8. The Decentralised Blockchain Identity , aka the “Phone-Borne Identity”

‘Decentralised Blockchain Identity’ (‘DBI’ from now on) is a placeholder name for whichever identity standard will emerge to first augment and ultimately replace the systems we use today. It is ‘decentralised’ because it does not depend on any issuing authority, but relies on tamper-proof consensus algorhythms to guarantee identity of authorship between relevant actions. It depends on a “Blockchain” because this identity standard will deployed on the blockchain of whichever cryptocurrency proves up to the task when the time comes.

If you are reading this you probably know a thing or two about cryptocurrencies. But in case you do not let’s establish some common knowledge. Cryptocurrencies do their magic by forming consensus on a certain state of a database — called a ‘blockchain’ — rules on how to update it and a series of game theory incentives to guarantee that this consensus cannot be tampered with (yes, they also create currency). Anyone can write on these blockchains for a small fee. There is no authorisation required to use them, and nobody can get locked out. In case this sounds trivial to you, I invite you to do more research on the topic — cryptocurrencies are probably the most consequential engineering feat in IT since the Internet itself. If you think that cryptocurrencies are too flaky or exotic of a tool to depend on for identity, consider the Lindy Effect. The oldest cryptocurrency and its blockchain have been around for almost eight years, and with each passing day of trouble-free uptime its chances of surviving further into the future increase.

If you want to create some form of identity on a blockchain, you need nothing more than access to a private key used on the ledger (see here if you want a human-readable explanation of public/private key cryptography). The identity of Bitcoin’s creator could be proven to some degree if only he signed a message with a private key associated with the first few blocks of the Bitcoin blockchain. The subway tap-in was the generation of the private key eight years ago, and the tap-out would be the signing of a new message. Given the right circumstances, a single key can be enough to prove identity.

A private key alone does not give you a full digital passport, but it allows any number of actions associated to that key to be linked to the same author. It provides some form of security — at least as good as passwords, with the advantage that private keys are a lot more complex than ‘RedSox83' and cannot be guessed (how to secure digital identities will be discussed later).

On blockchains we can freely and easily make statements and concatenate them — tiny chains of connected actions that can be traced back to the same author. Third parties can use their own private keys to sign attestations onto these identities. There is no limit to how many micro-identities we can create, or how large the network of provably connected statements can become. The size of these identities can fit precisely the purpose for which they are created, or be tied to larger sets of statements.

Blockchains are sometimes thought of as Panopticons where nothing is private and everything is in the clear (which would make them less than ideal to store identity information), but it is possible to make private statements and receive private attestations and then selectively disclose to chosen parties those you wish. You can prove to the Singapore Ministry of Transport that you tapped in at Orchard Road Station without revealing any details about your diving proficiency. You can even prove to a bouncer at a club that you are old enough to drink without disclosing your exact age — much less all the information displayed on a normal ID card.

How can DBIs, in principle, replace standard identity systems? DBIs can be deployed as an App on your smartphone. You can start by tapping your phone as you enter the subway, and later connect that initial statement to your login credentials for Gmail, then your birth certificate, your University degree, your diving diploma et cetera.

This is of course dependant on the relevant institutions proving willing to provide attestations in that fashion. Large organisations move slowly and governments slower yet, but there is no reason to believe that institutional endorsements of DBIs will not eventually come. At that point any counterpart could verify who you are and the truth of what you say about yourself without accessing an external silo for verification. During a job interview you could demonstrate beyond the shade of a doubt that you graduated from a certain University with a certain GPA. You could even prove it to a stranger on the street for that matter. It would happen instantly, without Human Resources having to verify your degree with the University, and using an identity system that is entirely under your control.