Unique Principal ID

Inspiration

For blockchains to be fully embraced in the modern world, we will eventually need democratic control over public infrastructure. Blockchains are well-suited to open silos and enable open access, and make procedures transparent. With them, we can finally verify that that open-source code is running even on the backend.

What it does

UPID combines the functionality of Port and ICP blockchain. It brings attestations provided by Port and makes them accessible to dapps on ICP. It makes Principal IDs unique.

Port on-boards a massive Public Key Infrastructure (PKI) provided by countries and aggregated by ICAO to a server. Port apps upload passport signature (AA) that gets authenticated up the trust-chain to your country authority, to confirm that the passport you just tapped is legit and currently in your possession.

From there, the UPID frontend calls the Canister and HTTP Outcalls bring that information to the user, or later other dapps, acting as an infrastructure building block.

How we built it

We build the front-end using React, agent-js so a webapp can call a function (update call) on the canister, and verify your Principal ID. We hosting frontend website on the ICP We built a canister using Kybra (python).

Challenges we ran into

We are new on ICP, so a lot of time was spent digging up the information and unique concepts ICP possesses. We also spent a week battling the Kybra bugs, which seems to inform the devs to fix it with new versions. HTTP Outcalls not having support for ipv4 also made us spend another two days resolving leaving us with less time to develop more functionality.

Accomplishments that we're proud of

We now understand ICP and its technologies much better, allowing us to expand them and eventually move everything on-chain. We are also happy that our problems led to resolved bugs in Kybra for others.

What we learned and what's next for UPID

We learned enough so we can propose how to move Port from the server to ICP (onchain). We will propose a grant to adopt our wasm-optimized cryptografic library for ICP. This will add to ICP missing RSA-PSS (newer), Sha-384, and other EC curves; P-384 and IETF rfc5639 crypto, German ones; BrainpoolP256r1, BrainpoolP384r1, BrainpoolP512r1. At that point we will be able to verify certificates, passport signatures- and validate the whole trust chain fully on-chain.

We also learned the limitations of HTTP Outcalls and will be proposing some upgrades. It's an amazing tech/concept, but it can do so much more. In our case, it can provide Chip authentication (CA).