September 6, 2016

Block Chain Meet Identity - Part 2

In my first installment, I laid out the notion of what Block Chain based identity could do for the human race. In this installment, I take it a bit easier on the esoteric and philosophical and focus on the kick ass technology that could make some things like that easier. But first - some primer.

I've alluded to PGP in previous posts. If you don't know what it is, there are lots of good articles on the web that describe it in agonizing technical and mathematical detail. For our purposes, let's just cover the basics of public/private key cryptography so you can grasp how the software I'm going to rave about below works. First let's start with two keys. These two keys are mathematically related, you can't have one without the other. One is called a public key - this is the one you give out - it's your 'proof' so to speak. I also have a private key, this is a secret (shhh!). If I give you my public key and a secret message that I encrypted and or signed with my private key, you can run some math on that stuff and decrypt it and verify that it came from me. That message can be anything, video, audio, text, cute cat pics, etc. If so much as one BIT of data changed in transit, it won't properly decrypt and you know it was tampered with or at the very least, not sent by me. Pretty cool, eh? Just one little problem - those public keys are REALLY long so they are impossible to remember, so people started using a fingerprint of those keys which are REALLY short so they are easier to remember. Just one problem with that - the smaller that fingerprint, the easier they are to forge - so they have to stay REALLY long. What to do? Enter two (of many) wicked cool technologies: Keybase and Blockstack.

Keybase ( is a solution that has two faces, it seems due to a change in strategy, but serves a couple of great purposes insofar as identity is concerned. The first, is a web based interface (read a real UX) for PGP based operations as well as public proofs and colleague tracking/certification. The second, which I'll talk about more in a future article, is a notion called the Keybase Filesystem which recently went open source. KBFS provides a local file system to machines backed by encryption and signatures for both private and shared files, without the need to go through encryption and signing yourself. Any file that exists within it is signed and encrypted to just yourself or just the person you are sharing with, identified by a separate folder. Again, more on that later as I want to focus on the identity piece today. By leveraging Keybase, one has a capability to create an identity, prove ones identity in a variety of public means and claim ownership over those constructs and have that complex REALLY big public key reduced to a simple username. This then allows traditional PGP based operations (sign, encrypt, validate, decrypt, etc) over common messages. It actually doesn't use the Block Chain but rather an internal database which has mathematical similarities to some of the things Block Chain provides. The overlay is pretty neat and is a really simple way to expose the masses to traditionally esoteric capabilities around security. In some ways, this concept begets the next concept.

The second, also way cool and totally Block Chain related is called Blockstack (, focuses less on the cryptography value of the identity (although it is certainly there) and more on the immutability of identity by leveraging the Block Chain to store a permanent transaction (or chain of transactions) that define a person in a common, internationally recognized schema. But wait there's more! Blockstack is also a mechanism that seeks to take the promise of the Block Chain (immutability of the ledger and the decentralized nature of the network) to other namespaces than just identity - one great example being DNS itself. DNS is by nature a centralized, easily compromised system of finding addresses on the internet. What Blockstack will provide is the same capabilities as DNS (resolving names and identifiers) and more, while providing the security and distributed capabilities of the Block Chain. The best part of Blockstack, however, is that the notion of the namespace is generic, meaning others can create namespaces that suite their needs, beyond ID and DNS which can store any kind of data and have their data be anchored to the Block Chain. The Blockstack team accomplishes this, not by attempting to store all of its data on the Block Chain, but rather anchoring hashes of the real data on the Block Chain and the data itself gets stored in a side chain or separate database. There's lots of technical reasons why this is good, suffice to say, the capability to store large amounts of data directly onto the Block Chain (in Blockstack's case, Bitcoin's Block Chain) is severely limited due to performance and scalability reasons.

In my next post, I'll dive into my next favorite use of Block Chain technology (and some ancillary related tech) - storage!