Identity Smart Contracts on Ethereum
From IIW
Identity Smart Contracts on Ethereum
Wednesday 5B
Convener: Christian Lundkvist
Notes-taker(s): Ed Eykholt
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Christian Lundkvist - Uport / Consensys from the uPort team presented their smart contract designs similar to as documented in their whitepaper http://whitepaper.uport.me/
- Smart Contracts in Uport
- Use smart contract to…
- Map DID to a DID Document (contains PubKey)
- Provide a persistent Identity for interactions with other Ethereum contracts
- Proxy Contract
- Tiny contract
- Act as a level of indirection
- Has an "owner" address
- Can forward transactions from the owner.
Discussions:
- What about Key Revocation (e.g. for a key that was compromised at some as-of date)?
- In the case of a revocation, should previous signed verifiable claims still be interpreted as valid?
- This is an argument for keeping dates in the DDO specification.
- On the blockchain, how is time reliably recorded? Could use a secure timestamping services like Tieron or OpenTimestamps
Main drawback of this design is privacy. Can see the delegates
- Another approach would be Shamir's Secret Sharing Scheme, which would not be visible on the blockchain. Another approach might be the "Horcrux protocol".
- Friction of this approach on Ethereum:
- Signing a transaction on a device (e.g. to a controller contract) requires paying a fee in ETH to run the network.
- Could instead have the user create a signature with a key, but have a service that gets that signed transaction, pays the fee, and broadcasts the transaction to the Ethereum network.
- It is now on the Ethereum roadmap to add an Account Abstraction feature, the access control logic can be handled by the smart contract (and a minor can decide whether to mine that transaction). EIP 86 https://github.com/ethereum/EIPs/issues/86, potentially to be included in the second Metropolis release.
- Risks:
- There could be taint of one transaction with another. For example, if there is a verifiable claim “I'm over 21” can it be found out how much ETH I own?
- Christian wrote a blog post on how to simplify multisig contracts.