Current identity proof systems like Keybase are largely centralized and have the sole power to revoke access rights for anyone who disagrees with them (i.e. Denial of Service). There have been several calls to decentralize this authoritarian control, but no proof-based implementation has yet emerged in the community.
Ethereum offers the ability to give personal identity back to the people: each person can submit and verify proofs of identity on-chain, irrevocably mapping these identities to a single Ethereum account without the ability to be obfuscated. Importantly, these actions can also be tracked to form an audit log of identity modifications to be used in various applications including but not limited to:
- Career Services (e.g LinkedIn): Provably and immutably manage personal credentials and experience rather than hoping that the other party is completely honest.
- Business Administration: Use trusted audit logs between different corporate identities to trustably facilitate interactions. Further, the proof process can be delegated to the organization initially so that individuals do not need to provide their own proofs, instead using those of their company.
- Healthcare and research: Create identities for researchers and organizational heads, allowing them to easily show ownership of sensitive data trails such as HIPAA and GDPR-related information.
- Email verification: Verify DKIM signature proofs referenced on the blockchain. For example, automate the certification of people’s identities and places worked through organizational emails.
Overall, Cortex allows for greater security over personal identity and the globalization of personal identity in an age where oppressive regimes can abuse or erase ideologically opposed identities instantaneously.
What it does
Our platform, called Cortex, enables a decentralized manner of identity management. The web application provides a simple onboarding experience via Fortmatic & Torus, and users can then easily prove online identities to link them together (e.g. website presences, email address, social media profiles). The current iteration of our platform focuses on two identities: personal websites and Ethereum account attestations from other users. This effectively creates a decentralized web of trust, backed by proofs to well-known identities — for example, the credentials of a researcher at MIT could be attested to by the Ethereum account of MIT’s presence on Cortex, which itself would be tied to an HTTPS web proof of mit.edu.
In the future, such organizations could use our developed/combined nuCypher implementation to revoke/give data access to certain identities. Further, we are creating a key management hierarchy system in which organizations can revoke access based on their own role (e.g. board of directors control the head researcher who controls individual researchers). Throughout this process, we create an audit trail that can be used to make sure the transactions are legal and in good faith for internal/external business audits in the future.
How we built it
Using a Solidity contract to act as a central lookup store for mappings between identities and Ethereum accounts (thus effectively replacing the role of Keybase’s central servers), we created an extensible way to record identity verification of any type of service. We further added a reverse index so that you can map third-party identities back to Ethereum accounts. On the front end, React fetches all identity proofs and validates them client-side, thus avoiding any reliance on a centralized proof-checking service.
Challenges we ran into
- Issues with nuCypher integration, but a great development team helped us get on the right track; we have a workable state of transferring data privately between two parties, but are unfortunately not able to implement as of this moment due to compatibility issues in the test network. We did, however, fully document our process, explaining the NuCypher documentation in simpler terms to assist other teams in the future. (https://blog.scintillating.us)
- Finagling with proofs
Accomplishments that we're proud of
- Due to transportation issues, we arrived to the hackathon late and lost the opportunity to attend many info sessions that we had wanted to see. had an idea already planned to complete, but we quickly realized that the technical advancements necessary to complete the idea were being addressed at a later date. We ultimately shifted gears to our current project at around 11 pm last night.
- Taking time off from high school and other external work to be able and come here from Boston and compete was a challenge. It was difficult to manage time earlier on, but we are very happy to have had the opportunity to come and learn more about Ethereum!
What we learned
- The internal details and architecture of how nuCypher works.
- How to implement client-side, web-based proofs of identity (in our case, we used a .well-known URL to host our proofs for personal websites. Further extensions could be DNS TXT records or other mechanisms.)
What's next for Cortex
- Full integration with nuCypher for data management and access control based on identity
- Integration into our platform, Delphus, for research management using above integration
- API endpoints for external integration
- More verification and finish hierarchy system
- Additional visualization