Add item for decentralized identity

[launganik]

Adding an "Identity" category into A collection of interesting networks and technology aiming at re-decentralizing the Internet.

[burdges]

I'll caution that "decentralized identity" usually means "evil classist privacy destroying shit show". And they're fairly blockchain which belongs elsewhere too.

You'll see "classist" quickly if you look at the W3C DID and Verifiable Claims work, where they talk about proving someone has a job, bank account, etc. for arbitrary unrelated purposes. Kiss gap years goodby if you need to prove you have a job to apply for a job.

As a rule, "decentralized identity" wants either whole identities placed online unprotected, or else selectively revealing attributes using CL-signatures or similar, which does not improve the situation much since attributes deanonymize too and users just click okay.

Identity systems should be either

• special purpose, meaning the same party both issues identities and benefit from verifying them, and this part owes the user some duty of care, so like a bank, or else
• general purpose which deSybil users but prove nothing but user uniqueness in the identity beneficiaries' context.

If you want a general purpose identity system, then you do not want attributes like CL-signatures provide, but instead want a ring VRF or group VRF. In other words, the user hold some key and certificate with which they can (a) compute the VRF output for their key applied to a given input, and (b) prove that some certified key performed this computation. At this point, the users' browser validates the requester's TLS certificate, runs the VRF on input the domain name validated by the TLS certificate, and then provides the requester with the output and proof. The output is now that users' identity on that domain, which is unlinkable to any identity on any other domain, assuming hardness of DDH.

https://pop.dedis.ch/ is one attempt at doing this sort of thing.

[yardenac]

The PR specifically adds a link to something called Affinidi so it might help to focus any critique here on that project in particular.

[burdges]

Affinidi uses the W3C Verifiable Claims effort, with the Ethereum as some root of trust if not more.

I believe this repo previously asked blockchain projects to go elsewhere, no? I'm maybe confusing this repo with another awesome-.. one though.

The W3C Verifiable Claims use cases document is quite open about providing a way for people to prove employment and other things that would create discrimination.

[rossjones]

I believe this repo previously asked blockchain projects to go elsewhere, no?

Tempting, but no, there were some early ones that were dead before the PRs got merged though and were cleaned out, as I recall.

I noticed the PR adds a section called "Identity" and the only mention of decentralized is in the Affinidi description - I'm minded to merge but I'm also enjoying learning something :D

[burdges]

In that case, I'll mention that ring VRFs do not differ much from the linkable ring signatures used in Monero, ZCash, and others.

In a ring or group signature, there is a secret key sk held by the signer and some way the signer proves the secret key lies in a given set, either a certificate signed by a master key in the group case, or a specified set of public keys in the ring case. You make elliptic curve ones "linkable" usually by exposing a nullifer computed like sk * N for some fixed base point N on the curve. And then some database prevents the same nullifer being used twice.

You make a ring or group VRF by instead exposing sk * H(domain) for some hash-to-curve H, so then instead of sk * N preventing double spending, sk * H(domain) becomes the users identity on domain. You compute H(domain) outside the zero-knowledge circuit, so they cost roughly the same.

Although slow by regular crypto standards, I'd expect group VRF have performance similar to the CL-signatures proposed by W3C for selectively revealing attributes. Ring signatures do run slower than group signatures, ala zcash tx proving speeds, but fast enough for async usage without users noticing, and infinitely faster than solving a captcha. Identity use cases have no global nullifer database that grows indefinitely either.

As an aside, I gave a little talk about how ring/group VRFs let you play Cards Against Humanity: https://www.youtube.com/watch?v=VyiG_JNxvIw

[launganik]

Hey folks, I just started the identity category so as to cover it in the efforts towards re-decentralizing the Internet

Beyond Affinidi, we should add players like Sovrin, Mattr, Evernym, etc. Happy to do that if the community thinks it makes sense

[rossjones]

@launganik let me merge this one and then if you find time to add more, that'd be great.