Decentralization is widely discussed in tech circles, and hype for blockchains and related technologies has been plentiful. Nonetheless, few programmers have actually experimented with blockchains, distributed filesystems, DHTs and similar tech.

We wanted to assess the state of the ecosystem — so we built a DApp! It’s easier than you might think. Our code is on GitHub.

Mapping out the space

We started by looking at available technologies and getting a sense of what they might be used for. We concentrated on Bitcoin, Ethereum, and IPFS.

Bitcoin

Bitcoin was the first blockchain-based cryptocurrency. Contrary to popular belief, it does support contracts, albeit in a weak form. Bitcoin contracts, written in a language called Script are not Turing-complete, lack state, and cannot access blockchain data such as block headers or accounts balances. However, they’re sufficient for some use-cases.

Separately, it’s possible to store up to 83 bytes of data in a Bitcoin transaction, using OP_RETURN. This is being used for proof of existence, tracking asset ownership, and for other purposes as well. See “Analysis of Bitcoin OP_RETURN metadata” and Coin Secrets for details.

Ethereum

Ethereum is a blockchain with a built-in Turing-complete programming language. Smart contracts in Ethereum can perform arbitrary computation, save and access data in long-term storage, check account balances, send and receive ETH, and communicate with other smart contracts (through method-calling). You can think of them as objects in the OOP sense. They are usually implemented in Solidity. Applications range from voting to prediction markets, flight-delay insurance and games.

IPFS

IPFS is a content addressed, versioned, P2P file system. Files (or directories) are addressed by their hash, e.g. QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG.

Once you have an IPFS node running on your machine, you can put or retrieve content on IPFS through a simple HTTP API. It’s a perfect companion for blockchains — you can store the hash of a file in a transaction or in a smart contract, and retrieve the contents through IPFS.

A decentralized record of professional credentials

During our research phase, we came across MIT Digital Certificates, a project for issuing academic certificates on the Bitcoin blockchain, using OP_RETURN. This was cumbersome to use and not very extensible. Nonetheless, it served as inspiration.

For our DApp, we set out to tackle the problem of people being dishonest about their professional credentials. We named our project BitKariero. Here’s a description:

We propose using the blockchain to store people’s professional credentials and employment history, enabling users to create an authenticated CV that recruiters can trust. Users create a profile on the blockchain and then ask organisations to cryptographically attach references, endorsements or other information to it. Profiles are public, but the text of each record is private — the blockchain only stores a proof that it was provided. Users can choose which parts of their profile to disclose. The system is extensible — records are in fact smart contracts, so they can potentially take many forms: certificates, employment records, professional association membership, school transcripts, etc.

How we built our DApp

Architecture overview

The backbone of our application is built on Ethereum and IPFS.

We have written smart contracts to represent individual users (identities), as well as different type of records that may be associated with users: references, membership of professional associations etc.

On top of this, we have a main contract, which keeps track of registered identities and records and emits events to signal to the API that a new contract has been registered.

To store user information and reference contents, we use IPFS — the fields in the smart contracts hold IPFS hashes and the API transparently retrieves the content when these fields are accessed.

As an experiment, we implemented basic public key cryptography using the W3C WebCrypto API — which was surprisingly easy to use. You can use the BitKariero API to provide encrypted references to other users. Key transfer is done through dedicated pubKey fields in identity contracts.