Identity protocol v1: Difference between revisions
Jump to navigation
Jump to search
→Creating sacrifice transactions: update creation protocol |
→Creating sacrifice transactions: prefer block height |
||
Line 12: | Line 12: | ||
Similar to [https://en.bitcoin.it/wiki/Fidelity_bonds#Announce.2FCommit_Sacrifices Announce/Commit Sacrifices] | Similar to [https://en.bitcoin.it/wiki/Fidelity_bonds#Announce.2FCommit_Sacrifices Announce/Commit Sacrifices] | ||
# TM = current | # TM = current block height | ||
# create transaction T2. | # create transaction T2. | ||
## must include OP_RETURN <digest of master pubkey> | ## must include OP_RETURN <digest of master pubkey> | ||
## nlocktime = TM + | ## nlocktime = TM + 144 blocks | ||
## no more than 1000 bytes in size | ## no more than 1000 bytes in size | ||
# create transaction T1 | # create transaction T1 |
Revision as of 04:22, 28 June 2013
Design goals
Decentralized identity.
- Has some creation cost
- Sacrifice may be digitally proven, bootstrapping root of trust from blockchain data
- Start as anonymous; opt out of anonymity by attaching identifying key-value pairs (real.name = "John Smith").
Creating sacrifice transactions
Similar to Announce/Commit Sacrifices
- TM = current block height
- create transaction T2.
- must include OP_RETURN <digest of master pubkey>
- nlocktime = TM + 144 blocks
- no more than 1000 bytes in size
- create transaction T1
- must include >= 0.01 BTC fee
- must include OP_RETURN txid(T2)
- no more than 1000 bytes in size
- broadcast T1, T2 until confirmed
Creating root record
Craft a bytestream that represents the root SIN record.
- B1 = block w/ T1, B2 = block w/ T2
- Verify B2 time >= (24-4) hours B1 time. Fail and waste sacrifice if not.
- MD = ripemd160(B1.hash + T1.txid + B2.hash + T2.txid)
- Prefix = 0x18, SIN_Version = 0x01
- SIN = base58_encode_check( Prefix + SIN_Version + MD )
- PPK = Preferred Public Key, new public key for root of trust
- Build root record,
- root = SIN + PPK
- H_ROOT = hash(root)
- For each (T1, T2), -- prove we control 100% of the inputs for T1, T2
- For each input
- Obtain referenced output
- Obtain public key from output (if necessary, look up in local node db from pubkeyhash)
- signature = sign H_ROOT with key associated with just-retrieved public key
- root += (public key, signature)
- For each input
Thus a minimal root record is
- SIN
- PPK
- list of (public key, signature)
and is provably
- linked to the sacrifices
- PPK starts a new chain of digital signature trust, for further record updates
After that, additional key-value pairs may be associated with the root record via updates verified by PPK, stored in an alt-blockchain or DHT somewhere. That is outside the scope of this minimal document.