Identity protocol v1: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
← Older editNewer edit →
Jgarzik (talk | contribs)
Editors
125 edits
Petertodd (talk | contribs)
Editors
86 edits
Specify the usual Bitcoin Hash160(d)
Line 11: Line 11:
==Creating sacrifice transactions==
==Creating sacrifice transactions==


Similar to [https://en.bitcoin.it/wiki/Fidelity_bonds#Announce.2FCommit_Sacrifices Announce/Commit Sacrifices].  That author's feedback on this protocol was very helpful.
An implementation of [https://en.bitcoin.it/wiki/Fidelity_bonds#Announce.2FCommit_Sacrifices Announce/Commit Sacrifices].  That author's feedback on this protocol was very helpful.


# MPK = master public key
# MPK = master public key
# TM = current block height
# TM = current block height
# Create and sign transaction T2. Broadcast if desired.
# Create and sign transaction T2. Broadcast if desired.
## must include OP_RETURN ripemd160(MPK) output
## must include OP_RETURN Hash160(MPK) output
## nlocktime = TM + 144 blocks
## nlocktime = TM + 144 blocks
## no more than 1000 bytes in size
## no more than 1000 bytes in size
Line 29: Line 29:
# Prefix = 0x18
# Prefix = 0x18
# SIN_Version = 0x01
# SIN_Version = 0x01
# MD = ripemd160(MPK)
# MD = Hash160(MPK)
# SIN = base58_encode_check( Prefix + SIN_Version + MD )
# SIN = base58_encode_check( Prefix + SIN_Version + MD )
# Hyphenate or space SIN for easier human reading
# Hyphenate or space SIN for easier human reading

Revision as of 05:12, 28 June 2013


Design goals

Decentralized identity.

  • Has some creation cost
  • Sacrifice may be digitally proven, bootstrapping root of trust from blockchain data
  • Start as anonymous; opt out of anonymity by attaching identifying key-value pairs (real.name = "John Smith").


Creating sacrifice transactions

An implementation of Announce/Commit Sacrifices. That author's feedback on this protocol was very helpful.

  1. MPK = master public key
  2. TM = current block height
  3. Create and sign transaction T2. Broadcast if desired.
    1. must include OP_RETURN Hash160(MPK) output
    2. nlocktime = TM + 144 blocks
    3. no more than 1000 bytes in size
    4. must include >= 0.001 BTC fee
  4. Create, sign and broadcast transaction T1
    1. must include OP_RETURN serialized(T2) output

Creating a SIN

A SIN ("System Identification Number") is the unique record identifier by which this identity will be known.

  1. Prefix = 0x18
  2. SIN_Version = 0x01
  3. MD = Hash160(MPK)
  4. SIN = base58_encode_check( Prefix + SIN_Version + MD )
  5. Hyphenate or space SIN for easier human reading

Validating the root identity information

  1. B1 = block w/ T1, B2 = block w/ T2
  2. Verify B2 height - 144 >= B1 height.
  3. Verify mined T2 == announced T2
  4. Fail and waste sacrifice if not.


Thus a minimal root record is MPK and is provably

  • linked to the sacrifices
  • MPK starts a new chain of digital signature trust, for further record updates

After that, additional key-value pairs may be associated with the root record via updates verified by PPK, stored in an alt-blockchain or DHT somewhere. That is outside the scope of this minimal document.

Retrieved from "https://en.bitcoin.it/w/index.php?title=Identity_protocol_v1&oldid=38982"