Identity Smart Contracts on Ethereum

From IIW

Identity Smart Contracts on Ethereum


Wednesday 5B

Convener: Christian Lundkvist

Notes-taker(s): Ed Eykholt


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Christian Lundkvist - Uport / Consensys from the uPort team presented their smart contract designs similar to as documented in their whitepaper http://whitepaper.uport.me/

  • Smart Contracts in Uport
    • Use smart contract to…
    • Map DID to a DID Document (contains PubKey)
    • Provide a persistent Identity for interactions with other Ethereum contracts
  • Proxy Contract
    • Tiny contract
    • Act as a level of indirection
    • Has an "owner" address
      • Can forward transactions from the owner.


W4B1.jpeg


Discussions:

  • What about Key Revocation (e.g. for a key that was compromised at some as-of date)?
  • In the case of a revocation, should previous signed verifiable claims still be interpreted as valid?
  • This is an argument for keeping dates in the DDO specification.
  • On the blockchain, how is time reliably recorded? Could use a secure timestamping services like Tieron or OpenTimestamps


W4B3.jpeg

Main drawback of this design is privacy. Can see the delegates

  • Another approach would be Shamir's Secret Sharing Scheme, which would not be visible on the blockchain. Another approach might be the "Horcrux protocol".
  • Friction of this approach on Ethereum:
    • Signing a transaction on a device (e.g. to a controller contract) requires paying a fee in ETH to run the network.
    • Could instead have the user create a signature with a key, but have a service that gets that signed transaction, pays the fee, and broadcasts the transaction to the Ethereum network.
      • It is now on the Ethereum roadmap to add an Account Abstraction feature, the access control logic can be handled by the smart contract (and a minor can decide whether to mine that transaction). EIP 86 https://github.com/ethereum/EIPs/issues/86, potentially to be included in the second Metropolis release.
  • Risks:
    • There could be taint of one transaction with another. For example, if there is a verifiable claim “I'm over 21” can it be found out how much ETH I own?
  • Christian wrote a blog post on how to simplify multisig contracts.