identities & permission-groups for blockchains
TRANSCRIPT
Identities&Permission-GroupsforBlockchains
ThomasHardjono&Alex(Sandy)PentlandMITConnectionScience
February2016
Confidential 12007-2016MITInternetTrustConsortium
OverviewofMITChainAnchor Project
PLEASEDONOTDISTRIBUTE
Current“Identities”inBitcoin
Confidential 22007-2016MITInternetTrustConsortium
• Entitiesknownonlybytheirpublic-key• Self-created (”self-asserted”)• EntitiesaddressableonlywithinBitcoin• Purposedsolelyforcurrency transactions
DigitalIdentitiesToday
Confidential 32007-2016MITInternetTrustConsortium
• IssuedbyIdentityProviders(IdP)• Addressable&routableglobally(cf.DNS)• Primary“identity”foraccessingservices
Attributes&AttributeAuthorities
Confidential 42007-2016MITInternetTrustConsortium
Challenge:WhichAlice&WhichAttributes
Confidential 52007-2016MITInternetTrustConsortium
Howto:• “Link”identitiesacrosslayers- preservingprivacy• Optiontoremainanonymousbutverifiable• Optiontodiscloseananonymousidentity–withoutaffectingotherownedidentities• Bindattributestoanonymousidentitywithverifiabletruthfulness
ChainAnchor:PermissionGroups
Confidential 62007-2016MITInternetTrustConsortium
• PermissionGroup=Logicalgroupofentitiessharingacommonblockchain• GroupOwnerinitiallyknowstrueidentityofmembers• Eachmemberisgivenuniquesecretkeyingmaterial¶meters• Eachmember“blinds”keyingmaterialandthenoperatesanonymously
ProvingMembership(Anonymously)
Confidential 72007-2016MITInternetTrustConsortium
• Memberswitchestoanonymous&̀ `blinds’’secretkeyingmaterial• MemberrunsZero-KnowledgeProof(ZKP)protocolwithVerifier• Membergeneratespublic-keypair,andVerifieraddspubkey tomember’slist• FromStep-2onwards,userisanonymoustoGroup-Owner&Verifier
FilteringforMembers’Transactions
Confidential 82007-2016MITInternetTrustConsortium
• Participatingminerchoosestoprocessonlymembers’transactions• Minerlooks-upanonlistofmembers’public-keyspriortoprocessing• MinercanalsoremainanonymousbyrunningZKPprotocolwithVerifier• Minergetshigherrewardforparticipating– payoutfromGroup-Owner
ChainAnchor:Use-Cases
Confidential 92007-2016MITInternetTrustConsortium
UseCase#1:CompetingEntitiesSharingaCommonLedger
Confidential 102007-2016MITInternetTrustConsortium
• ChainAnchorGroupimplementsmembershiptosharedblockchain• Competingentitiesremainanonymoustooneanother• Optionaldisclosureofidentitywhenchallenged(e.g.regulatoryneeds)• Read/WriteorRead-onlyaccesstosharedblockchain
UseCase#2:AttributeGroups
Confidential 112007-2016MITInternetTrustConsortium
• Membershipexpressespossessionofattributes(e.g.“Over18”group)• Usermustshowevidenceofeligibility(e.g.driver’slicense)• EvidenceissuedbyexternalAttributeAuthority• Userswitchestoanonymousmodeafterobtainingsecretparams.
Use-Case#3:CertificateforAnonymousIdentity
Confidential 122007-2016MITInternetTrustConsortium
• VerifierbecomesaCertificateAuthority(orRegistrationAuthority)• Certificatecontainanonymousidentity&transactionpublic-key• Certificate,identity&public-keyusableoutsideblockchain
Use-Case#4:“AML-Friendly”CurrencyCirculation
Confidential 132007-2016MITInternetTrustConsortium
• ChainAnchor groupimplementscontrolsovercurrencycirculation• GroupOwnerdisbursescurrencytomembersonly• Memberscantransactonlywithingroup• Spendinglimitpertransaction(pertimeduration)• Minersverifymembershipoforiginator&recipient
• TXwithunknownoriginator/recipientaredropped• TXwhichviolatespendinglimitaredropped
• Optiontodisclosedpubkey/addressuponlegalchallenge– butwithoutaffectingotherpubkeys• PropertyofZKPprotocol
• Canbe“overlayed”atopBitcoin
©2007-2015MITInternetTrustConsortium confidential 15