The Future of Trust in a Digital World – Self-Sovereign Identity


HodlX Guest Post  Submit Your Post


In today’s interconnected world, trust is the currency of interaction. The higher the risks, the higher the stakes, and the more trust is required.

By trusting another party, you essentially empower them to act and decide in a manner that affects you, and by subsequently verifying their actions, you can confirm that they do indeed live up to their responsibilities.

“Trust, but verify,” as the proverb goes.

The trust factor – fueling human transactions

We humans are transactional beings.

Every single interaction between two or more people has some element of transactionality to it, and be it an exchange of goods or a social media post each transaction requires a certain amount of trust between all those involved before it can take place.

The ability to know who you’re interacting with and what they stand for are key pieces of information which we humans use to gauge if a transaction is worthwhile or not.

Enlaced in our most ordinary interactions, the importance of trust can be recognized in various aspects of our daily lives ranging from the things we engage in individually, to those we carry out as a society.

Take, for example, online gaming, in which a user must identify themselves via a pseudonym and earn a reputation for being a skilled player.

Another user may choose to team up with such an experienced person while knowing nothing about them perhaps in exchange for giving up the majority of the plunder.

The element of trust here is linked to the skilled player’s social reputation, level and status in the game.

Our relationship with banks is another prime example of this exchange of trust these institutions safeguard our funds and enable financial transactions like loans and investments.

For these transactions to take place, banks must establish our identity and adhere to legal requirements, ensuring not only our legal identity but our trustworthiness entirely.

For the most basic services, a bank needs to ensure that we’re an identified person, and in return, we need to be able to trust that the bank will still exist tomorrow and appropriately manage the money we’ve entrusted in their custody.

More sophisticated financial services, however, such as investing in stock, require the bank to conduct more in-depth checks of our identity notably proof-of-address that we’re not on a sanctions list or classified as a protected person.

Naturally, the riskier the service in question, the greater amount of trust required, and in turn, the need for more in-depth verification.

Self-sovereign identity – from oversharing to selective disclosure

The need to securely verify aspects of a person’s identity exists in multiple avenues of life.

When you enter a nightclub you need to prove your age. When you rent a car you need to prove your full identity.

In real life, we keep our identity documents safely tucked away in wallets, purses or binders and disclose them selectively.

In other words, we have self-sovereign control over our identity we decide who we disclose our information to and when.

But for all its merits, the old back pocket wallet has a privacy flaw when we pull out our driver’s license and show it to the doorman at our local nightclub, we disclose more than we want to.

The doorman could take note of our full identity and choose to abuse that information.

But what if

What if we could decide to convey only the information that’s relevant in a particular exchange? If we could prove to the doorman that we’re old enough to enter without showing our full name?

Enter digital identities, where such interactions are possible and known as ‘selective disclosure.’

In essence, this capability allows service providers to solely request the information they need as it’s available on your identity card either as an attribute, such as your first name or a predicate, such as, “Are you from Europe?”

In the digital world, service providers can even mix and match, requesting multiple attributes and predicates from various identity cards at once.

Imagine a casino that might ask for digital proof that a person is older than 18 before granting them access to the blackjack table.

If the person decides to reply, the required information is sent back digitally to the casino in the shape of a so-called zero-knowledge proof.

Such a proof is near-impossible to forge and can easily be validated be it by the casino or any other service provider.

Back pocket to the blockchain – our wallets, evolved

Your real-world wallet contains money or credit cards that help you pay for goods.

It contains aspects of your identity, your driver’s license, membership cards, business cards and access cards all of which fuel transactions of some kind.

In self-sovereign identity frameworks, a digital identity wallet serves the same purpose.

It exists in the form of an application on a device that you control, most likely your laptop or phone, and allows you to perform payments, hold digital assets and prove aspects of your identity to access services.

Much like you’d receive a physical banking card for your physical wallet, you can also receive the digital equivalent of such a card, known as a VC (verifiable credential).

VCs are created by an issuing authority an issuer which is typically a company but could also be a person or digital agent.

The authenticity of a VC is guaranteed by the issuer’s digital signature, and thus, extremely difficult to forge.

When you receive a VC from a third party, your wallet will validate that it has a valid signature on it from a known issuer.

That said, it’s up to you to decide whether this issuer is the one you expected and if you want to add the VC to your wallet.

Honoring its physical leather contender, the self-sovereign wallet heralds a return to the days when only you had control over your identity papers.

Digital wallets, while capable of being self-sovereign, can also be centralized and custodial, making them vulnerable to privacy breaches and hackers.

Ultimately, digital wallets don’t provide the optimal replacement for your trusty back pocket version self-sovereign ones, however, do.

Trust issues – solved

Some credentials such as a proof-of-reputation, like that of a game provider require little more than a pseudonym.

However, more often than not, the issuer of a credential will require deeper knowledge of the recipient.

The reason for this is that as an issuer, your reputation comes into play when you validate a credential that states a claim about someone.

For instance, a department store needs to be sure that company credentials are only issued to current employees. Otherwise, the employee discount could easily be abused, costing that store.

In other words, there is a trust relationship between the issuer of a credential and the verifier of a proof

.The verifier has to know that the company that issued the credential is genuine, that the credential itself is valid and that the receiver is the intended recipient.

In self-sovereign identity, this is known as the ‘trust triangle.’

The trust triangle takes form in various aspects of our daily lives when selling your house, for example, you’d trust the real estate agent with your keys and ask an escrow to hold your money when the sale goes through.

When buying stocks, you trust your broker to execute the deal and keep your assets safe in custody.

Self-sovereign identity introduces the notion of a trust registry.

The registry keeps track of all verifiable credentials issued in the system but doesn’t contain the actual data that goes into them, as that would violate self-sovereignty.

It does, however, keep unique fingerprints of everything, which can be used to check the authenticity and integrity of the VCs involved.

When you quit your job, your employer changes your employment status to ‘not employed,’ much like your favorite magazine may change your status to ‘suspended’ in the case of late payments.

In SSI, such life-cycle events of verifiable credentials issued to you are handled inside the trust registry by the issuer, who may update their status and choose to renew, update or burn your credentials.

Blockchain provides a perfect technological match to implement a trust registry on blockchain transactions are immutable, so once a verifiable credential has been anchored onto the chain, a verifier can confirm the credentials were created by a trusted issuer and that their integrity is intact.

Again trust but verify.

Protecting privacy in the data economy

Chances are that you have an email address already and that you use Instagram to keep in touch with family and friends and LinkedIn to manage your professional network.

Chances are that you are also aware that a majority of social media businesses keep your personal information in their private databases and monetize your online behavior. Welcome to the data economy.

Effectively, many social media giants offer their login services to third-party companies at a fee or even for free.

As an end-user, logging in with a single username and password combination is super convenient by remembering one single combination, you gain access to multiple platforms.

That convenience extends to the third-party business, too, that gathers a ton of data about you from these platforms as soon as you log in.

This data fuels the tech giants that track various aspects of your daily life from your calendar to your photo galleries and search history.

It’s less great, however, for your privacy. With little to no effort, these businesses receive large amounts of information about you, suddenly owning attractive data packages that can be sold to anyone interested.

Self-sovereign identity wallets address this lack of privacy by allowing you to take control of your identity information.

Existing Web 2.0 identities are stored in centralized databases, and the first step in taking control is to make them decentralized.

This happens through a Web 2.0 identity issuer, which could be implemented as a web application.

Once such an application is installed, the user can click a service-specific login button like ‘login with Telegram’ at the issuer service, which takes them to the service provider’s login system.

Once logged in, the service provider sends all of the information it knows about the user to the Web 2.0 identity issuer. This, in turn, creates a verifiable credential for your wallet.

And voila, a centralized Web 2.0 identifier is now decentralized and self-sovereign.

The trick of trust here is that the verifiable credential will be signed by the social media verifier, offering a reference to their verified identity.

From that point onward, ownership over anything ranging from your email address to your social media account can be proven via zero-knowledge proofs.

Beyond anonymity – the role of social reputation

“On the Internet, nobody knows you’re a dog,” as the caption of an internet cartoon goes.

But while anonymity and pseudonymity are great if you want to work from the shadows, they don’t offer much to someone who might need to convey trust in you take, for example, applying for a job or selling something online.

Now, if that person could somehow judge your behavior in various contexts, you might earn enough trust for an interaction or transaction to take place actions speak louder than words.

Here, the social reputation score comes into play, and like any credential, it needs to be vouched for by some authority, ideally having done its homework and publishing how that score was calculated.

With a social reputation score in their wallet as a verified credential, a person could improve their profile in job searches, when renting an apartment and any other similar interaction where social reputation is important.

Legal identity made private – unlocking the power of ZK proofs

Your legal identity can quite literally open doors, be it granting access to nightclubs and casinos or accessing age-restricted content.

With it, the service provider can rest assured that they’re in compliance with the law. But as outlined above, sharing your legal identity comes with its own associated risks.

A digital identity wallet, however designed to provide zero-knowledge proofs of predicates enables entities to request succinct proof of certain criteria by asking precise, specific questions like, “Are you older than 18? or “Are you from Europe?” without sharing any other information.

The digital wallet will not need your name, your actual age or your financial capabilities. It simply needs to know for certain that you’re an adult in order to grant access in a privacy-preserving manner.

Beyond proof of age, legal identifiers also enable ownership of real-world assets and digital assets with an identity framework in place, ownership of digital assets can be asserted using zero-knowledge technology and coupled with physical items.

When you buy such an asset from someone, you might want to know the provenance of the item and who made it.

This can be asserted with the same technology and legal identity by stamping the required information into the blockchain.

Trust and verify

Trust and risk go hand in hand within the realm of decentralized identity systems, where parties are not forced to blindly trust and can instead verify.

Just because you can identify someone safely doesn’t mean there is a need for it or that an interaction necessarily warrants it.

Effectively, the scenarios in which private interactions are to be preferred are numerous, and among them are many in which knowledge of another party is necessary.

Amid a complex scale of risk and trust, self-sovereign identity offers a privacy-preserving framework that enables the optimal balance of both.

In an ever-evolving digital landscape, SSI takes center stage not only safeguarding privacy but also optimizing trust and security, ultimately putting individuals in control of their own identities.

Kåre Kjelstrøm is the group CTO of Concordium, a layer-one science-backed blockchain committed to creating a safer digital world.


Check Latest Headlines on HodlX

Follow Us on Twitter Facebook Telegram

Check out the Latest Industry Announcements

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/Viktoria Kurpas


Source link

Related posts

Leave a Comment