I really appreciate dr. Smolenski’s extensive response to my blog post. Please allow me to reply to the issues she raises, and argue why I still believe the use of blockchain in identity management is (mostly) ridiculous.
- First let me apologise for misunderstanding how the tracking of credential verifications work, by assuming that they would be logged on the blockchain. However, if
“Learning Machine software tracks shares and verifications of certificates so that issuers can see analytics about how the credentials they have issued are being used”
this still creates a privacy nightmare that any reasonably privacy friendly credential system (like attribute based credentials) aims to avoid. I strongly believe that the issuer of a credential has no business knowing how and when its credentials are being used. A property nicely provided by the classic, paper based, credentials by the way.
-
My argument that the “blockchain adds a middleman” is not only based on the observation that a significant fee needs to be paid for adding the credential to the blockchain, but also on the observation that the same blockchain is an essential part in the verification process. (I did not in any way imply that using credentials issues as Blockcerts would cost money.) As I explain in detail in my blog post, this means this blockchain must remain in active use.
To be fair, Dr. Smolenski pointed this out during her presentation at the symposium, but dismissed any concerns about this based on a strong belief that Bitcoin (and its blockchain) is here to stay. Let’s just say I’m more sceptical about that. -
I do not believe that “Attribute-Based Credentials (ABC’s) are a better solution for anchoring data than blockchains”. I believe ABCs have superior privacy and availability properties over Blockcerts. This makes them the preferred way to implement self-sovereign identity.
I offered an alternative, local, implementation of the only real functionality offered by Blockcerts (namely the ability to record the order in which credentials were issued so an adversary cannot backdate credentials if he obtains the issuer’s private key). To be honest, I do not believe this backdating problem to be a serious problem in practice, as the current standard response is to revoke all credentials ever issued under the compromised key. Having a proper signing key hierarchy, with a strongly protected root key which is long lived and which signs short lived keys that sign the actual credentials, ensures that the number of credentials to revoke in this case is small.
-
Blockcerts do not have the same advantages that ABCs have. Blockcerts are linkable. ABCs are unlinkable. And selective disclosure (in the context of ABCs) means that the owner of a single ABC can decide to reveal only a subset of the attributes in that single credential. This is something different than the ability to select a subset of full credentials to show. For ‘ordinary’ credentials this distinction is merely semantic (one could just 'issue credentials that contain a single attribute), but for unlinkable credentials (like ABCs) selective disclosure is an important property. If credentials are unlinkable it actually requires a bit more work to prove that two different credentials belong to the same person, which is necessary to prove statements like “I am Dutch and have a CS degree” that contain more than one attribute. Selective disclosure makes this process more efficient.
-
I am happy to see we at least agree on the “semantic” problem with credentials (not blockchains).
-
Credential binding is a hard problem that is not solved with the Blockcerts wallet (just as it is not solved for ABCs by having them stored on a smartcard or in a ABC Wallet on a smartphone). The problem is that whoever controls the smartcard or smartphone controls the credentials stored within them. Additional protection with say a PIN code does not work, as this PIN code can be observed or even given away (in cases where the credential owner is happy to share his or her credentials with a friend). This is in no way a critique of Blockcerts. It’s a general problem, caused by the fact that the interface between the physical and virtual world is weak, unclear, and therefore hard to secure.
P.S.: My last name is spelled Hoepman. But this is a mistake even many fellow Dutch people make