Written by Tulio Braga (CTO at Swapy Network)

Today, we are proud to announce the very first release (Private Alpha v0.0.1, preview) of Swapy Financial ID for Android (to become an alpha user, apply here). It was a long path from late February to Early April. During this time, our Dev Team focused on developing the self-sovereign identity that will power up the Swapy Exchange and the Swapy Data Market.

The application was developed using React Native, Ethereum and IPFS. Our main concern for this version was about the tech integration. Currently, the application is in private alpha on Google Play. Anyone can apply to become an alpha user in our application form. We appreciate any feedback!

The following sections contain the needed information to understand our implementation design and decisions.

1. Release Summary

In this version, the user is able to:

Generate an Ethereum wallet to manage his identity's smart contracts;

Create his identity, cryptographically stored into the IPFS;

Publish his identity fingerprint into the Ethereum Blockchain;

2. Design Assumptions

During the early modeling and design of Swapy Financial ID, we studied several blockchain identity options. We even implemented a preview using uPort. Differently than the currently popular blockchain identities, the Swapy Financial ID main assumptions are:

Full decentralization — Most of the blockchain identities we evaluated are not truly decentralized; Support to mid to high-frequency data updates — impractical in currently popular blockchain identities due to gas cost and design limitations; Easy integration to other Dapps, fully open source, and extensible by design — Most of the IDs we evaluated are partially open source, while some of them are way too coupled, or with low cohesion. We targeted a high cohesion and low coupling blockchain identity.

Due to the above characteristics mainly, we decided to implement the Swapy Financial ID from scratch.

3. Implementation Details

Considering the assumptions presented, we put together mobile devices, smart contracts on Ethereum blockchain, and the IPFS, each one with its own advantages to provide a really concise identity well-fitted to the financial ecosystem. Together with the infrastructure, we also explored Symmetric Cryptography, Elliptic-Curve Cryptography, Merkle Trees, and other algorithms and data structures to enable a decentralized-fashion and cryptographically-stored identity, self-maintained by the user, that can be proven real by exploring the immutability property of blockchains.

Swapy Financial ID under the hood

The mobile device's native APIs can provide secure random bytes generation, allowing to create randomness for the Ethereum wallet generation with no need for specific user interaction or central server management. Implementing the management of the identity through a javascript module with a well-defined API allows the easy integration with third-party Dapps. Developers have access to simple abstractions that make it possible to encrypt, decrypt, read, and write data to identities. Structuring the user information as a Merkle Tree allows Swapy ID to have a single hash to represent the whole data in a structured fashion, similarly to a fingerprint. Also, each branch has its own hash, allowing granularity while sharing and validating data. Notice that the Merkle Tree is, therefore, a public structure. Since the IPFS indexes data using the Multihash algorithm it is possible to only store a 46 bytes hash string in the smart contract. This strategy saves gas when creating and updating the identity, as well as it makes easier to retrieve the Merkle Tree from the IPFS. Decoupling the information from the Merkle Tree and only storing in the leaves the specific data Multihash turns the Merkle Tree into a light structure. This reduces the networking and bandwidth consumption when granularly consuming and validating data. Since the cryptography algorithm (ECC) explored contains internal randomness for the encrypted bytes, we needed to store the decrypted data hash in the Merkle Tree as well to enable a third party (e.g.: a service provider that the user is sharing data with) to verify the data. Considering the above, we added random 256 bits salt for each data. It allows to create randomness into the public data hash making it impractical for an unauthorized user to infer a specific value from the data hash when the domain of options is finite (e.g.: Attribute `gender` has a limited number of possible answers, and therefore would be easy to infer the value of the identities by testing hashes of all possible options. It turns impractical with a coupled random 256 bits salt for each specific data). Decoupling the data fingerprint registration from the data storage in the IPFS allows the user to perform more updates and decide when to consolidate the fingerprint at the blockchain, saving gas.

4. Deliverables

Together with the application on Play Store, we are delivering to the community three different open source projects:

Swapy Financial ID alpha v0.0.1 — React Native app;

Swapy Identity Protocol alpha v0.0.1 — Ethereum smart contracts;

Swapy Identity API alpha v0.0.1 — Javascript module to interact with the identity smart contracts and the IPFS;

The documentation is in progress and will be published soon =)

5. Challenges

The two main challenges while developing this first version were: (1) Using the crypto API with React Native to create an Ethereum wallet; and (2) Making HTTP requests from the React Native app to the IPFS.

We hope that this brief explanation can help others that are facing the same problems we faced during the development of Swapy Financial ID first release. Later on, our team will bring more details and the actual solution in dedicated articles.

6. Next Release (v0.0.2)

The planned features and implementations for the next release (v0.0.2) are:

New user interface and experience designed by our UI/UX team; Ability to import an already existing wallet; Option to share your ID through QR codes; Option to read an ID through a QR code and send SWAPYs to the ID owner; Decentralized login in Swapy Exchange using Swapy Financial ID.

7. Concluding Remarks

In our path towards Universal Access to Credit, we believe that giving people the opportunity to have a financial identity that can be verified anywhere, by anyone, is an important step to make efficient and affordable loans a reality. Being a key component of our network, the ID is currently in focus at Swapy. With a lot of work to do next, we as a team are proud of the results we achieved in this very first version. We were able to analyze diverse blockchain identification approaches and design something that fits our needs better than existing alternatives. See the SWAPY token on Etherscan.io while we prepare for our ICO.

So far, our team has proven to be composed of very enthusiastic and flexible people. Currently, we have the Swapy Exchange (v0.0.3) available for browsers (Chrome and Firefox), and desktops (Windows, Mac OSX, and Linux). Now, we bring Swapy ID (v0.0.1) for Google Android and soon for Apple iOS. Both Dapps with decentralization as the top priority. Nothing better to show our community how engaged we are to achieve our goals of a more sustainable world. Thanks to the team and community!

The Swapy ID alpha v0.0.1 has been already tested internally since the last week. Now, we decided to make it available to our community only, as a private alpha release. Currently, it is only available for Android. To have access to it, please, fill this form and our team will make it available to you in at most 24 hours. After being added as a Swapy ID alpha user, you will be able to download it directly from the Google Play. We hope you enjoy!!!

Learn more about Swapy Network: