Consensus and Identity

While modern cryptography endows enormous powers to holders of private/public keypairs, the problem of assigning real-life identities to these keypairs is an enduring challenge.  It is trivial to prove that a message was written by the controller of a given public key; but knowing that that private key was really held by Luke, or by John, or by anyone else, is the hard part.  The math part may be internally perfect but the connection with the gritty outside world is quite messy.

You can go on Github and get a public key for my name.  You can use services like Keybase and Onename to get public keys under my name.  But all of these services rely on trusted central parties.  Keybase uses social media for me to verify my identity.  Github has no real idea whether I am me.

These are very weakly proven forms of identity.  What does a Twitter account really mean to prove my identity?  What does a Reddit or Facebook account really prove?  Can we do serious things with this?  Can we sign legal documents with identities underlaid by social media?  It seems that we cannot.  It would be very easy to spoof identities secured in this way.  Thus we must take them with less-than-a-grain of salt.  And not matter how seamless and clever the surface solution, like Keybase, if the underlying connection between identity and public key is tenuous, all the best tech in the world won’t help you.

I’ve been considering a better way to prove identity.  One can use the Bitcoin Blockchain to timestamp data in a provable way.  By posting a link and a hash of data inside a Bitcoin transaction, one can prove that certain data existed at a certain time.  By posting both a link and a hash, the link can be explored for its full contents (which may be of arbitrary size).  If the contents are later changed, the hash will no longer match.  This is a well-known tactic.

I’ve started experimenting with publishing what I call ‘evidence’  of identity to the Bitcoin Blockchain.  I’ll publish data about an identity.  Each identity is a Bitcoin address whose public key is also available.  A user controls one address.  The purpose is not to control a wallet, but a keypair which has the same cryptographic powers as normal keypairs, but also occupies an exclusive ‘niche’ in the Blockchain.  From there it may publish provable, timestamped ‘evidence’ that it is owned by the right person.

This is how it works in its current, extremely early incarnation.

  • A user, John, creates a random private/public Bitcoin keypair in the browser.
  • John encrypts his private key using his password (which must be strong).  The encrypted form of the private key is sent to my API.  No service besides client-side javascript ever sees his unencrypted private key.  I have consciously tried to follow the method of creating and managing secure Bitcoin wallets.  This involves identifiers and passwords that cannot be recovered.
  • John logs in to his wallet on the client-side only.
  • From the browser, John publishes ‘evidence’ and metadata about his identity.  Each piece of evidence involves 2 Bitcoin OP_RETURN transactions which are linked.  One transaction gives a shortened URL for a data file, the other contains the hash of that data file.
  • John publishes a piece of ‘evidence’ about his name.
  • John takes a selfie.  In his selfie, he includes the last block hash (or at least the last 10 digits of the last block hash).  He handwrites these digits in a card that he holds in his selfie.
  • The selfie file is also published as ‘evidence’ to the Bitcoin Blockchain.  Because it includes 10 or more digits from the last block hash, the picture must have been taken after that block was discovered (since the hash cannot be known ahead of time).  But also, because the evidence was published in a certain block (in one of the next few blocks), the picture must have existed before that block. Thus the picture has been timestamped within a narrow window.

Here is an example of a sample identity:

Proving my Identity

That’s my test identity.  You can see in that picture that I am holding the block-height and the last digits of that block hash.  That’s proof that the picture was taken after that point.  It would be extremely difficult to counterfeit this picture within that time window.  More on that later.

Since I control this address, I may publish an arbitrary amount of proof that I control it.  I could upload selfie’s every month.  I could create videos in which I do something provably Andrew-Barisserish.  I could take a picture of myself with my driver’s license (with sensitive bits removed), passport, and the last block hash.  Any kind of proof can be time-stamped in this way.

So even if a selfie with the last Block Hash is not rock-solid evidence, we can assemble whatever constitutes robust evidence and publish it provably from this address.  Consider this to be a sort of Proof-of-Evidence, where someone had at least to construct plausible evidence of being that person at a certain time. Indeed, I’m trying to take the “pics or it didn’t happen” meme and applying it to the Blockchain.

On top of this Proof-of-Evidence, we can institute a form of Web of Trust, in which different addresses verify one another.  For instance, if my mother had an account here with her own string of ‘evidences’, she could sign a public cryptographic message stating that I am, indeed, her son.  A broad web of verifications could augment whatever evidence we can publish to the Blockchain.  Brute forcing this system would be incredibly difficult, if not impossible.

I’ve implemented an extremely simple first-pass of this approach.  My app is still a prototype with lots of features still incomplete.  Don’t take it too seriously yet.  But I’ve taken some first steps to creating an independently held, trustless identity system.

I’ve emphasized that users and users alone should ever come in contact with their private keys; I don’t want the headache of managing your security.  You do it.

Finally, an identity system should be trustless like Bitcoin.  Each identity should be independently verifiable.  There should be no special knowledge or special access required to confirm an identity.  Everything on my site has been architected that way; you may inspect every piece of evidence on its own merits.  There is also nothing about my ‘protocol’ that actually requires my website; it is an approach that could be adopted by anyone without permission.

What I want to accomplish is to endow every user with the same cryptographic certainty of identity that Satoshi Nakamoto possesses.  We all know which public keys he controls (since he controls the first Bitcoin addresses).  If he ever signed a message from one of those private keys, we would know it was him incontrovertibly.  No one else on the planet has that same, absolute certainty attached to their identity.  But we should all have it.

Check out the rudiments of my site at  Please be merciful as it is still an extremely tenuous work-in-progress.  It should be seen as a proof of concept more than anything else.  Many more features and improvements are in the works.


Andrew Barisser