Problem IFFY Addresses
The key to sovereignty is that all entities are peers.
Our company has challenged ourselves in how we can improve the relationship between people and technology with regards to security and privacy in the online ecosphere, by utilizing Self-Sovereign, blockchain technology and Zero Knowledge Proof to focusing on the following cases:
Self Sovereign Identity
Self-sovereign identity is a system wherein the user retains sovereign control of their identity and all its attributes and is not dependent on any single issuer or verifier to be online or available at the time of using the identity
- Users are in complete CONTROL of their identity data at all times
- Users always have ACCESS to their identity data
- Users have the ability to CONSENT to the use of their identity data
- The system follows the principles of MINIMALIZATION by enabling sharing of only the necessary attributes at a given time.
- The system follows INTEROPERABLE standards
- The data in the system is PORTABLE and can be moved by the user from one system to another.
A Decentralized self-Sovereign Identity on the blockchain
- Such a system puts the end-user at the center of the design and decouples the process of identity issuance and identity verification (at a later point) by a relying party. There is an identity registry that runs as a smart contract on the blockchain, and therefore resilient to censorship and server failure. New users register with self-generated identities (public-private key pairs) with this registry. Issuers can issue digitally signed identity attributes, on-demand to the user’s public identity directly and register a proof of the attestation on the blockchain. The end-user can then present these attestations, which reside on a device or cloud storage, encrypted and fully in their control, to a third party who verifies them against the identity registry and verifies the attestation proofs on the blockchain. At the time of such verification, the original issuer doesn’t have to be online or provide any service to the user.
- Such a system puts the identity data within the control of the end-user, never stores the personally identifiable information on the blockchain (only signed hashes as proof) and does not depend on a single central entity for it to work. It can run on public or private blockchains depending on the use case.
- It can serve as a solution for a fully digital identity ecosystem where things like educational certificates, health records, organizational memberships, credit ratings, etc can be issued, stored and used in a sovereign manner by the user.
Zero Knowledge Proof (ZKP)
- We don’t need to have it transparent for the world to see, but we could use a verification system to make that information available to others without them knowing what that information actually is. This is called “Zero-Knowledge Proof” or ZKP. We provide our information only to the government and then it is cryptographically secured on a blockchain using a hash function. That way only the hash value will be available to those who want to verify your identity without having to see your personal information.
- With Zero-Knowledge Proof, we have a prover, who is the individual, and a verifier, who needs to verify an individual’s identity. In this case, all the prover needs to show a verifier is the value of X, without showing the actual information. All this requires is a proof of knowledge to verify that the individual is who they claim to be. This is a form of digital fingerprint that can prove an individual’s identity. The validity of the proof lies in using a cryptographic hash function that proves without a doubt that the identity is valid.
- When you use a hash function on a set of variable data, as in the case of personal information (they are not all the same length), the output can be consistently of a fixed value. Therein lies the verification, because tampering with it is highly improbable, requiring extreme computing power or luck. When data is hashed, the inputs cannot be easily determined based on the output. In the case of Self-Sovereign Identity, the individuals personal information can be stored in a private database that can even be centralized under the government. However, the information is then hashed and the value is stored on separate database that is public and uses a blockchain.