Identity protocol v1: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
← Older editNewer edit →
Jgarzik (talk | contribs)
Editors
125 edits
Jgarzik (talk | contribs)
Editors
125 edits
→‎Creating root record: simplify (h/t petertodd)
Line 27: Line 27:
Craft a bytestream that represents the root SIN record.
Craft a bytestream that represents the root SIN record.


# MPK = master public key
# B1 = block w/ T1, B2 = block w/ T2
# B1 = block w/ T1, B2 = block w/ T2
# Verify B2 time >= (24-4) hours B1 time.  Fail and waste sacrifice if not.
# Verify B2 height >= 144 blocks of B1 height.  Fail and waste sacrifice if not.
# MD = ripemd160(B1.hash + T1.txid + B2.hash + T2.txid)
# MD = ripemd160(MPK)
# Prefix = 0x18, SIN_Version = 0x01
# Prefix = 0x18, SIN_Version = 0x01
# SIN = base58_encode_check( Prefix + SIN_Version + MD )
# SIN = base58_encode_check( Prefix + SIN_Version + MD )
# PPK = Preferred Public Key, new public key for root of trust
# PPK = Preferred Public Key, new public key for root of trust
# Build root record,
# Build root record,
##     root = SIN + PPK
## SIN
##     H_ROOT = hash(root)
## MPK
##    For each (T1, T2),      -- prove we control 100% of the inputs for T1, T2
###      For each input
####        Obtain referenced output
####        Obtain public key from output (if necessary, look up in local node db from pubkeyhash)
####        signature = sign H_ROOT with key associated with just-retrieved public key
####        root += (public key, signature)


Thus a minimal root record is
Thus a minimal root record is
* SIN
* SIN
* PPK
* MPK
* list of (public key, signature)


and is provably
and is provably
* linked to the sacrifices
* linked to the sacrifices
* PPK starts a new chain of digital signature trust, for further record updates
* MPK starts a new chain of digital signature trust, for further record updates


After that, additional key-value pairs may be associated with the root record via updates verified by PPK, stored in an alt-blockchain or DHT somewhere.  That is outside the scope of this minimal document.
After that, additional key-value pairs may be associated with the root record via updates verified by PPK, stored in an alt-blockchain or DHT somewhere.  That is outside the scope of this minimal document.

Revision as of 04:25, 28 June 2013

Design goals

Decentralized identity.

  • Has some creation cost
  • Sacrifice may be digitally proven, bootstrapping root of trust from blockchain data
  • Start as anonymous; opt out of anonymity by attaching identifying key-value pairs (real.name = "John Smith").


Creating sacrifice transactions

Similar to Announce/Commit Sacrifices

  1. TM = current block height
  2. create transaction T2.
    1. must include OP_RETURN <digest of master pubkey> output
    2. nlocktime = TM + 144 blocks
    3. no more than 1000 bytes in size
  3. create transaction T1
    1. must include >= 0.01 BTC fee
    2. must include OP_RETURN txid(T2) output
    3. no more than 1000 bytes in size
  4. broadcast T1, T2 until confirmed

Creating root record

Craft a bytestream that represents the root SIN record.

  1. MPK = master public key
  2. B1 = block w/ T1, B2 = block w/ T2
  3. Verify B2 height >= 144 blocks of B1 height. Fail and waste sacrifice if not.
  4. MD = ripemd160(MPK)
  5. Prefix = 0x18, SIN_Version = 0x01
  6. SIN = base58_encode_check( Prefix + SIN_Version + MD )
  7. PPK = Preferred Public Key, new public key for root of trust
  8. Build root record,
    1. SIN
    2. MPK

Thus a minimal root record is

  • SIN
  • MPK

and is provably

  • linked to the sacrifices
  • MPK starts a new chain of digital signature trust, for further record updates

After that, additional key-value pairs may be associated with the root record via updates verified by PPK, stored in an alt-blockchain or DHT somewhere. That is outside the scope of this minimal document.

Retrieved from "https://en.bitcoin.it/w/index.php?title=Identity_protocol_v1&oldid=38958"