Self Sovereign Identity can do just fine, blockchain-less

KERI, an open protocol for identifiers

 Author Krijn Soeteman

Published in Dutch on Tweakers

Authentication is the big problem on the Internet. There is no portable authentication layer in the Internet protocol, like phone number portability between phone providers. This has been a problem since the beginning: how do you prove that a user or other entity is who they say they are? Authentication is also the basis for the term SSI or self sovereign identity, popular in policy documents today. How can you control your own online identity? And at least as important: how can you ensure that others do not abuse it?

Since another term became popular, namely the word “blockchain,” many were looking at the possibilities that these more or less decentralized systems could offer. It seemed an ideal component for decentralized orchestration of online identity. Yet there are drawbacks to this, perhaps the biggest of which is platform dependency which means the identifier isn’t portable and sovereign.

This had to change, thought Sam Smith, creator of KERI or Key Event Receipt Infrastructure. After first enthusiastically collaborating on a large identity project based on a blockchain, he discovered that you do not need a blockchain or other shared database for an online identity or online identifiers. Basically all you need is a secret key that underlies your entire online identity, or: a public private key infrastructure resulting in a self-certifing identifier or SCID.

Smith explains in a few words the problem his system solves: “The Internet has an authentication problem and KERI solves that. There is no authentication layer in the Internet protocol so additional systems are needed to provide authentication. That’s needed for things like making payments, registering somewhere or the domain name system DNS. To know if a domain is really what it says it is, we use certificates but those have fundamental flaws. What you need is a trust layer that can trust all the applications on top of it. That requires a protocol that is not tied to any given trusted entity, trusted platform or trusted infrastructure. It must be zero-trust.”

Before we go deeper into KERI and how it works, it’s good to briefly review the basics of KERI and so much else on the Internet, namely the use of public and secret keys and the application of hashing techniques.

Public key infrastructure PKI

The basis of KERI is to manage a secret key. From that key, all kinds of other keys can be generated. That always seemed like an impossible task for “ordinary” people, so all kinds of systems were devised to circumvent that. However, since the advent of bitcoin and the whole crypto currency boom, people have become increasingly used to dealing with secret keys. More and more systems have also been devised to practically deal with them. According to Smith, this means that most people should be able to manage a secret key themselves without problems in order to manage their own key event log file or KEL, the basis of KERI. A KEL keeps track of changes of secret and derived keys and produces a verifiable data strcuture. In addition, key rotation also solves the problem of your secret key becoming known for any reason. 

That all sounds complicated to the outsider. Smith refutes that. “In fact, it’s relatively simple,” he says. “Simple enough to go all the way to the basics of the system and not even have to dive into very complex stuff. A little basic knowledge of cryptography, software, algorithms and consensus mechanisms is enough.” 

In essence, this amounts to relatively old technology: hashes and digital signatures. 

I speak to Smith about his work via Google Meet on Ascension Day 2022. Nine o’clock in the evening here, one o’clock in the afternoon there. “How much time do we have?” he asks. “Somewhere between half an hour and three-quarters of an hour,” I say. It turned into well over an hour. It’s fascinating stuff, and the little game of signing each other’s public keys all the time and thereby proving that you are who you are can be carried on endlessly. There are also an awful lot of interesting side paths to discuss that are of interest. Like how to make it easier to manage secret keys in the future. But also how you can effortlessly give others within a company or institution responsibility over specific matters with just a digital signature from someone who has the right to make such a decision. Or, of course, simply proving that you are indeed eighteen years of age or older when buying alcohol without giving away anything other than the assurance to the retailer that you are indeed over eighteen, and nothing else. 

What preceded the conception of KERI?

“In late 2014, I had some colleagues who were part of a startup that wanted to build a reputation system based on decentralized technology. It was called The World Table and they believed that the internet was broken from the point of view of social networks and people commenting on websites. Trolls were a big problem and they saw an opportunity to use decentralized technology to fix those problems.”

“My colleagues thought they needed artificial intelligence for their project. One thing led to another and they asked me to look into it. I had done some pioneering work in reinforcement learning back in the 1990s, where an artificial intelligence learns from its own experiences, among other things at a university in Florida. It seemed very interesting and I left the company I was working for and joined the startup.”

“Soon I found out that for an online reputation system you need a decentralized identity system. I wrote a number of whitepapers , but before we could get started, we ran out of money. In those white papers I did describe the idea of self-certifying identifiers and that idea stuck.”

“Not much later I got in touch with Evernym, an identity space company and they had just made the move to decentralized identity. They came across my white paper and they hired me. I wrote a white paper Identity Systems Essentials which was the basic design that later became Sovrin. Evernym did an initial coin offering or ICO and started the open source organization Sovrin.”

“The idea of Sovrin is that you can build an interoperable identity system with a public blockchain or public ledger. Only then everyone has to use the same ledger and that’s the big stumbling block: you get ledger wars from it.” 

Briefly, he explains that it is certainly possible to connect different blockchains and the like via bridges, rollups, atomic swaps and other systems, but in his view that is stitching things together. A blockchain is very good for tracking and performing transactions and ordering them globally over time. This helps to prevent that something can be spent twice, the well-known double spending problem, but this ordering is not necessary for an identifier, because it refers to an identity. Smith went in search of a solution that did not require a blockchain or other shared database.

“In our idea, you manage secret keys that control an identity, or more precisely, an identifier. That led us to design a protocol and not a platform. We named that protocol KERI. One of the main requirements for the protocol was that it had to be able to work anywhere on the Internet. It also had to be namespace agnostic and ledger agnostic. The whole thing had to provide a verifiable data structure that is also portable. In other words, it doesn’t matter where you host the file and yet anyone can verify the public keys and key state. So you get a truly decentralized identifier system, without shared management. The essential property we call “end-verifiability” means that the key state can be verified by anyone, anywhere, and any time. This is the ultimate most granular form of zero-trust.”

How does KERI actually work?

In essence, KERI is a type of decentralized public key infrastructure or PKI. The owner of a public key or identifier can prove that he is in possession of the corresponding secret key where the key event logs or KELs are the basis of the system. In this way, someone can prove ownership of a self-certifying identifier or SCID. A SCID is an identifier that can be proven using cryptography to be the only identifier linked to a specific public key, without the need for a blockchain or other database structure.

When modifying keys, someone can prove control over the new public keys without having to rely on anyone else. Anyone can keep their own key event log, but others can also keep and sign it. Such a witness is an additional facility to prove cheating if someone cheats. 

To avoid problems around exposure of secret keys, such as through theft, carelessness, brute force attacks and the like, pre-rotation, or a way to protect the next secret key, is used. New keys can be generated in the private wallet for future use. 

A KERI identifier can have multiple types of events added to it via its log, the KEL, that involves different PKIs . Nevertheless, at any given time only one secret key is active as controller of the KEL. That being active of only one secret key, can be done by pre-rotation. Such a thing would not be possible on a blockchain system, since that would involve a transaction. 

In pre-rotation, a controller digitally signs the next public key and adds that proof of signing to the key event log. That way, in the future, it is only possible to use exactly that announced key and no other. This key is not in the log as a public key, but as a hash, so that future public keys are not readable before they are used.

 

Source: https://www.windley.com/archives/2020/09/the_architecture_of_identity_systems.shtml


Example : Is the secret key of public key A compromised? Get the next public key B from your wallet and that way you use the next secret key for signing future documents. Future secret keys don’t have to be in the same place as the active device you’re currently using, or as Smith puts it, you can store all that in a safe in a mountain with an army of navy seals out front.


Because KERI identifiers and event logs are self-certifying, they can use any system as a witness, as long as the system in question can store and return data. So other key event logs, but also blockchains, traditional databases, file systems, etc. In this way, key event logs form signed hashed data structures that provide a verifiable key state.


Because everything relies on cryptographic links, KERI identifiers can be linked together in such a way that it is always provable who or what has ever verified an identifier or what permissions have been granted to an identifier. In this way, a government can be a reliable source for verifying an identity and a company can identify a person as authorized to sign. Or, conversely, revoke that authority. In this way it is possible to create an entire hierarchy of identifiers.


This works with the functions that KERI adds to identifiers, namely: inception, pre-rotation, rotation, delegation, and revocation. In addition, there are numerous derived and ancillary functions. Think of functions such as signing, committing (of data) that remain verifiable up to the source of the trust: the public-secret key pairs that the controller generated in his vault in his mountain, without having to trust intermediate parties.


So how does that work with, say, something like a personal identity, how do I prove it?


“Very simply, you create a verifiable link between a natural person and a cryptonymous identifier.”


And what does such a cryptonoumos identifier mean?


“Which is derived from your public-secret key pair in the beginning, but that identifier remains. So, you can rotate your keys, but you keep the same identifier. The key event log says, ‘here are the keys that control the identifier and no one else can create them.’ Then a reputable entity, the government for example, says, ‘I’m going to challenge you, natural person, to prove to me that you are the custodian of this identifier’. You can prove that by signing something with the secret key. I can verify that your signature can only come from the secret key if I have your public key, which proves that you have control over it. Then I, the government agency, will issue a certificate that says, “this is signed by the government’s crypto-anonymous identifier that is universally published so that everyone can verify that it is correct. Because the public identifier that you, the natural person with this name and personally identifiable information, is the controller of this crypto-anonymous identifier, this person is the controller of the secret keys.”


“We prefer to call it ‘autonomic identifier’ rather than crypto-anonymous, because that’s a bit easier to pronounce and better conveys the idea of self-governance. Self-governing because it is controlled by the custodian of the secret keys, not another entity. Yet for the purpose of determining the identity of you as a natural person, the reputable entity has made the connection with your identifier. This allows us to say, ‘okay, officially this identifier belongs to you, natural person’. So with that certificate, if you’re willing to show it, you can prove who you are. Or you can apply it in a privacy-protecting way in that you can prove through cryptographic links that you are, for example, old enough to buy liquor, but without having to give up anything about yourself. GLEIF does this not for natural persons, but for companies and institutions. And that makes pretty good sense: they sign a lot all day long.”


“Many people who know a lot about blockchains say: it can’t be done! Now my challenge is to explain that it can. So in the meantime, that’s gotten through to GLEIF , the Global Legal Entity Identifier Foundation, sort of the W3C for identifiers.”


How can I practically shape all that as an end user? What do I need?


“You need a device that can do cryptography, so something like a cell phone or other device with similar capabilities. In those devices there’s a secure enclave or something, that’s not such a problem.”


And what if I lose the lot? Backup?


“You need a backup of the secret keys, but that’s not a problem these days. A password manager, a hard copy backup, or mechanisms to share secrets. Since the advent of Bitcoin and many wallets, the options around backups have gotten better and better. But the importance of KERI is to be a good protocol, not to build a good user interface. That’s what others do.”


And what about people who can’t or no longer operate these kinds of systems themselves? 


“Now that’s the beauty of delegation: if you build delegation into identity systems, then you can prove that someone is a guardian; the whole chain is verifiable.”


“But it’s interesting, you’re talking about usability now. That’s something that does get solved. The problem is: if you sacrifice security for usability, you lose trust.”


The latter, trust, is one of the Internet’s biggest problems, according to Smith: trust cannot be moved over the Internet.


“Web 3.0 is intended to increase trust,” he continues. “But right now, that’s the last thing it does. Everyone thinks it has to be based on blockchains, but that’s not true. It doesn’t have to be based on a shared ledger; instead, it has to be based on a verifiable data structure. One type of verifiable data structure is a blockchain, but I also have one: a verifiable data tree, not just a chain. So in my view, a verifiable data tree is the solution, not a shared blockchain.”


“Why is blockchain not the solution? Because you have to deal with shared governance (governance), and the latter is always a weak point. It makes for high costs and low throughput. Look at Ethereum, right now the transaction costs are bizarre! Now they’re all doing arts and crafts there to get those down with rollups. And then all these complicated systems are being implemented to protect privacy. Just try to manage zero knowledge proofs…


The latter also has a lot to do with legal issues, such as when buying products and problems with them. Smith explains that such issues call for receipts, for a receipt. “It’s not called key event receipt infrastructure for nothing,” he says. “The basic idea is that agreements are made with receipts that are verifiable. That way, both parties have a legal recourse.”


So it all comes across as quite complex….


“Yet self sovereign identity is relatively simple. The problem is that it comes across as complex. People hear the word ‘blockchain’ and they shut down because they think it’s a big black box. With KERI, I just explained everything down to the fundamentals. Those fundamentals require a little bit of knowledge about cryptography and a little bit about software and a little bit about consensus algorithms, but it’s not remotely as complex as most blockchain systems that are supposed to provide SSI.”


Smith gets up to speed and pulls out NFTs. He mentions the complicated terms of use for the platforms you can get the NFTs from, but ultimately you can get thrown off a platform just like that. “You basically rent an NFT from such a platform, you don’t own anything. You simply don’t need a blockchain for an NFT. It’s just a chain of custody. It’s not much different than the key state. If you have an identifier and you embed it in a hash of a self certified identifier with a key state, then I can verify the origin of the NFT. After all, an NFT is nothing but an identifier. If I want to transfer ownership to someone else, I simply do a key rotation.”


And the privacy issue?


Authenticity is Smith’s number one most important component. Confidentiality follows immediately and privacy is the least important of the three in his eyes. He calls this PAC: Privacy, Authenticity and Confidentiality. You can have two of the three at a high level. According to Smith, privacy is always the weak point. It’s always difficult to keep protecting that. If you want to jump through too many hoops to do that, you make it impossible. “To protect my privacy now, that’s not that hard. To protect that information in ten years’ time is very difficult. That’s why I structurally choose strong authenticity and slightly less strong privacy protection. When I deal with people, I already lose a bit of privacy. So if I want to protect that forever, I have to go sit on an island, alone. What matters is that I don’t want to be abused by third parties. If I engage with a party, I don’t want a third party to be able to misuse my data. I share information with a party in order to do an activity together, for that party to do that, they need to know certain things about me. I have to be able to trust them and they have to trust me, very specifically for the transaction we are entering into. Now that relationship is structurally abused by third parties. Parties who don’t need to know anything about our relationship. Confidentiality is good enough to prevent third party exploitation. 


The point is to be used, not to use the latest, coolest technique that is also very difficult to implement properly. That’s the principle of KERI: solve a problem in the real world with the minimum techniques needed. The dumber the technology, but still sufficient to solve the problem, the better. ‘Dumb technology’ is freely available, understandable to everyone and easy to implement. In our case: just hashes and digital signature.


With many thanks to Henk van Cann for his expertise and invaluable help in writing this article.


Biography:


The search for the ‘secret of knowing everything’ was a long pursuit of me as a child. Fortunately, in the long run you discover that it is not part of your possibilities, but it stimulates your imagination.


After doing a lot of different things, a number of activities continued to return structurally, ranging from writing texts, cooking up programmes and exhibitions and doing research. And somewhere in between all those activities, I had the opportunity to manifest myself as a science journalist at BNR, a Dutch radio station. That one time became a year and a half on a weekly basis.


Since the second decade of this century, I have manifested myself mainly as a science and technology journalist, but I also take assignments as a copywriter as long as the subjects do not overlap with my journalistic work. Most of the time, it concerns working methods in the technology sector. Apart from producing media, I take on assignments as moderator when I’m able to play a sufficient independent role. In 2018 I wrote a book on cryptocurrencies and blockchain related technologies like Bitcoin: ‘Cryptovaluta for Dummies’ or Cryptocurrencies for Dummies.

You liked the article? Share it with your friends and colleagues!

More articles!

Paving the Way for Green Hydrogen’s Place in the Energy Transition

Paving the Way for Green Hydrogen’s Place in the Energy Transition

By EuroScientist Editor 07 Sep, 2023
Hydrogen fuel can be made from wood waste in a clean and cost-efficient way at heat and power plants – and its developers hope it could change the narrative around this sometimes-controversial solution. By Steve Gillman & Fintan Burke The costs of scaling up hydrogen power, along with the potential amount of energy and natural resources to produce it, have seen this fuel source face increased scrutiny as a solution against climate change. “The majority of our electricity and hydrogen is produced from fossil fuels. This, of course, is not sustainable as it contributes to climate change,” said Michael Bartlett, a founder of Phoenix Biopower, a company that turns natural waste into combustible gas, like hydrogen. As part of a research project called Bio-FlexGen, Bartlett is developing ‘green hydrogen’ from biomass waste from the forestry sector. “Our ultimate goal is to provide a secure, renewable and low-cost energy for society and industry,” he adds. Bio-FlexGen, and its multidisciplinary team of 14 partners from five EU countries, aim to provide the technology for combined heat and power plants (CHP) that can also generate a supply of green hydrogen in addition to usual outputs of electricity and heat. To make green hydrogen, Bio-FlexGen will use a combination of two main technologies – a gas turbine and a gasifier. First, waste biomass is added in a gasifier at pressure and heated up to 850 Celsius – a temperature so hot that it releases other gases, mainly hydrogen, methane, and carbon monoxide. The next step sees water and steam added to cool before it passes through a cleaning filter. “Once we have cleaned up the gases from the gasifier, we can either send it to the gas turbine for combustion and electricity generation or to a hydrogen production unit,” said Bartlett, adding that this process gives “enormous power” and efficiency to the CHP plant. The high temperatures of this process, over 1400 Celsius in the gas turbine combustor, also result in greater power generation. To ensure a high efficiency, the system is designed to gather waste heat and recycle it back into the gas turbine in the form of hot steam. This, Bartlett says, can result in double the electricity output that is typical for a given amount of biomass. The new approach means the CHP plant then has three modes of operation; 1/ produce heat and electricity efficiently from biomass in the winter 2/, produce green hydrogen and biogenic CO2 from biomass in the summer 3/ utilise hydrogen in the gas turbine for peak power. This flexibility means it can help keep costs low and stable and complements the hourly, weekly and seasonal variability of solar and wind power. Converting critics and pushing EU hydrogen plans ahead Bio-FlexGen’s systematic approach to incorporating green hydrogen could go a long way in negating the main arguments against this renewable energy, primarily the amount of natural resources it requires for its production. According to Rystad Energy, 620 million cubic meters of water are needed to produce 85% of the green hydrogen capacity planned for 2040. However, environmental groups like Greenpeace argue that renewable power alone is not enough to produce the needed amount of green hydrogen. If anything, they claim this may end up increasing fossil fuel demand. But Bio-FlexGen’s green hydrogen production utilises oxygen to drive the gasification process, itself a by-product of green hydrogen production from wind and solar power. “The main advantage of getting hydrogen from biomass compared to wind or solar is that it has less variability and is not dependent on electricity price,” said Bartlett. “It also requires less H2 storage (you store biomass instead) for when the wind doesn't blow.” When producing electricity from biomass in the CHP plant, a lot of steam is needed in the gas turbine for the best effect. In fact, 50% of the exhaust is just water vapour. This water is recovered, treated and recycled back to this process, and an excess of clean water can even be produced for other consumers. When this water is recovered, it also generates large amounts of heat, which the project can use further in district heating networks or other processes. In this way all the energy in the biomass is efficiently used. “We are working very hard to ensure that we are part of a circular biomass utilisation and that we are using hydrogen in the safest possible way,” explains Bartlett, adding that the project will make a “significant contribution to the decarbonisation of the energy system”. The first commercial plant using Bio-FlexGen’s approach is planned for 2030, in which the power plant will operate on biomass in the winter months and use 100% green hydrogen in the summer months, therefore displacing demand for fossil fuels in peak periods – a goal increasingly shared by EU policymakers. Following the war in Ukraine, and the embargo on Russian oil imports into the EU, the European Commission outlined a ‘Hydrogen Accelerator' concept to scale up renewable hydrogen deployment. This ‘REPowerEU Plan’ wants the EU to produce 10 million tonnes of renewable hydrogen by 2030, with the Commission recently proposing criteria that Member States can follow to ensure they produce green hydrogen, including that it only be produced when and where sufficient renewable energy is available. As BioFlexGen’s power plant will operate with up to 100% green hydrogen from solar and wind, with an optimised combination of bioenergy, it is already on course to meet these criteria. Bartlett also believes that the project has brought together “amazing, competent people” that can play a key role in developing green hydrogen further.
What You Should Know About Positive Climate Tipping Points

What You Should Know About Positive Climate Tipping Points

By EuroScientist Editor 07 Sep, 2023
Author: Jane Marsh Scientists are researching a theory known as positive climate tipping points. While most people talking about tipping points concentrate on their negative consequences, such as irreparable harm to ecosystems, positive tipping points provide a ray of hope. These points may result in favorable and constructive changes to our planet's climate system as the effects of climate change continue. Learn more about the idea of positive climate tipping points, consider their possible advantages and discuss their significance in understanding and tackling the problems caused by climate change. Understanding Tipping Points To fully understand positive climate tipping points, it is essential first to understand what tipping points are. Tipping points are key thresholds in a complex system where a minor change can cause significant and sometimes irreversible changes in the system's behavior. Harmful climate change tipping points may be the first type that comes to mind. These relate to occurrences like the melting of significant ice sheets or the disruption of essential ocean currents, which can have quick and harmful repercussions. However, there are also positive tipping points that may shape the future climate. Positive Climate Tipping Points Unlike negative climate tipping points, positive ones can increase ecosystem resilience and bring about encouraging changes. These turning points take place when certain environmental activities or changes trigger self-reinforcing mechanisms that improve the earth's capacity to absorb carbon dioxide, lower greenhouse gas emissions or support the preservation of vital habitats. Forest preservation and restoration is one illustration of a favorable climate tipping point. As forests grow and recover, they sequester a greater amount of carbon dioxide, which lowers the levels of greenhouse gases in the atmosphere. This process creates a positive feedback loop that encourages greater forest development and improves the ability of these ecosystems to control the temperature. Relevance and Implications of Positive Tipping Points Positive climatic tipping points must be recognized and utilized for mitigation and adaptation initiatives to succeed. Scientists and decision-makers can create targeted interventions to improve the planet's resilience and lessen the effects of climate change by identifying and utilizing these tipping points. Climate tipping points can also encourage and inspire group action. They provide concrete instances of how individual and group activities, such as reforestation programs, sustainable land management techniques and ecosystem restoration projects, can significantly contribute to the fight against climate change. The general public may take inspiration in carrying out sustainable behaviors or supporting laws that help effect positive change. Emphasizing these positive tipping points' potential advantages and ripple effects encourages individuals at all levels. While positive climate tipping points have great potential, it is important to recognize that our understanding of them is still developing. Further research is necessary. These tipping points require identification, monitoring and measurement, which demands continual study and scientific cooperation. Scientists use advanced modeling approaches and thorough data analysis to find potential positive tipping points across different ecosystems. Researchers are also looking into how positive and negative tipping points are connected. Scientists can create comprehensive plans to negotiate the intricacies of climate change and maximize beneficial results by thoroughly comprehending the relationships between these tipping points. Positive Climate Tipping Points Could Be a Game-Changer Positive climate tipping points demonstrate optimism in the fight against climate change. If people locate and utilize these tipping points, we may be able to develop self-reinforcing mechanisms that positively affect our planet's climate system. Scientists, decision-makers and people can take proactive measures in climate change prevention and adaptation by comprehending the significance of positive tipping points and their potential ramifications. The complexity of positive climate tipping points must be further understood through ongoing research and monitoring projects to successfully navigate the challenges of climate change and create a more resilient and sustainable future.

Could we get better nutrition from grass?

By EuroScience Office 24 Jul, 2023
The plant leaf protein RuBisCO is vital for photosynthesis, and is considered the most abundant protein on earth. Grasslands rich in this protein could provide high-quality and organic nutrition for cattle and people.

Why Are Scientists Concerned That We Keep Surpassing Record-High Temperatures?

By EuroScientist Editor 18 Jul, 2023
It’s no secret that the planet is getting warmer, but July 2023 saw record-high temperatures that really turned heads. 2023 is an El Niño year — in addition to human-caused climate change, the Earth is undergoing an expected cycle of exceptionally warm weather that occurs every few years. This double whammy has many people reaching for their water bottles and cranking up the AC. Why are scientists so worried about the heat?

How to Explain Hydrogen Fuel Cells to Consumers

By EuroScientist Editor 03 Jul, 2023
Hydrogen fuel cells have garnered a lot of attention recently. As the global conversation shifts to emissions-free energy, many people want to know how fuel cells work, whether they could replace internal combustion engines someday and if they can power homes. Here are answers to common questions about the technology.

An Uber for heat:: How a new platform can help industries reuse excess heat and meet decarbonisation goals

By EuroScientist Editor 28 Jun, 2023
The EU-funded project EMB3Rs has developed a heat and cold matching platform that determines the costs and benefits related to excess heat utilization routes for the industry and end users.
More Posts
Share by: