ID Keys

ID Keys is an open-source/open-data identity protocol held by a non-profit organization, Planetwork. The ability to look up public-keys, without any central authority, makes them the universal standard identity credential for any type of secure cryptographically signed data transaction. A public key registry also makes both socially validated "pseudonymous identity", and "real identity" credentials, possible on the same system.

free public beta: idkeys.net

There are a spectrum of possible identities or "credentials" that people use in society. These can be described on the Identity Spectrum. At the yang, or hard end of that spectrum is so-called "real" identity, usually validated by a central authority such as a government agency like the DMV, or passport office, or by a proxy that has validated it, such as a telco or utility.

The Identity Spectrum also includes socially validated identity that can be represented by a pseudonymous identifier "within the context of a social graph ... acknowledged by others, thus being socially validated." A pseudonymous identity that has a rich history of agreements with other entities, at least some of whom have comparable longevity and richness, and who are linked to other communities in various ways, possesses powerful credibility that would be very time-consuming and expensive to spoof.

In either case, the challenge is to present a persistent credential that is verifiably associated with a specific component of identity. A useful online identity credential protocol that can support both socially validated identities, as well as specific verified "real" attributes, has a number of required characteristics.

The identity credential must be globally unique, as decentralized as possible (or as someone put it recently have "minimum viable centralization"), and be easy for users to manage and share. In other words it must satisfy Zooko's triangle.

The best existing available token to represent such a credential is the public key part of a public/private key pair. In one sense, the public key is the identity, since the ability to prove possession of the corresponding private key by providing a valid cryptographic signature is the way identities will interact for authentication and for "Link Contract" exchange.

The notion of using public-key crypto-systems to facilitate online identity traces back at least to the 1980's. In the 1990's two philosophically opposed public key registration systems came into existence. On the one hand there are certificate authorities, now widely used in the SSL/TLS protocol for secure "https" in your web browser. On the other hand are web-of-trust systems, the best known of which is PGP.

The certificate authority system is completely hierarchical, with a set of top-level authorities that must be trusted by everyone, and is therefore vulnerable to corruption. Web-of-trust systems are completely flat, which creates usability problems as each user must decide who they trust, and how to obtain trusted keys in a secure way.

These two systems represent opposite poles between order and chaos. Certificate authorities are completely ordered hierarchies, and web-of-trust systems are based on essentially random connections. Robust natural systems tend to be somewhere in between, a characteristic that has come to be known as "chaordic."

Most recently, there has been excitement about digital identity using the blockchain technology made famous by Bitcoin. This allows order to emerge from a chaotic system by mathematically securing all of the data in one agreed-upon global ledger called a blockchain. We think this is a huge step in the right direction, but the Bitcoin blockchain, often called "The" blockchain, has two serious problems.

First, the Bitcoin blockchain is very slow to validate, and gets slower as it grows.

Second, blockchain "mining" consumes a tremendous amount of energy, which is incredibly wasteful and environmentally problematic.

There is controversy about exactly how much energy is wasted by Bitcoin, but it's undeniable that the system is secured by using computers around the world to continuously make vast quantities of mathematical calculations that are completely useless, except to introduce necessary friction into the system. One estimate found that global bitcoin mining is already consuming as much electricity as the entire country of Ireland. Whatever the current figure, the amount of wasted energy and extra carbon emissions are growing as the chain gets longer.

Instead, we use a newer more highly evolved blockchain protocol, provided by the non-profit Stellar.org, based on a global ledger, but using a consensus protocol based on a higher-order web of trust between nodes in the system. We believe that this is the way to achieve a truly chaordic system that is equally secure and robust while offering rapid resolution and excellent usability, without gratuitous waste of energy and carbon emissions.