Identity protocol v1
Design goals
Fully decentralized, anonymous, secure identity.
A SIN ("System Identification Number") is the unique record identifier by which this identity will be known.
Attributes:
- Ownership may be digitally proven
- Start as anonymous; opt out of anonymity by attaching identifying key-value pairs (real.name = "John Smith", gov.us.ssn = "123-45-6789").
- Disposable
- All key-value pair updates digitally signed by SIN owner (key holder)
- Third parties may offer digital attestions:
- Identity Verification, Inc. digitally signs a SIN as passing their Not A Criminal/Level-1 check.
- Big Auction Provider, Inc. digitally signs a SIN as having a certain reputation score, on their website.
- Decentralized market users digitally sign one another's SINs, building a decentralized reputation
- Type-1 SINs: have some creation cost, deterring spam.
- Type-1 SINs: Sacrifice may be digitally proven, bootstrapping root of trust from blockchain data
tl;dr: A “master public key” generated by the user forms the root of digital trust.
Types of SINs
Type 1 (persistent)
SIN_Type 0x01 (bitcoin main chain) or 0x11 (testnet)
Type-1 SINs are intentionally scarce resources, much like bitcoins themselves. All Type-1 SINs must conform to the sacrifice protocol described in this specification, to be considered valid.
Type 2 (ephemeral)
SIN_Type 0x02
Type-2 SINs may be generated at any time, without network activity, much like bitcoin addresses.
Definitions
- MPK: Master Public Key. ECDSA, using same curve as bitcoin (secp256k1).
- Hash160: ripemd160(sha256(data))
- base58_encode_check: see bitcoin source code, https://github.com/bitcoin/bitcoin/blob/master/src/base58.h
Creating a SIN
- Prefix = 0x0F
- SIN_Type = [0x01 | 0x02 | 0x11] -- See below for discussion of SIN types.
- MD = Hash160(MPK)
- SIN = base58_encode_check( Prefix + SIN_Version + MD )
- Hyphenate SIN for easier human reading if desired, inserting one hyphen after every 5th character.
For example, using the public key:
0445286F7B5CAB821CED2184AD69D5FADBF81A8B0334243373D89865D741AE6AA2FB50104BDD66FF40FF5E64EF8FDBFC48096F49A9863242F3FB7FC86B2D222A3D
Step 1 (SHA-256 of public key):
- a935ced8278c80da3f5fe555906e847d894b8847d5dde55481f48862f9c5a05f
Step 2 (RIPEMD-160 of Step 1):
- d5caffd3e024269af98ad6f6221929e228151579
Step 3 (Prefix + SIN_Version + Step 2):
- 0F02d5caffd3e024269af98ad6f6221929e228151579
Step 4 (Double SHA-256 of Step 3):
- 73a06d3a5cd12105c67045f0161cb028ecfa7c4597e21a0056c31586aab75bad
Step 5 (Checksum):
- 73a06d3a
Step 6 (Step 5 + Step 3):
- 0F02d5caffd3e024269af98ad6f6221929e22815157973a06d3a
SIN (Base58 encoded):
- TfH2s4hD98LthqXendoFvTj3486JffDzwrZ
Creating sacrifice transactions
Creation cost is attached to decentralized identity by means of sacrificing a small amount of value.
An implementation of Announce/Commit Sacrifices. That author's feedback on this protocol was very helpful.
- MPK = master ECDSA public key (compressed)
- BH = current block height
- Create and sign transaction T2. Broadcast if desired.
- must include Hash160(MPK) OP_TRUE anyone-can-spend output with value >= 0.001BTC
- nlocktime = BH + 144 blocks
- no more than 1000 bytes in size
- Create, sign and broadcast transaction T1
- must include OP_RETURN serialized(T2) output as last txout
Validating the root identity information
- B1 = block w/ T1
- B2 = block w/ T2
- Verify B2 height - 144 >= B1 height.
- Verify announced T2 is valid
- Verify mined T2 spends same inputs as announced T2 (not equal to account for Transaction Malleability)
- Fail and waste sacrifice if not.
Thus a minimal root record is MPK and is provably
- linked to the sacrifices
- MPK starts a new chain of digital signature trust, for further record updates
SIN record
DANGER: This section is under heavy development and discussion.
A SIN record is a series of hashes or key/value pairs, validated by MPK digital signature. Each SIN record has a stable binary encoding designed to ensure stable hash values. This scheme is intentionally mirroring bitcoin's block header/merkle scheme.
Data types:
- uint32_t: an unsigned, little endian integer
- uint256_t: bitcoin-like 256-bit hash value
Layout of a SIN record:
- uint32_t magic number (and/or version number) == 0x88, 0x41, 0x92, 0xA4
- uint256_t merkle root
- uint32_t data record count
- [list of data records]
- Signature
Layout of a data record:
- uint32_t: record type (== 0x1 for hash, 0x2 for key/value pair)
- [data record-specific data]
Layout of a hash data record:
- [32 bytes of hash data]
Layout of a key/value data record:
- uint32_t key length
- uint32_t value length
- [key-length UTF8-encoded key]
- [value-length opaque data]
Duplicate keys are not permitted.
Implementations
See https://github.com/gasteve/node-libcoin/blob/master/SIN.js https://github.com/gasteve/node-libcoin/blob/master/SINKey.js https://github.com/ionux/php-ectools/blob/master/ecsingen.php
Future work
After creation, the root identity and key-value pairs must be stored $somewhere.
After that root identity is created, additional key-value pairs may be associated with the root record via updates verified by MPK, stored in an alt-blockchain or DHT somewhere. That is outside the scope of this minimal document, at this time.
Key attributes of this system, like price and transaction size, are hardcoded. It is presumed that version 2+ will improve upon this, once field experience is gained and lessons are learned.