfy some of these
  • 37. 2b: Bootstrapping Legacy Credentials with CanDID https://defi-learning.org
  • 38. The Bootstrapping Problem Anonymous credentials assume there exist issuers willing to sign statements. Several problems with this: - Chicken and egg problem: - Actually convincing issuers to sign credentials: incentive if identity ecosystem exists. - No identity ecosystem without issuers. - Limited APIs: - Even if issuers are convinced, the capabilities would be limited. - Issuers have incentive to hoard data, taking away user control of it. - Privacy loss: - Issuers learn the credential APIs users are accessing.
  • 39. CanDID: Can-do Decentralized Identity CanDID is meant to provide an identity system which provides the following capabilities: - Bootstrapping identity, using legacy data [flexibly!]. - Key management / ability to re-issue - Sybil-resistance (one-person-one-ID) - Support for regulation compliance
  • 40. Bootstrapping Identity: Current Infrastructure Example: Bootstrapping an ID with Department of Motor Vehicles 010111001010101 010111001010101
  • 41. Bootstrapping Identity: For DIDs? - Solution: Oracles from Lecture 8. - Can be used for porting authenticated data from legacy sources. ssa.gov healthinsurer.com bankofamerica.com workday.com 010111001010101 Turns any web server into an issuer!
  • 42. Oracle-based Credential Issuance Properties - Privacy: Committee learns only attested data - Legacy compatibility: No web server modification - Unlimited attestation types: Any web data can feed attestation
  • 43. Tool for Key-Management: Secret-Sharing Committee of nodes - Each node in the committee holds a “share of a secret”. - No node learns secret by itself. - Some threshold t-out-of-n nodes needed to reconstruct the secret. - Eg: to store the binary random number 1011 secret shared by 3 nodes: - Share 1: Picked at random = 0001 - Share 2: Picked at random = 1010 - Share 3: Picked to allow reconstruction = 0000 = 1011 XOR 0001 XOR 1010 - 3-out-of-3 secret sharing
  • 44. Oracle-based Key Recovery - Secret-share the key with a committee of nodes. - Set a policy for the accounts you need to show you can log in to for recovering the key.
  • 45. Summary: Bootstrapping legacy credentials Desired properties of anonymous credentials can still be compatible with the use of identity authorities. This can work even without requiring legacy providers to support this. Key technique: oracles, using technology like zkSNARKs or trusted hardware
  • 46. 3: Future of Identities in DeFi https://defi-learning.org
  • 47. Principle of Least Authority From information security: never log in as “Admin” when “guest user” will do When something goes wrong, limited damage Trust premium…. less reliable alternatives are often cheaper Avoid collecting PII… it’s a liability
  • 48. Idea 1: Can we build a reputation system without relying on an authoritative credit score? 48
  • 49. Webs of Trust Nodes: People, Accounts, entities Edges: an expression of “trust,” a credit line, or a record of prior interaction Paths / Flows: indicate a “friend of a friend,” transitive trust Should we recommend an $18 trade between Alice and Carol Alice Bob Carol Dave “I trust Carol up to $10” “I trust anyone Bob or Dave trusts up to $20” “I trust Carol up to $15”
  • 50. Bitcoin-OTC: 12,000 users with PGP keys “Web-of-Trust” reputation tracking tool
  • 51. Webs of Trust for Identity 51 Alice Bob Carol “I know Carol and her public key is 0x2039940293489284” “I know Bob’s public key, and I trust him to inspect public keys in person.” imported Carol’s public key based on transitive trust Buddy List Pubkey Carol 0x20390...
  • 52. Idea 2: If all we want is one-person-one-account, but no other identifying info is needed, can we do this in a privacy-preserving and least-authority way? 52
  • 53.
  • 54. Quadratic Funding & Why it needs identity Donors contribute to public goods project they want to see funded. A large matching organization is willing to match donations, but still wants to harness the wisdom of the crowds Tension: Want to encourage small contributors, while still allowing large contributors to contribute. Idea: scale the amount of “matching” by the square-root of each contribution
  • 55. What can go wrong if a large contributor can create dozens of identities?
  • 56. How can we achieve one-person-one-account without requiring real name identity? 56
  • 57. Proofs of Personhood - Pseudonym party Public Keys Public event space w/ limited exists One person one vote, no Real Name identities collected!
  • 58. Closely related: Proofs of Attendance 58
  • 59. Summary: Decentralized Identity in DeFi - DeFi developers have a variety of technical tools for dealing with identity management…. digital signatures, zkSNARKs, oracles. These can minimize the reliance on issuers for privacy, availability - We can expect needing to be flexible with naming schemes due to forks, competing projects, and rapidly evolving nature. - The Future of decentralized identity may require creative ways to use low-authority identifiers rather than traditional ones