How does blockchain protect identity from the perspective of the Byzantine Generals Problem?

Blockchain is a rapidly developing emerging technology that has become very popular due to the elusive online currency Bitcoin. In its simplest form, blockchain is a database and transaction ledger system. Unlike traditional databases that are stored and maintained on private and centralized servers, blockchain is decentralized, publicly distributed and transparent.

Identity protection is a common problem in today’s digital world. Seemingly every other week, headlines reveal that some hacker has breached a centralized server, resulting in millions of financial records, medical records, or identities being stolen. This problem is likely to get worse before it starts to get better. As of 2016, there were 13 billion devices connected to the internet. These devices hold our personal information, banking records, and credit card numbers. By 2020, that number will reach 40 billion, leaving us more exposed than ever before.

Identity theft by the numbers

1. Approximately 15 million U.S. residents have their identities stolen each year.

2. Nearly 100 million additional Americans are at risk of identity theft each year as government-maintained records and corporate databases are lost or stolen.

3. In 2014, there were 1,540 data breaches, resulting in more than one billion data records being compromised.

4. 45% of credit card fraud is online transactions, which take place over the Internet without the card being shown.

5. Identity theft as a whole costs the U.S. economy an estimated $100 billion per year. Global losses easily run into the hundreds of billions.

6. Last year, nearly 100 million medical records were hacked.

7. Medical records can be purchased on the dark web for $60 each. Social Security numbers can be bought for as little as $15.

Blockchain entry point

Databases are prime targets for hackers because they hold centralized information. If the encryption is broken, hackers may be able to steal all the information being stored. Blockchain technology offers a unique solution to this problem by decentralizing all this data. Therefore, data will not exist on a single server, but instead on a distributed public ledger maintained by thousands of computers around the world. As a result, various data attacks will be nearly impossible to carry out because no single entity is in control of the information.

How can individual users protect their data from malicious actors?

“Byzantine Generals Problem”

Take a scene from a movie: a medieval castle is under attack. Inside the castle are 200 soldiers defending their king. Outside the castle are 4 armies, each with 100 soldiers waiting for orders from their lieutenants. If they don't attack at the same time, they will lose the war. How can the lieutenants leading these armies agree to attack the castle at the same time? There are two variables. One is the 'attack at 7pm' message order created by the general, which needs to be delivered to each lieutenant by hand on horseback. The second is that there may be traitors among the lieutenants who may try to change the message and lose the war. Therefore, the general gets a special locked box with two sets of keys, private and public. The four lieutenants have a public key that can only be turned clockwise to see what's inside the box. The general has a private key that can be turned counterclockwise to change the information inside the box.

The general takes the locked box, turns the private key counterclockwise, and puts in the necessary information - attack the castle at 7pm. The box is then sent to the first lieutenant, who takes out his public key and turns it clockwise, and sees the 7pm attack order from the general. The box is then sent to the second lieutenant. He decides to use his public key and turns it counterclockwise, hoping to change and destroy the attack order information inside. However, because of the general's very advanced lock, the public key will not allow this lieutenant to do so. The information cannot be changed, so it is passed to the third and fourth lieutenants without being destroyed. The attack is finally successfully launched as originally planned.

Now, let's relate this to the blockchain. You can store anything of value in a 'digital lockbox'. The contents of the box can only be opened and changed by a unique private key. The contents of the box can then be shared as needed and cannot be changed or copied. This is the simplified architecture of private/public key cryptography implemented by Bitcoin.

What does the future of identity verification look like?

There are multiple startups working on creating blockchain identity solutions. Shocard, founded by Armin Ebrahimi in 2015, is looking to create a mobile ID that can be verified in real time using encryption and the immutability of Bitcoin's public ledger. Ebrahimi sees Shocard as a way for people to securely and instantly verify their insurance claims, e-commerce providers, banks or any third party to which they must provide identity information.

interface

Users can upload ID documents to the Shocard app. These documents are instantly stored and encrypted to the blockchain. Shocard itself does not have to store or hold any of these documents. The documents are sealed on the blockchain so they cannot be altered. Shocard can be authenticated by anyone who needs to know your identity. For example, if a bank needs to verify your identity, you send them your encrypted Shocard. The bank then verifies that the Shocard data matches the sealed data on the blockchain. The bank then creates their own record associated with your Shocard, encrypted with their private key. This way, the bank will know it's you whenever they need to. This verification can be used for account login, account management, credit card authentication, and more. It's similar to a signature card that a bank keeps on file to match the signature on a personal check.

Use cases in banking and travel

Example 1 : When logging in, instead of entering your username and password, which are easily hacked and forgotten, you simply scan the QR code on the bank’s webpage from your Shocard app. Then, a notification will be pushed to your app, asking for fingerprint verification. After providing your fingerprint, you will be automatically logged in.

Example 2 : If you need to call bank customer service because of an account problem. Traditionally, they might ask you some security questions. These questions might be, what is your mother's maiden name? Your account number? Your username? If your account is hacked, these can all be compromised. Instead, with Shocard, a notification will be sent to your app while speaking to the bank operator: the notification will ask for a fingerprint to verify who you are. Once the fingerprint is verified by the Shocard app, the bank knows that it is you on the other end of the call.

Example 3 : Passengers upload all their travel documents using the Shocard app. These documents are then sealed and encrypted on the blockchain, and anyone can verify their authenticity using the public key. Passengers share this information by scanning QR codes at check-in, airport security, and immigration checkpoints. Perhaps the first time, passengers will need to provide original documents for verification, but frequent flyers will be able to use this app as needed.

Summarize

One thing is for sure, the identity theft protection industry is going to see radical change over the next decade. Shared secrets (username/password) have become a nightmare. Centralized key servers are dangerous, ink signatures are easy to forge, documents and IDs are 19th century technology, and two-factor authorization services are often inconvenient and unreliable. On top of this, by 2020 we will see a 3x increase in the number of devices connected to the internet, leaving us more exposed to hackers than ever before. I’m not promoting blockchain technology as the solution to everything, but it looks like a step in the right direction. Companies like Shocard, Solidx, and Civic are at the forefront of this innovation, which could be disruptive to the industry.