KILT Protocol, Prove Your Identity & Protect Your Data With Social KYC
- I have decided to translate Ingo Rube’s talk at Polkadot Decoded into a Medium article for those that prefer to see the information in a written format.
- I have done my best to include most of the talk and subjects covered, as mentioned below refer to the timestamped video for the live demo.
Credentials- Attributes of users.
- The ability to do something or the right/duty to do something.
- These credentials are collected and all connected to one Identifier.
- An Identifier together with a lot of credentials makes up your Digital Identity.
- When we look into the Internet as it is today the biggest Identity providers are companies like Google, Facebook and Apple which may be a problem because when we look at it from a technological point of view the claimer (which is the user) signs up with the platform, then the keys of the user already belong to the platform.
- Then the user starts to behave somehow on this platform which is generating credentials but these credentials are generated on the platform and not even shared with the user.
- When the user now goes to another service the platform starts sharing credentials with others, e.g. think of logging into WhatsApp, then WhatsApp talks to Facebook and finds out about the user without you in the middle, which is not nice and Sovereign to the user.
- This has lot’s of other problems, e.g. this is the Honeypot for hackers and building monopolies, things that we do not want and is not good.
- If it is not good why is it so widely adopted?, the reason is it’s practical and convenient for the user.
So If We Want To Change This We Have Two Challenges:
1, Build technology which is better.
2, Make the technology so accessible and easy to use that people will switch from one thing to the other, if it is made complicated they will not make this switch.
- We are in quite good shape as people were starting to work on WEB3 a few years ago, we have IPFS since 2015, we have the Decentralized Identity Foundation since 2017 and we have Kusama and Polkadot which are the foundation for building blockchains which can concentrate on doing one thing well which is definitely needed for Identity because it needs high throughput and reasonable cost etc.
- Now we are at the point where those blockchains start to go live, e.g. we have KILT as a blockchain for Digital Identity and we have applications on top of that like the Social KYC service and like Sporran which are all launching in 2021.
What Will Digital Identity Look Like In WEB3?
- We re-empower the user.
- Trusted entities (Attesters) are sending their credentials to the user who stores the credentials, has control over the credentials and also over the keys.
- Then if the user wishes they can share some or part of the credentials with Services and Verifiers giving the power back to the user.
- The user is holding their keys and credentials, how is this done as they are not on the blockchain as they are with the user?, we need an application which is called Sporran.
- Sporran is the KILT wallet.
- It behaves like a normal crypto wallet, e.g. it creates accounts, it shows balances and can initiate coin transfers.
- The Sporran wallet is also unlike a normal crypto wallet, e.g. it can also create DIDs and store them on the KILT blockchain and also store, maintain, sign and share credentials like a physical wallet where you have some coins and also some credentials like a passport etc.
What Do We Do When We Have A Sporran?
- Create an account and generate a DID which is done locally, you can decide if you want to share with anyone or anchor it on the blockchain.
- Once you have the DID you add some credentials which is what Social KYC (Know Your Customer) is good for.
- KYC is like when you sign up for a bank account etc, this process is useful in many use cases but there are many use cases where the Government or normal KYC is not useful, an example is listed below:
1, I want to play an online game with some person in China.
2, I want to make sure I am playing with the correct person.
3, Will it help to see his passport?, probably not.
4, Will it help me to find out where he lives?, probably not.
5, What I am interested in is this the person I know from Twitter, with this email address and Discord account I know?
- In the internet we can prove identity a little differently than Government issued credentials and this is what Social KYC is for.
- Social KYC can be used by people to proof their control over their social network accounts, email address or phone number etc.
- When this is proofed the user receives the verifiable credential and stores it in the Sporran and can show it to multiple services like gaming labs in the future.
- The most import thing about the Social KYC service is it is not a data silo.
- As soon as the credential is issued the Social KYC forgets about the user and the entire transaction completely and never stores it anywhere.
So How Does This Work On A Technical Level?
1, The user has their Sporran, their DID and three verifiable credentials and now want to have something validated by Social KYC, e.g. an email address.
2, So the user sends their email address to Social KYC who then issue a small challenge by sending an email to the user with a link to click on to prove they really control the email account.
3, The user then clicks on the link which completes the challenge which Social KYC monitor.
4, Once the link is clicked the user controls this email account, Social KYC can then make a hash of their credential and put it on the KILT blockchain and mark it as valid.
5, Social KYC will then issue the credential to the Sporran of the user who can then check the validity of their credential on the KILT blockchain and Social KYC can forget about the entire process.
6, Now the user is in possession of this credential.
7, If the user wants to show this credential somewhere they interact with a service like a newsletter site.
8, The user signs on to the newsletter site and the service asks the user do you have an email credential?, the Sporran says yes do you want to share it ?, the user signs it and the Sporran sends it over to the service so the service can now look it up on the KILT blockchain if there is the hash of this credential and if it’s valid.
There Was Now A Live Demo, Refer To The Timestamped Video Below:
Timeline & Partners
- Version 1 of the Sporran which has coins only will launch shortly before the go live of the KILT mainnet.
- Version 2 with the credentials will launch approximately 2–3 months later when KILT have the full decentralization of the network.
- In parallel with the above version 1 of the Social KYC including a few social networks will be released and towards the end of the year KILT are going to add functionality for proving ownership of your crypto accounts, e.g. Polkadot/Kusama and probably some more.
Who Is Working With KILT On Projects Including Social KYC?
- There are development partners, Galani projects, Polkadex, Fractal, Debio from the Genetics field, GameDAO and Subsocial.
There Was Now A Q&A Session
Question 1- What is your adoption strategy for Social KYC?
Ingo- The key for adoption lies in partnerships which is why KILT have started partnerships now.
- Everyone that might need Social KYC are already invited to talk to KILT, the company are going to open up the interface, it’s all open source so people can start interacting and spreading the word as KILT believe there is a lot of use cases out there for Social KYC.
- This is the adoption strategy.
Question 2- There is already some base level identity functionality being built into Polkadot, e.g. the registrar system or other existing identical features, are you using or extending any of those and if not what was the design decision to build at all within your parachain?
Ingo- Things which are implemented inside Substrate are not standard DIDs and verifiable credentials.
- It is basic identity functionality which is great and can some how be linked to what KILT do as it’s all one chain.
- Identity functionality which includes verifiable credentials and delegation tress is highly complex and I do not think this belongs on the relay chain, it has to be a parachain because it’s a use case that is so widely used and produces so much load it justifies it’s own chain.
Question 3- This sounds like an amazing thing, it should be a common good, correct me if I am wrong but I would say a common good chain because you generally have to use DOT or KSM on that chain, it’s not necessarily a model that is cut out for the token economics of something like this, is that right or what are your thoughts around that?
Ingo- That is a complex question going into the token economics.
- We have some good ideas about how you can make token economics around that.
- Saving those credentials on the blockchain can not be extensively expensive or people just can’t use it or people won’t use it.
- If storing the hash on the blockchain costs €$20 people probably do not want to accumulate many credentials because when you look at the whole credentialing business models the real work is done by the Attester because they have to find out if the attestation should be issued or not.
- This is real work and this work has to be paid, if you take the money away and put it into the blockchain it’s wrong so you need complex business ideas around token economy when you want to have something successfully and efficiently running.
- We put some of those ideas into practise but we have seen projects in the past which work in the field of identity and were not very successful which we have learnt a lot from and made it a little bit different.
Question 4- Identity is a very hard problem and a crucial one to solve. Where do you think building off Social KYC can go beyond web logins or nation state implications, what are your thoughts on actually being expanded towards like a broader digital ID, e.g. A business to run for employees or a nation state to manage citizens engagement within it’s government?
Ingo- My feeling is that nation states will probably need a couple of years if not to say decades to adopt a system like that, that is probably not what we should look at.
- I think we should look at use cases which are much closer to us.
- What we see right now and had this idea a couple of months ago and now started to talk about it was gaming, next came in education with not all education being University or School.
- When we incorporate the crypto addresses I think DeFi is going to be a space where it is really needed and probably nicely adopted.
- I thinks it’s dangerous to first go with the nation states because they are not ready and willing to do something like that.