Here’s a quick essay I did a while ago but didn’t publish. It starts to get really technical and slightly hard to follow near the end – you’ve been warned!
My thoughts on how to execute this type of system have changed, but I still think there’s a lot of good logic / ideas in the following:
A critical problem in cyberspace is knowing who you’re interacting with.
Currently, there’s no way to precisely determine the identity of a person in digital space.
Although there are some data points associated w/ a person’s digital identity, like social profiles, they can be changed, masked or dumped very easily.
What we need is a system to uniquely identify humans while also protecting against systemic cyber attacks.
The critical attack to defend against in this system is a sybil attack, where a bad actor is able to create multiple accounts and gain an unfair amount of influence on the system.
Biometrics are a potentially interesting way to solve this problem.
Every person has unique identifiers within their body, and these identifiers stay unchanged throughout their life.
For example, fingerprints remain constant throughout life. In over 140 years of fingerprint comparison worldwide, no two fingerprints have ever been found to be alike, not even those of identical twins.
There’s also no known way to replicate a retina. As far as anyone knows, the pattern of the blood vessels at the back of the eye is completely unique and stays the same for a lifetime.
These biometric systems work by analyzing a picture or scan of your human body and identifying key features like skin ridges and blood vessel location.
An algorithm turns your unique features into numerical strings which are then combined together into a single code that uniquely identifies a person – this is called a biometric template.
There are several types of biometric systems which may work for identity verification, but none are sophisticated enough on their own to defend from a sybil attack. Most biometric systems can be reverse engineered & hacked in some way.
That said, with a clever system, I believe we can stop a sybil attack using biometrics, and nullify any biometrics hacks by obfuscating sensitive information.
Decentralized, Global Login System:
1. The system would first ask for your name / address, and require that you don’t use a proxy.
2. You would then enter a 30+ character pass phrase.
3. Iris Scan using your webcam.
4. Fingerprint Scan using your webcam.
5. Create voice template from 25 common word pool.
6. If everything is unique, your account is created!
Creating an Account (Verification & Encryption):
To create a new account, the system would first ask for your name and address. It also requires that you not use a proxy, and you be at your registered residence when creating your account.
The first step is to validate that your name and address have a history together. If that passes, it takes your IP address and uses geolocation to verify that you’re currently at the verified address.
After your personal information is verified, it is deleted and a secure token is generated.
This token is “proof” that your name is attached to your address, and that you’re currently at that location.
A user would then choose a secure 30 character pass phrase, and write it down so they don’t forget it. This pass phrase acts like a brain wallet and is the first step in authenticating a login.
The user would scan their retina and fingerprint using their webcam.
The system would create a fingerprint & iris template, and run a query to see if any fingerprints or retinas with the same pattern already exist in the system. If there is an existing match, the new account cannot be created.
After successfully passing the biometric uniqueness check, the user would be prompted to setup a voice password. This is a collection of 25 random words.
Users would say these 25 words out loud, one at a time. Your microphone would record your voice pattern and create a unique template.
There are a few reason to have users say 25 words as opposed to a unique password. The first is that your voice template+token are stored on the block chain, and they’re not encrypted. We don’t want someone scraping the block chain for voice templates and then reverse engineering peoples voice passwords.
With a unique voice password someone could also overhear you when logging in, record it, and use that to get past the voice layer of security.
Using a pool of common words, each time you log-in you’d be presented with a different combination of the 25 words.
There are millions of permutations for the word combinations you could be presented at any given login, so unless a hacker has all the words recorded, they can never be certain they’ll have the right combination.
Even if a hacker were able to reverse engineer voice models from the voice_template data stored in block chain, they wouldn’t know which accounts the voice models were tied to, making it pretty useless.
After your voice_template+token are generated, your account is ready to be created.
Your “account” is an encrypted hash that’s stored publicly in the block chain.
This hash is a nested encryption algorithm which is a combination of your text password, your voice template, your fingerprint template and your iris template.
The basic equation to illustrate this encryption process would be:
(Password_SHA256 (Voice_template_token(Iris_template + Fingerprint_template))) = Your Account Hash.
What this means is we start by combining your iris and fingerprint template data and encrypt them using the token associated with your voice template.
This hash is then further encrypted by a SHA-256 key generated from your 30+ character password.
The resulting hash is stored publicly in the block chain. To people looking at the hashes, it means nothing. In reality, its storing a massive amount of information which can be accessed through various methods of biometric authentication & decryption.
How to Login (Decryption):
1. Enter Password.
2. Speak the combination of words that appear on the screen.
3. Scan Eye on Webcam.
4. Scan Fingerprint on Webcam.
Behind the scenes, a lot of things are happening to keep the system secure.
In order to login, we need to decrypt your account hash. First we take your 30+ character password which acts like a brain wallet and find the associated SHA-256 key.
This key is used to find & decrypt your main account hash into another encrypted hash, consisting of your fingerprint and iris templates encrypted w/ your voice template token.
The next step after entering your password would be to use your voice and say the combination of words that appear on the screen.
Your voice is then used to generate a template, and then the corresponding template+token are found in the block chain.
Once it finds the template, it uses the unique token associated with it to decrypt your fingerprint + iris hash. This decryption leaves you with a clean fingerprint template and iris template.
You then use your webcam to scan your finger and scan your iris. If your scans match the templates from the decrypted hashes, login access is granted.
The dynamics behind how all the information and hashes relate to each other is complicated, but for end users the system would be pretty simple and easy to use.
Ideally, the system would be built so that at any time, if a voting consensus is reached, the mode of biometric verification or identification could change.
This is important because if a flaw is found in retina scanning, we can flip over to palm scanning, facial scans, or even DNA if we have easy access to the hardware.
An important issue in building a system like this is to build it in a way that makes it easy for others to adopt it.
The first step is to open source the software so everyone knows what it does, and the community can help build it.
The second is to integrate ways for existing governments to utilize this software – work with them instead of against them.
By integrating a “choose your territory” option, users can designate themselves as part of a certain country. This would allow the US to potentially piggy back on this open source software and adopt it as their own voting system. This would be the first step in converting over to a new system.
Choosing a territory would require further authentication, like entering your SSN & scanning your passport.
If a user chooses not to associate with an existing territory, they would be listed as a sovereign individual.
Another way to boost early adoption is to utilize merge mining for distributed block chain validation.
A huge part of this system is having the distributed computing resources to validate everything thats happening across the network.
Merge mining is a concept where you piggy back on the algorithm of an existing system, and allow miners to validate your blockchain without any increased electricity cost or work for the miner.
For example, Bitcoin uses a SHA-256 encryption algorithm. Users who are mining bitcoins are essentially using computers to generate thousands of hashes per second hoping that one of the hashes is correct and decrypts the block.
Namecoin is another crypto currency which uses SHA-256, and can be merge mined with Bitcoin. What this means your computer takes the hashes you’re generating for the bitcoin block chain and also uses them to test the namecoin block chain. Since they’re using the same encryption algorithm, they are cross compatible. With merge mining, you’re getting 2 for 1, and it costs no more electricity or work to mine both at the same time.
Ideally, this proposed decentralized login / voting system would piggy back on the algorithm of the most popular crypto currency in order to quickly gain the computing resources necessary to validate the network.
If a down the line a new crypto currency algorithm begins to gain popularity over another, a vote could be proposed to switch the mining algorithm from SHA-256 to another algorithm.
Any thoughts? Would love to discuss.