Idea: Lightweight KYC procedure + time lock recovery.

[tschubotz]

1. When setting up the Safe, user sends over hash of hash of their personal data to a KYC provider
   • We need to make sure that there are no typos and special characters are handled gracefully.
   • Also, if data changes (last names after marriage or passport IDs), user needs to update it regularly
   • Hash of hash so the actual data never needs to be transferred
     • Also, so the KYC provider does not know more details about the user and can figure out who the person is so time an attack better.
   • KYC provider maintains a mapping of personal data to Safe address
     • User could own multiple Safes
   • What personal data do we ask for?
     • What information could we ask for that is not public knowledge or easily phish-able? In Germany e.g. I could ask the Einwohnermeldeamt to find out a Personalausweisnummer.
       • If KYC providers also would do a video call, it would get harder.
       • First name
       • Last name
         • Are there parts in the world where no first or no last names exist?
       • Birthdate
       • ID card number
         • Not all have passport, so local ID card is better suited.
         • Are there formats we could validate against?
2. In case of a lost key, user marks account as lost by putting in a deposit which triggers a lock period
   • Deposit amount as well as length of time period can be specified before or can be relative to Safe funds.
   • Owner should be notified via all existing communication channels that the account was marked as list (email, sms, push notification, letter ;)
3. After lock period expires, user has to prove hash of hash of personal data to replace owner account
4. KYC provider can sign transaction to replace owner
   • If only 1 provider, then perhaps a solution with 1 out of many KYC providers
   • N out of m providers could be a solution for increased security

• By putting the KYC step at the end of the process, the hacker needs wait the time period + put in the deposit before even attempting to convince the KYC provider that they are the owner.
  • We could limit the number of recovery processes that can be triggered in parallel for a given Safe in order to limit the possibility for brute force attacks.
• The process is not 100% ideal, yet. But could be part of a first releasable version.

[ricburton]

This is fantastic. After meeting Stefan, I got really excited and wrote this: https://medium.com/balance-io/could-coinbase-become-a-dapp-609136510f37

[ricburton]

Any progress here? I want to get this moving.

[tschubotz]

Unfortunately, we didn't make any relevant progress with this since we are currently busy with other tasks that needed attention.

[ricburton]

For sure. Have you seen tenzorum.com?

Cheers,

Richard

On 25 Apr 2018, 08:03 +0100, Tobias Schubotz notifications@github.com, wrote:

Unfortunately, we didn't make any relevant progress with this since we are currently busy with other tasks that needed attention. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[tschubotz]

Haven't see it, yet. Thanks for posting. Sounds very interesting, particularly the recovery part.

[ricburton]

The wonderful @haydenadams is helping us with research in this area. He has a bunch of cool ideas around recovery.

[haydenadams]

@ricburton The idea in this thread is very similar to the one I white-boarded with you. My biggest concern is still that KYC providers could hold your funds hostage by refusing to sign.

[tschubotz]

KYC providers could hold your funds hostage by refusing to sign.

That's true, unfortunately. I wonder if this can be mitigated somehow either by some consensus mechanisms or potentially by penalties the KYC would need to pay if they are obviously holding funds hostage.

[haydenadams]

Not sure how you would prove the difference between funds being held hostage and the user failing the kyc check. Only needing one signature with many kyc providers mitigates the issue a bit.

[sumukhshetty]

Can't we use a phone number link to do this ? Using something like twilio and an OTP system to verify user over using a centralized KYC system