Why Ethereum will revive digital identity

Digital identity, or self-sovereign identity, is a technology that uses asymmetric encryption technology to provide authentication for online transactions, and to ensure the integrity and non-repudiation of transactions. It is a prerequisite for several Internet activities, such as certificate issuance, private information transfer, and of course financial business.

The rise of online identity

Password or key

The idea of ​​”key as identity” has existed in the last century. However, digital identities were not widely accepted by ordinary users at the time. The main reason is undoubtedly that the use of this system is too complicated. How can non-technical personnel keep the private key in their hands conveniently and safely? They cannot do it.

As a result, when web 2.0 appeared, Internet companies needed to authenticate their users, and they decided to adopt an account password model instead of a public-private key pair model. When registering a new account, users create a password that they can remember, and the network company saves the password. Afterwards, they log in using a “brain to database” authentication method.

Security and Centralization Crisis

This simple model works, but it also brings a series of security issues. Because remembering multiple sets of passwords is tiring, users tend to reuse their passwords everywhere. If one of the service providers stores the user’s password in an insecure way (for example, no “salt”, use of an insecure hash function, etc.) and is compromised, then all other services will be in danger.

(Translator’s note, in cryptography, insert a specific string at any fixed position in the password, so that the hashed result does not match the hashed result of the original password. This process is called “salt” “. This treatment can add extra security.)

Why Ethereum will revive digital identity

OAuth

OAuth was invented to solve this problem. It allows small companies to rely on existing service providers. They do not need to run their own authentication server, but only need to delegate this part of the work to a third-party company whose user already has an account. Despite this, even giant companies like Facebook have been found to store passwords in plain text and be leaked. Not to mention centralization risks, many companies that adopt OAuth are affected by changing policies. Once a company is banned by an OAuth provider, the entire business will collapse.

The return of digital identity

Nowadays, people in this industry are beginning to discuss alternatives to the account-password model again. Solutions without passwords such as biometric, SMS, and OTP are feasible, but in terms of identity, key pairs still seem to be the ultimate goal. We believe that the blockchain, or Ethereum , will revive digital identity. The reasons are as follows:

Blockchain user-friendly cryptocurrency infrastructure

As mentioned earlier, usability is the primary issue based on key pair identity. It is unrealistic to require laymen to use a command-line tool to sign transactions. It is also very scary for them to be completely responsible for the preservation of keys when using a decentralized system.

Why Ethereum will revive digital identity

Commercial-grade wallet for storing private keys

People in the cryptocurrency field are already very familiar with all these concepts. As the tool matures, signing with a private key has never been easier.

Thanks to Dapp and Ethereum, more and more people have the first experience of owning a private key and using it to sign transactions. People have built a large number of browser extensions, mobile applications, and hardware devices to meet the growing demand. These easy-to-use tools are conducive to the popularization of digital identity, even if these tools are not built for it.

The state of the blockchain

Unlike password verification, public key encryption itself is stateless, which means that the validity of encrypted signatures is independent of the environment. However, in some advanced scenarios, digital identity still needs “state”. Many GPG users will interact with a (to some extent) centralized key server to register/replace/revoke their public keys. In general, we still need state to enrich the usability and expressiveness of digital identities.

(Translator’s Note: GPG is the abbreviation of GNU Privacy Guard, it is a free software alternative to the PGP encryption software suite that can be launched by the American software company Symantec)

Why Ethereum will revive digital identity

On-chain record of identity

Blockchain can perfectly meet the need to provide status for your identity. Different from using MIT servers to store key records, the distributed ledger of Ethereum has approximately 5000 copies in the world. All records are auditable, tamper-proof and economical finality. Projects like ENS are providing an on-chain registry for your identity. You can link overseas accounts and add metadata for your identity, all without permission.

Why Ethereum will revive digital identity

Account controlled by private key vs. account controlled by code

In addition, by using smart contracts to implement access control, your identity on Ethereum is programmable. You can add features such as multi-signature, social recovery, and even dead man’s switch to your root identity while maintaining the ease of daily use.

Digital identity + OAuth

Although we already have many users with private keys, we still don’t have a universal solution in terms of service providers to make digital identities adopted by more people. Fortunately, OAuth has been adopted by many vendors. Combining OAuth with key-based authentication, web2 companies can integrate digital identities in the way they are used to.

Eauth is an OAuth-compatible authentication service based on Ethereum. Integrators can seamlessly use digital identity as an option for OAuth without any knowledge of cryptography and web3 wallets. Although using OAuth usually means giving control to a third party, the identity authenticated by Eauth will always remain unmanaged.

Why Ethereum will revive digital identity

Users, wallets and web2 service providers communicate through Eauth

A roadmap to decentralization

There is no denying that web2+Ethereum login is not perfect for decentralization. The decentralized world should be completely free of permission and trustlessness, but most of the current network activities are still carried out on web2 servers. It is very likely that the web2 and web3 worlds will go side by side for a period of time. During this period, Eauth can become a bridge connecting the two worlds.

 

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/why-ethereum-will-revive-digital-identity/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-08-27 12:15
Next 2021-08-27 12:25

Related articles