Difference between revisions of "Identity protocol v1"

From Bitcoin Wiki
Jump to: navigation, search
(rough draft)
 
(Creating sacrifice transactions: update creation protocol)
Line 14: Line 14:
 
# TM = current block time (not block height)
 
# TM = current block time (not block height)
 
# create transaction T2.
 
# create transaction T2.
## must include >= 0.01 BTC fee
+
## must include OP_RETURN <digest of master pubkey>
 
## nlocktime = TM + 24 hours
 
## nlocktime = TM + 24 hours
## no more than 10 inputs
+
## no more than 1000 bytes in size
 
# create transaction T1
 
# create transaction T1
 
## must include >= 0.01 BTC fee
 
## must include >= 0.01 BTC fee
 
## must include OP_RETURN txid(T2)
 
## must include OP_RETURN txid(T2)
## no more than 10 inputs
+
## no more than 1000 bytes in size
 
# broadcast T1, T2 until confirmed
 
# broadcast T1, T2 until confirmed
 
  
 
==Creating root record==
 
==Creating root record==

Revision as of 04:21, 28 June 2013

Design goals

Decentralized identity.

  • Has some creation cost
  • Sacrifice may be digitally proven, bootstrapping root of trust from blockchain data
  • Start as anonymous; opt out of anonymity by attaching identifying key-value pairs (real.name = "John Smith").


Creating sacrifice transactions

Similar to Announce/Commit Sacrifices

  1. TM = current block time (not block height)
  2. create transaction T2.
    1. must include OP_RETURN <digest of master pubkey>
    2. nlocktime = TM + 24 hours
    3. no more than 1000 bytes in size
  3. create transaction T1
    1. must include >= 0.01 BTC fee
    2. must include OP_RETURN txid(T2)
    3. no more than 1000 bytes in size
  4. broadcast T1, T2 until confirmed

Creating root record

Craft a bytestream that represents the root SIN record.

  1. B1 = block w/ T1, B2 = block w/ T2
  2. Verify B2 time >= (24-4) hours B1 time. Fail and waste sacrifice if not.
  3. MD = ripemd160(B1.hash + T1.txid + B2.hash + T2.txid)
  4. Prefix = 0x18, SIN_Version = 0x01
  5. SIN = base58_encode_check( Prefix + SIN_Version + MD )
  6. PPK = Preferred Public Key, new public key for root of trust
  7. Build root record,
    1. root = SIN + PPK
    2. H_ROOT = hash(root)
    3. For each (T1, T2), -- prove we control 100% of the inputs for T1, T2
      1. For each input
        1. Obtain referenced output
        2. Obtain public key from output (if necessary, look up in local node db from pubkeyhash)
        3. signature = sign H_ROOT with key associated with just-retrieved public key
        4. root += (public key, signature)

Thus a minimal root record is

  • SIN
  • PPK
  • list of (public key, signature)

and is provably

  • linked to the sacrifices
  • PPK starts a new chain of digital signature trust, for further record updates

After that, additional key-value pairs may be associated with the root record via updates verified by PPK, stored in an alt-blockchain or DHT somewhere. That is outside the scope of this minimal document.