Blockchain-based identification systems can approach the problem of digital identity in a different way, and this possibility might not be as unrealizable. It can be anticipated that over time, each person will have a certain set of digital attributes – people will gradually build more and more vast communities, no matter how much their individual self-esteem affects them. Today, the simple fact of human life is not always sufficient to achieve such rights. Citizenship, refugee status, freedom of movement, government benefits, etc. depend on the ability to prove identity in a well-established manner. Therefore, it is important to solve the problem of Internet identification. They also contend that identity is a fundamental human right. Is this right to be exercised on a digital basis? If so, will blockchain be used for that purpose? Will the confidentiality of individuals be respected? In terms of the digital divide, residents of developed countries are faced with the need to store so many certificates, while the remaining nearly 2 billion people have not only digital IDs, but also a paper proof of identity. Meanwhile, in the modern world, there is still a need for at least one permanent, stable identity that can be easily handled by its owner.
The possibility of developing a universal digital identification system, eliminating the need for paper records, has been promised at one time by public key encryption technologies (PKIs), but attempts to turn this idea into practise have not been crowned with success. Public key systems, which are characterised by the complexity of managing, finding and preserving trust, have ultimately been used solely for the protection of web-based data transmission networks. In some countries , public key digital identification based on smart cards is practised, but such solutions are not widely used. The idea of using blockchain to save the situation may seem strange, particularly given that today the main application of distributed ledgers is digital money, which guarantees the privacy of shared settlements. Verification of identification is basically the opposite of anonymity, after all. And what the hell does blockchain have to do with it? How does the mechanism of identity authentication keep your personal secrets? Technologies are very young, the management problems associated with them are little understood, but when did this hinder the enthusiasm for new developments? What is the identity and how will life change if all the inhabitants of the Planet are "placed" on the blockchain?
Way to Appreciation for Growth
Identification knowledge, 'personality,' requirements-similar principles from the fields of psychology, philosophy and law that have received a variety of incarnations in the digital world. Simply put, the various organisations that run the services used in everyday life need to know who we are, that is, they need enough information to distinguish us from each other. We need some kind of short pointer that establishes a correspondence between a person and a datasheet about many people-maybe all of them living in the world. Some organisations need the ability to assign attributes to identity records, while others need to determine attributes. The person is at the centre of all these experiences. In order to avoid the emergence of authoritarian dystopias, it is important to give the person, the subject of identity, power over how and when stored attributes are exposed. For example , people must report their vaccination status to medical institutions, their place of residence, to management firms, it is clear that identity is not just a name and appearance, and that name and personal relationships are not sufficient to maintain the status of an impersonal digital world. People need to register their birthplace, home, health status and economic ties in order to participate in the global economy and enjoy the privileges they have. The identification of persons, governments, corporations and any agency is being established in a variety of ways. In social media, this is a user name, a history of interaction and links to any online community. The address of the email. This is a domain URL, and potentially a digital credential. This is a name and password for most online communications, often complemented by a cell phone number. Biometric data is identified on new mobile devices by the owner. The main documents issued by the State are still on paper: driving licences , permits, birth certificates, etc.
We may be on the verge of a major shift whereby public keys will become supreme, users will have complete control over identity disclosure, and blockchain will become the source of trust when they receive credential. Or maybe we're on the verge of realising that blockchain is just reproducing the well-known problems inherent in the public key infrastructure. Blockchain technologies provide a safe way to record shared data – a publicly authenticated ledger that guarantees the integrity of each entry. The idea behind blockchain is simple: it is a mutual replicated log file or registry. The entries are processed sequentially and time-stamped. An irreversible function produces a short bit sequence, which depends on the input and its place in the log. Such a function has mathematical properties which make it almost impossible to create another journal with the same results. In that case, the product of the function, as it has been, expresses the log in a short form. When adding new entries, the system uses the current value and the contents of the new record to decide the next result. It is written by the presenter of the magazine and the value of output
Blockchain does not provide encryption of its own. Two more frameworks are needed to implement the original trust model. Second, there is a verifiable definition of correctness for every log file case. In other words, there is a criterion for correctness that is not related to the correctness of the sequence of events; in general, log file entries are signed with a public key and have a standard format. Second, the idea behind the benefits of blockchain is to spread its governance across many (maybe not trusting each other) parties, thereby achieving a "distributed consensus" in real time. Blockchain remains a stable record of transactions, provided that the majority of the parties are interested in the release of a single version of the transaction. Bitcoin has a remarkable property: any group that has done enough work can make a blockchain. Anyone may become a member of the peer-to - peer network and receive data on the current state of the blockchain and the list of transactions in the queue for inclusion in the blockchain. After checking transactions for compliance with the correctness conditions and calculating the validation function, the party can notify other nodes of the transactions and the result of the validation. After checking the calculations, all other nodes start publishing the blockchain with a new transaction block. An essential feature of the Bitcoin Validation feature is that it is difficult to calculate but easy to check. To inspire validators to perform their assignments, the system will automatically reward them when the estimates are accepted.
There are plans for the creation of blockchain networks and societies using distributed ledgers, where entries are linked to the identification of an individual or unique object, such as a domain name. According to this model, an individual or item's public key is included in a blockchain record where the party can access it. In the simplest case, an ID is signed by the provider using its own public key to confirm that the public key represented in a particular item actually belongs to the person with that name. In this respect, similarities exist with existing public key systems, such as X.509v3 and PGP. The blockchain is getting a couple of improvements. One of these being that the replication of the blockchain by a heterogeneous object group ensures availability and longevity. Another is the immutability of blockchain and time stamps-it 's hard to ignore the fact of having a ledger that can be verified for the entire life of the blockchain.
To see if blockchain solves other fundamental identity problems, it's worth exploring why blockchain itself has become so important. While we still rely on passwords and special apps, public key digital IDs are our only hope of getting out of a situation where companies and governments need to rely on us to protect our privacy, and their inability to do so has been demonstrated on a regular basis. Electronic recognition is not available to everyone in the digital divide. On the one side, there are populations in countries with reliable government documents, relatively effective electronic devices and extensive access to the Internet. On the other-people who care less about the state. How do you identify those who can not prove their identity by using a mobile phone, a chip card or something like that? For example, by recording biometric data-Iris images, fingerprints, etc. The cryptographic hash of these data can be the anchor point for attributes such as ethnicity, vaccination status, etc. The blockchain stores the hash value, and the various certifying authorities would be able to verify the presence of these attributes. However, the biometric attributes are unclear, as they are not typical to a cryptographic hash. It is possible, however, to envisage a solution based on mechanisms of varying degrees of precision and multiple dimensions that allow a unique identifier to be mapped to a set of attributes.
No identifiable feature could be revealed in the ideal world without the permission of the identifiable. However, if a person does not have digital means, he or she may not be able to provide the public key for access to the recording, although biometric data alone may be sufficient to do so. And it is very likely that this is how recognition will sometimes take place not only of people who do not have digital means, but also of the majority of the world's population in general. Today, in the technogenic world, there are many who support the notion of a radical change in the definition of digital identity by registering identifiable information in the blockchain. The owner of the identifiers would then have complete freedom to control access to their personal information, certificates and organisational documents. There may be an entire identity economy, a libertarian utopia in which the individual and his keys are self-determining objects.
How a blockchain can give users control over their personal data can be illustrated by an example of an experiment in the MIT Media Lab where a blockchain system was set up to award academic achievement certificates to students. At the same time, Media Lab functions as a validation agency that manages the blockchain. The computer encodes information on the student's progress and the public key. The signed hash of this data structure is placed on the blockchain, and the student receives a copy of it and may verify the existence of the certificate by sending his copy and address to the prospective employer on the blockchain, for example. It ensures that the certificate hash matches the record of the blockchain and is signed by the educational institution. The framework offers students ownership of this knowledge – the institute does not need to connect with the prospective employer. Ideally, the university does not store any information at all-it belongs to the student, who thus has an increased degree of responsibility: he can not lose his key pair or the contract of the course. The added benefit is that the Media Lab does not need to provide the student with any special means of entry, nor does it need to store the recording itself, nor does it need to protect sensitive student login information.
Those who are familiar with managed public key infrastructure problems may note the similarities between this example and traditional approaches, as well as the availability of a variety of workarounds. The approach does not require a student to use a public key to an educational institution. Organizers of the experiment intended to carry out this in the future, but since only a highly qualified user can generate a key pair, this mission, along with the secure transfer of keys to the student, is assigned to the educational institution. In the future, all of this can be done via a mobile application. Moreover, neither the student nor anyone else has a certificate that identifies the school, and there is no way to determine the legitimacy of the site hosting the blockchain. When a student submits a paper and the corresponding blockchain address to a prospective employer, all this seems to be straightforward, but the advantages of such a scheme over PKI for the educational institution and the student are not apparent. The university must give a signed copy of the course document to the student, and any third party must obtain this document from the student and verify the validity of the signature. A key revocation of such a controversial feature of public key systems is not permitted by the Media Lab. The cancellation of the course document is made by adding a special entry to the blockchain.
Moreover, the university concluded that the hash tree had advantages over the blockchain. The experiment uses a hybrid system: users store their certificates on the blockchain, but the issuing authority uses Merkle trees to store their own records. Such a system may be a solution for storing people's biometric data without digital means. However, there will also be a question of obtaining the approval of the user. There are much more ambitious projects that give users granular control of identity information. IBM, SecureKey and several others are working on an ID system based on the Hyperledger software core, one of several open source blockchain projects in existence. Microsoft is developing a decentralised digital identity system based on blockchain. Another open source blockchain project, Sovrin, has become the core of Evernym 's universal identity technology. Both these systems support the ability to display all or part of the attributes used in the identity document. A classic example of this is a driver's licence. They are used for a variety of reasons which are not related to driving: proof of age, place of residence, date of birth, appearance. But a lot of people would prefer to have the limited information they need. Over the last ten years, cryptographic techniques have been developed that enable such regulated disclosure: "secret handshakes," hidden credential, non-disclosure attributes, and homomorphic encryption methods in general. Developers of new types of identity systems strive to incorporate privacy protections into them and to provide controlled disclosure of attributes. There are still unresolved questions with all of this. In particular, there is no analysis and research on usability. Some complex cryptographic techniques , for example, are just too slow. There is also a possibility of relying on a trusted third party that offers cryptographic functionality. If such a group appears to be incompetent or unethical, the privacy of the system will be compromised, which will be difficult to determine. The problem of generating correct public keys remains acute.
There are also practical issues. For example, should the user be able to hide important information, such as the expiry date of the rights or the indication to wear glasses? Or, tell me, how do you get the recipient 's permission to donate an organ in the event of his death? It can take years to work through all possible instances, including the most common certificates. From the point of view of the issuing authority or agency that uses attributes, there is the advantage of being able to limit the surface area of the "attack on privacy," but there are uses of personal data sets that contradict the very idea of privacy. For example , companies are researching their clients with a view to optimising their offerings – figuring out how many consumers are under the age of 25, how long they live in cold climates, etc. Will company be inspired to take privacy more seriously in the blockchain world? Difficulties can also arise when a user has to handle a large amount of secure blockchain data. Many new systems claim that they are capable of producing different identifiers (keys) for different purposes, but it is not yet clear if the issuing authorities would be willing to use such a model. For example, if a driver's licence is used to acquire a non-driving privilege, what does the organisation do: apply the privilege to a new key provided by the applicant or to the same key validated by the driver's licence? It is likely that all PKI management problems will be inherited from blockchain over time. Companies who take over other companies will want to re-sign all certificates issued by subsidiaries; teens will want their parent-controlled certificates to be re-issued with the "adult" key, and so on as they grow older. Problems like this have led to a cumbersome X.509 chain of certificates. And isn't there going to be any related issues with the blockchain? Public keys are the basis for the identification of security, but the scheme as a whole relies so much on the creation of quality keys that do not have hidden flaws, i.e. the characteristics of the generating systems. There is also a risk that businesses will not necessarily be willing to invest in the blockchain due to a lack of substantial benefits. If the participant drops out of the blockchain, the guarantee of availability and immutability will be decreased. The remaining participants will decide to abandon the old blockchain-to stop running it completely and switch to a completely new one or to create a "fork." At some stage, the human digital archive will be polluted with the "remains" of obsolete blockchains.
Anyway, today many of those working on identity issues are considering moving to blockchain to the ease it can bring in terms of widespread availability and risk reduction. The development of blockchain-based identity systems is driven by a desire to address the issue of digital identification in a different way – to create a new environment that is not burdened by boring standards and mountains of complex software. This possibility might not be so unrealistic. Biometric IDs put on citizens by governments could coexist with "underground" separatist IDs, autonomous credit rating systems , and various self-made "identities." It can be anticipated that over time, each person will have a certain set of digital attributes – people will eventually establish more and more vast communities, no matter how much their individual self-esteem affects them. Given the limited use of PKI, it can be assumed that when digital IDs replace paper documents and system logging keys, they will be based on distributed ledgers, similar to current blockchains. It remains to be hoped that such registries will strengthen, not weaken, security.
For the first time, the hacker named "blockchain bandit" was identified at the end of April last year after the publication of a study by Independent Security Evaluators, a consulting company specialising in cyber security issues. The attacker managed to steal almost 45 thousand ETHs using a variety of programme bugs and user bugs. The sum was on the account of the blockchain bandit in the spring of last year, which at the time amounted to around US$ 7.8 million. Each cryptocurrency uses a public and private key pair to authorise it. The address is extracted from the public key that can be transferred to the cryptocurrency. It can be freely distributed without fear of theft. However, the private key can not be shared with anyone. It is necessary to confirm all actions, including the transfer. If the perpetrator recognises him, he can easily withdraw his money from the wallet. And if this happens, you're not going to be able to give the money back — this is the role of the cryptocurrencies.
Ethereum is a popular forum for the creation of blockchain-based, decentralised online services operated by smart contracts. At the same time, it is an open network and the authors suggest using ether not only for transfers, but also for the exchange of resources or the registration of transactions in smart contracts. The Enterprise Ethereum Alliance, which Sberbank entered into in the same year, was established in 2017 as the first of the Russian banks. There are just a few hundred companies and associations in the EEA. Ethereum uses a 256-bit key. It's almost impossible to find: there won't be enough modern computing power. According to experts, Blockchain Bandit used a variety of other methods. In certain cases, software bugs truncate the private key for a very short period of time, which is much easier to guess. Often users have been given the right to use their own keys and have used basic keys unknowingly. Somewhere, they "worked" Trojans or viruses. The private key is also additionally protected by the user's password, but not everybody was responsible for this operation.
One of the specialists thought, "What if someone at the end uses a simple key consisting of zeros and zeros?" and it turned out. Other simple keys were found: someplace by brute force, someplace by scanning. The Independent Security Evaluators (ISE) identified 732 private keys that had signed 49,060 transactions totalling 32 ETHs. In their opinion, this is just the tip of the iceberg. Both of the current balances for these keys were zero. But this is how we managed to locate the "blockchain bandit" by looking for some of the outgoing transfers. Experts also carried out an experiment for the sake of interest. A dollar was sent to an address connected to one of the weak private keys. The money has been robbed right away. The dollar was then deposited in a new account, where the number "10" was used instead of the private key. Theft again, dude. But the money was robbed by another "bandit." The blockchain bandit also tried, but it was a few milliseconds late. That's it. The attackers have an enormous list of compromised keys. And as soon as money appears on their connected accounts, it is immediately transferred to their wallets. Blockchain Bandit is believed to have used other means of robbery. Some people use so-called brain wallets, where user-made passwords are used instead of cryptographic keys. It's a bit easier to hack them. Is it possible to defend against theft of cryptocurrency wallets? If you comply not only with usual computer safety criteria, but also with new ones, you can do so. Experts agree that the use of VPN services would boost transaction security. Of course, you need to pick a reliable VPN service with a high degree of security and speed over the Internet. For example, Surfshark scores 9.5 out of 10 based on the well-known Wizcase web resource. VPN provides a separate layer of encryption and anonymity. Criminals' attacks on your IP address will become futile, as the spoofed IP address will "shine" on the Internet: the real one will be covered. Hackers are not permitted to access your computers, therefore. When using a proxy server, all data you send will be encrypted securely using the most advanced algorithms. For example, Surfshark uses AES-256-GCM encryption, IKEv2 / IPsec and OpenVPN protocols. In addition, a VPN service will help bypass bans imposed by certain countries that are hostile to cryptocurrencies.