Video - Bitcoin 101 - idchains - Part 1 - The Basics Of A Bitcoin-Based Global Identity System
In this video James D'Angelo presents the problem, design goals and the first steps of implementation with the technology. Future videos will dive deeper into the philosophy, logic, use cases, implementations as well as providing more robust solutions for the technology, incorporating opcode return, merkle roots and merkle trees, etc.
TRANSCRIPT
Hello! This is James D'Angelo. And welcome to the Bitcoin 101 blackboard series. Today we are going to be stepping into the kiddie pool. Not the deep end but the kiddie pool of identity. It's a really rich concept, got a lot of players doing fantastic stuff in the space. But what we're hoping to do today is introduced just really a basic Lego block for identity. Something very, very simple that could be used for even massive and very secure identity schemes. And what I'm hoping is that this idea is. So simple and so cost-effective that everyone on earth could use this system if they choose to.
I've given this idea a little name it's called idchains and today we are just covering the ultra-basics of the idea. And if you've been anywhere close to Bitcoin or a number of other industries where there's been lots of identity theft or identity concerns or this concerns with AML/KYC, you know that 2015 there's been a lot of talk about identity and solving these identity problems which many people think is absolutely impossible and cannot be solved. And I was one of those people even just a few months ago but I've started to see the way to turn the corner. But digital identities a very big deal especially if we're looking to solve problems for the other six billion.
Before we jump into the actual code and implementation we're just going to run through a quick laundry list of some of the features, goals, concerns, etcetera which will all be covered in more detail in future videos. So if you're building an identity system, some nice and novel goals or features might include zero cost to the individual. I mean absolute zero cost. I've never really liked this idea that you need private keys or passwords. So it will be really great to have a system that didn't require any of that. And I kind of call it the naked man idea, which is can I walk in naked, confused, not remembering anything to my local bank and perhaps walk out with cash. Well, it turns out that I probably could because there's an identity system there. They know me and they would be concerned and they'd be happy to help in that situation. Can we build a system that can be that robust?
Another nice thing would be is if it is decentralized and open source from top to bottom. And if we're going to convince governments, etcetera to start using it it's got to be far superior than the methods that we currently have. So can we make something a thousand times better than a passport, thousand times less expensive and a thousand times more secure. And wouldn't it be great if we can make an ID scheme then no one can steal. We hear a lot about identity theft, private key theft, funds being stolen, etcetera. Can we make something that's absolutely impossible to be stolen or gained?
And again, it's really important if you can make it user control because John Clippinger says, he who enrolls controls. So Facebook enrolls you and then they get to control your data and you can only control how you order and organize your data in a very limited fashion. Can we flip that entirely? Can you be the one entering and control how your data is presented to the world? Can we build a system that allows for folks to be fully anonymous? Can we verify identity say at a border check in Busia, Kenya going into Uganda where perhaps there might not be cell service or internet service at the time? Wouldn't it be great if it could work in that situation and would it be great if people can maintain their identity with super sporadic internet talking maybe even once or twice a year internet access?
Further, if big governments are going to start investing into an identity schemem, they don't want to take a chance on Bitcoin. They want to be able to invest in a system that's going to be secure even if Bitcoin goes to pot tomorrow. And well, the last one we kind of mentioned up here but is there a way that a user can control and privatize their data. And really the best way to privatize your data is to never have to put it online. Can we build a system that allows for that as well? So it's really important to realize that the identity schemes we use were actually really bad identity schemes. Most of them only work in the developed world because they're sitting on top of a massive amount of government infrastructure, a lot of policing, a lot of laws.
So when you're bank ask to confirm your identity by asking your mother's maiden name that's going to be one of the stupidest, cheapest and most suspect identity schemes ever made. This is not robust. This type of thing is not going to work where there is not a lot of government infrastructure. So we've got a problem here right. We can't use a lot of the traditional methods that were used to -- especially, if we don't want private keys, passwords and all this complex stuff that needs to be remembered or could get stolen. So we need a new way to look and establish identity in a decentralized fashion and strangely one of the oldest ways turns out to be one of the best. So your face is indeed a great form of identity. And we're going to focus really hard on using the face as a novel way to get around needing private keys and passwords. And I really do think that the combination of facial identity and Bitcoin can solve all of the design requirements we just went through. And I'm not going to go into this in full detail, save that for another video. But since it's so essential to this idea I'm going to run through some of the main concepts.
So as we all know wherever you go these days people are shooting video, there's cameras, everything's being recorded all the time. So in essence we have to ask ourselves, can we accept the foregone conclusion that our face is captured everywhere we go and use that to our advantage. And there's some real advantages here because facial identity works great online. So you can see someone and talk to them and verify who someone is through a Skype video phone call which is impossible to fake and cost next to nothing. And again, remote authentication is really the biggest problem of a DNA scheme outside the fact that it's very expensive and also slightly intrusive and fingerprints and biometrics also suffer a little bit from the same problem.
And so if we establish face as the central point of identity. Well, then if anyone was to hack they would also have to be your doppelganger. So now we've limited the amount of hackers to people who look exactly like you which is pretty limited. And another great thing about using the face is that humans really have a supercomputer like ability to recognize faces. So we'll trust our analysis which is something we're not likely to do with DNA, fingerprints or biometrics and we'll respond better to a face base identity scheme because we'll see how it works. We'll actually be able to see the faces there and be convinced whether it's working or not. And this doesn't preclude the ability to use computers because computers are also very, very good at recognizing faces, which is great because it also allows for computers to automate some of the process. If you're starting to do millions and millions of people and you're talking about low value amounts that are being transferred or refugee situations and your scanning video, computers can do a very good job. It's starting to collect some of the basic information that you might need to solve those situations. And as we'll see later even though we're using face it's something that can be done anonymously and it can't be done without putting your actual photo or your face online.
As I said earlier the face plus the blockchain makes a really provocative solution and it also makes it more bus for the user of the system because if you get identity verification or authentication from a government or a business that goes out of business or becomes corrupt well, in the old world you're just kind of screwed. They can mess with your identity scheme and. So centralized authentication schemes have the problem, the ability to change things and a little bit of lack of trust. So it's important to realize when you see how this works that a YouTube thumbs up can be removed but a blockchain one cannot no matter how hard you try. No matter how much you pay you can't remove something that happened in the past on the blockchain. So if you built your reputation and your identity and your very proud of it no one can take that away from you. That will be there permanently.
So I made a quick list on who might need identity. Well, clearly companies like to build identity systems, governments like to build identity systems but I did this idea called snow caps for decentralized resource management and the key problem with that is that there's no global identity scheme to prevent a single individual from signing on and acting like he is a million-different people and receiving the benefits of those millions of people. The same problems happen in India now where single corrupt individuals are taking the welfare checks for thousands of people.
This problem can be multiplied thousands or millions of times in the decentralized world. So it's really important if we think we can solve climate change using some form of decentralized resource management to solve this problem of identity. But most importantly are the disenfranchised and forgotten billions whose countries aren't even really establishing any identity for them and these have enormous costs. You have children who cannot go to school because they don't even have a birth certificate. But further people in other countries who might want to start an honest and reliable business are hurt by AML/KYC laws because their government isn't playing game with the developed countries, etcetera.
So their ability to run an honest business in their country is limited and they are hurt by corruption, borders, theft and the biggest problems are to the world if they're trying to start an international business that they are completely anonymous sitting under an infrastructure, a government that is not supporting them at all. So these are folks who would really embrace some form of reliable international identity system which allows them to invest and build their identity and to be able to constantly improve the quality of their reputation. So clearly any time you propose a system that might be global and involves sensitive information for a lot of people you have lots of concerns and possible unintended consequences. And identity in particular is a very, very slippery topic and. So it's really important to realize that no identity system, no matter how well it's contrived is never going to be perfect or entirely free from costs. Even though the user might be able to use it free from cost it's still going to have an expense inherently built in the system.
I believe that a lot of these expenses might be eaten up by companies who are really happy to build these identity schemes or NGO's who are willing to help out in the developing world but there's no question there's going to be a cost, a real human and technological cost. And it's important to realize that you can't take someone who's never had identity and suddenly give him a shining identity. Identity is a process. So there's no way to provide perfect ID immediately for the kids from Slumdog Millionaire who had no birth certificate, who had lost their parents and we're now just running wild in the Indian countryside. You can't have them arrive on day one and build a shining identity scheme for them.
These are just real problems that will always exist no matter what scheme used. And here we're just talking about the possible and intended consequences of big ideas which applies to marks which could even apply to Bitcoin itself and then we get sort of the big question that's swirling about right now about identity, sort of this whole idea of Facebook and Twitter versus Big Brother. Right now we see. So many individuals pouring everything about themselves online and then there's sort of this built-in ingrained terror of being recorded and watched all the time and being monitored. This is an eternal discussion. This is never going to be solved by any scheme but certainly after watching the rise of Facebook and Twitter and other companies it appears we might be over selling the problems and concerns of building a global identity system.
Certainly, we don't have to look too far to see people who've got enormous lack of anonymity but have enjoyed the success that that nimiety gave them. So there's a branding power of identity that is often an essential ingredient for success and we'd like to at least offer that to other individuals in the world who might want to build the same type of thing as maybe Oprah has built or any other famous person. So let's not pretend I've covered this topic perfectly. You've heard some philosophy, we've introduced this idea of using the face as the central point of our identity scheming and we started look at the problems and concerns of identity. It's an enormous topic.
You could do a PhD on identity and if it's a topic that interests you I certainly recommend going around and reading and learning as much as you can and one of my favorite people in the space is Chris Ellis out of London and he's done a beautiful talk with Andreas about the philosophy of identity, highly worth listening to and I'm intending to do more on this topic. So I'm going to cover more philosophy tech use cases concerns and other cool stuff. So that said let's jump in and see how this little idchain system that I'm proposing might work.
So if you want to follow along there's going to be links below in the description of the YouTube video and this first link right here it's just a link to a photo that I've posted online. So it's a jpeg photo that's sitting right there on my website. And if you go to this like boom! you'll get that photo. The other link is a zip file containing the necessary 2.7 Python Code to run the algorithms that we'll need to build the system but here's all the code right here. So it's a tiny amount of code and this is all off the shelf code. I really didn't write any of this I just put it together. So you're talking basically just a hashing function, SHA-256 with the ability to turn a Bitcoin private key into a public address. So you can build it yourself or you could just download it right here.
A couple notes on the photo. So the photo doesn't have to be a single photo. It could be a folder of photos. It could be a collection of a thousand photos. It could be a video. It could be any image or collection of images of yourself and it doesn't necessarily need to be on a public website like my photo is right here. You could store these photos on a USB Drive put them on thousands of sites publicly or you could email it to yourself or your friends. So you have many copies of it. So you aren't worried about losing it. You can store it and use it in the system however you like. And again, here's the code. It's a standard code but you see that right here it goes into the website and grabs this photo, calls it photophoto, runs a quick hash of that file, a SHA-256 which as we know is legitimate Bitcoin private key that no one's ever seen before on earth and then it turns that through this function right here, Eddy into a Bitcoin public address.
So just to see this working I've brought up my code right here in sublime text and we're going to retrieve the contents of this URL which is where my photo resides and we're going to slap it into photo-photo.jpg and down here we're going to take photophoto.jpg. We're going to hash that and we're going to print that out. That's our private key. Then we're going to take PK or private key and we're going to determine the public address for that using all these functions up here.
So all we have to do is run that and you'll see how quick this works. And really if you put any photo you want into this folder you just got to put the name of the photo right here and it will hash it and find the private key of that photo. So as long as you put the name of the photo, my new funny photo, right here and put it in the same folder as the software it will find the private key and public key associated with that photo or a full collection of photos, an mp3, whatever you want and it will find the unique private key and public address for that file. So that's the code. It's really simple code but I definitely want you to think about this line right here. Number 29 as it's going to number 30.
So all we've done is we've taken a photo, we jammed it into a hash function and we've spit out a private key that's unique to that photo that no one on earth has ever seen before unless you've run that photo through the SHA-256 before. So it's really interesting to think about that this photo itself can be considered a private key. Well, it's clearly not that private especially if I've stuck mine online but Bitcoin doesn't know that nor does it care. So in Bitcoin terminology that photo hashed becomes a valid private key and the private key of that photo that I have online is right here, 89088 whatever.
And then you stuff that private key into any wallet or you just run it through my code and you will end up with a Bitcoin public address. So now this is the public address that's unique to this photo. It will be the only photo on earth that has this public address and therefore I could legitimately show that I've had knowledge of this photo if I'm the one who's accessing this public address because these are unique one to one relationship between this photo and only this photo and this Bitcoin public address. And because it has a public address you can slap that address into blockchain.info and it will spit you out a QR code. So your photo even has a unique QR code. So no other photo on earth has the same public address private key, remember it's not that private because you put your photo online or QR code. Not even this new photo.
So what I've done is I've taken the same photo right and I've adjusted one pixel right here. So right here kind of underneath my lip. You can see where I kind of made it lighter right there. And I've put that photo also online myfacenot.jpg. That photo even though I changed only one pixel ends up with a completely different set of keys, public address and private key and a completely different QR code. So here's my old public address and here's the new public address. Change even just one pixel and you get a completely different public address, very important. So let's take this new knowledge and let's head down to Target. Target, I use because they've been the victim of some serious identity theft that cost them millions and millions of dollars. So we're going to head down to Target with a bunch of regular old-fashioned ID's.
We're going to bring some copy of the photo, perhaps on a USB Drive or we can just stuff it online and what they're going to do is they're going to go through the passports and all my ID's. They're going to look at this photo, they're going to look at me and they're going to determine if indeed this photo corresponds to me and these ID's. And if they do, they agree it's all the same and they confirmed that the hash of our photo is correct. They can now send a tiny Bitcoin transaction to the photo. I believe the smallest you can send right now is 55 Satoshi,. So that's approximately equal to 2 cents or less. So they send a tiny 2 cent transaction to the photo.
What do you mean to the photo? Well, they sent it to this QR code right here to this public address right here and they can do it from their identity confirmation address. So it's just a public address that they have control of that they can send funds from and if they're participating in this identity scheme (Inaudible 0:16:57) just post that address online. So anytime they verified someone's address they just send a little transaction from this address to the photos address. And blammo! They've now authorized that photo. They publicly stated that Target accepts a particular photo, this photo may or may not even be online. But they're accepting this photo or even a collection of a thousand photos or a video to be a valid form of ID.
Now this ID might only work in Target but that's okay. We're just building the basic building blocks today, ultra-ultra basic building blocks and. So to fully see this in action well, let's pretend we're Target over here and here's me, you know, I'm trying to get my ID confirmed. I'm showing them my ID and probably brought my passports and other stuff. And I'm showing it to this woman here over at Target to establish my identity and you're probably going well, that's not me. So let's stick my face there and let's do this transaction right now. We can actually put this on the blockchain. So all I have to do is pretend that I am Target because I've got access to this address and send a transaction to this address.
So let's do that. So now here I am inside of Targets Bitcoin core wallet where they're going to authorize the identity from and the first thing that I'm going to want to do is I want to paste the public address of my photo right here. So it's the same address that we saw before. And you also want to make sure that in your preferences for the Bitcoin core you've got the enable coin control features right here because if you have more than one wallet or one address inside your core wallet you might not be able to control where you send the coins from. So let's cancel out our preferences and here we're going to say inputs. So we're going to actually be able to choose where we want to send from and here's the target address that we talked about before. It's really our address. We're pretending to be target and we'll select one of these.
Well, make sure that the coins that we send come from this public address so it leaves that stamp on the blockchain that we want and of course there's lots more sophisticated ways to do this. One is using the opcode return but we're doing the most simple, simple fashion right here. And we're going to say okay. I'm going to stick my donation address right here for the change to come back and. Right here I'm going to put in the smallest amount that I can send which is 550 Satoshi's and we see that the wallets calculated the fee. It's calculated the change and we're ready to authorize or Target is ready to authorize that photo, say that they verified that ID and we press send. Are you sure you want to send, well, it's been added as transaction fees. Yes, yes. And you've got to admire Bitcoin core wallets.
Your transactions been sent messages isn't even there. But that has likely been sent and in order to check that we'll head over to our favorite little blockchain.info and we'll put the public address of our photo right here and see if it's received any transactions at all. And there it is. But the most important thing is we see who it's from, which is target confirming that they have verified this photo and this identity. And so there it is. And someone will likely grab these two cents out of this wallet when they see this video but what's important here is we now have a verified transaction from Target which is this address and by sending even just two cents from their identity confirmation address they've confirmed that they saw my photo, which is right here.
And so they've confirmed that I brought in my passport, my credit cards and everything and they've looked through them and they've gone yes, this guy is who he says he is and this photo is really him. And so it's important to consider have I started to build a Lego building block for rock star identification because you have to think about this possibility. The next time I go into target do I need to have any ID. Do I even need to have cash or a credit card? Can there be an arrangement whereby I've set up everything, an arrangement with them based on my face. So I walk up to the register, they've all got screens there, the woman pulls up my face which has now been authorized by Target, looks at me and goes do you agree to the sale? Yes. Will they assume the risk for purchases for something like that for under $10.
I think it's possible and certainly we can see adding extra layers of complexity to this but it's not clear that we need extra layers of complexity. And just as a reminder this whole process could be accomplished without putting the photo in a public space. So I could show up to Target with my photo on a USB stick. Okay. There will be some complication, we'll figure out how to hash it and making sure that it's not public or that they don't get access to that photo. But I think there is schemes that we can arrange so that this can be more anonymous than we might think at first blush. And certainly, if I just wanted to make sure I have access to that photo at all times I could just email to myself. So it's always in my email, when I show up at Target, we lost the photo. Here is the photo. Boom! You see it on the blockchain.
They don't even need to keep a database. Blockchain holds all the data form, shows all the authorized transactions. I show the photo, she sees me. We see that transaction happen on the blockchain. Target's authorized this guy already. So yeah, the anonymous freaks will probably want to do it in a skiff somewhere and there might be arrangements to do that but I think most people might find that this is an identity improvement based on the schemes that we currently have that can be stolen, etcetera. And as I said before more than one photo can be hash, you can take all these photos. You could even just take a jpeg of this, create a hash of that and have target sign that. So they're now got many views of you which is already much better than a passport. All right. If I put in 17 photos, current photos of me, that's much better than a tiny little passport photo & where maybe I haven't shaved in a week or something like that. So you can see the change there already. You can make a much more robust system than passports currently are and you can see how this might not be able to be stolen and it requires you to remember nothing.
So we've just dipped our toe into the kitty pool of this topic and we're going to move forward with it in other videos and this might seem so simple. But it's just a Lego block. You can build so much more with this idea. You can add a little bit more intricate technology through Bitcoin, especially, the opcode return which allows for different types of authorization. There's so much more philosophy that needs to be discussed. A lot of people are going to hate. Identity schemes in general they are going to hate the idea of using the face but I think there are really good defenses for most of these decisions that I made and there's also more use cases in control. We're going to do in next videos and adding even proof of location. So stay tuned and I hope you enjoyed the video.
Please remember to like, comment, subscribe, do whatever it is you do and we'll catch you at the next video.