Introduction
Proving our identity is the backbone of modern life. Without it, we would be deprived of the right to travel to foreign countries, access the banking system or vote in an election. One criticism of the way that identities work (or don’t [1]) is that they are too centralized, leaving them open to exploitation of dictatorial regimes and abuses of power. Hence, one of the ideological primitives of web3 (or blockchain technology which will be used interchangeably) is to allow individuals to own their identity in a non-custodial way. However, at this stage of development there exists one major gap in the implementation of this idea: it is not possible to reliably prove ownership of one’s web3 addresses (public keys) in real life.
In this paper, a design will be proposed that fills this gap and could create an ecosystem of projects that use a reliable proof of identity to verify all sorts of permissions that individuals may have in the real world. However, this paper proposes a protocol making no assumptions about the scope of potential downstream applications. Some such applications may include but are not limited to composable mobility, token-gated physical access points to buildings or other venues, identity verification, proof of qualification for government benefits and any other use cases related to offline proof of ownership of blockchain assets.
Application
This protocol is designed to be agnostic towards the projects built on top of it and the blockchain that it is integrated on. Hence, it may be applied on any suitable blockchain and consists of only one component: a smart contract. This would then allow different projects to be built on top of the protocol by interacting with this smart contract from the web, by creating and modifying its variables, or from a mobile phone, by accessing the variables to verify a proof or display information. Finally, some method of verification of a proof would need to be implemented on a mobile phone, smart lock, electronic gate or the like.
The Regenerating Timestamped Signature Protocol
In order to prove ownership of an address that owns assets (“0x123…”), the owner of that address will create an entry in a smart contract that signifies that a different address (whose private key the prover also owns and which is akin to a burner address) - “0xabc…” - has permission to prove ownership of “0x123…”. In a suitable app, the prover can import the private key of the prover address and the app programatically generates a signature that contains the current timestamp, every 30 (or any arbitrarily small number of) seconds. This signature, together with the plaintext timestamp, will be compressed. This data may then be transferred using QR codes, NFC, Bluetooth, BLE or similar methods.
This proof can be verified as follows: first the timestamp and signed message are recovered and it is verified that the signature was created within the last 30 seconds. If this is the case, the verifying address (“0xabc”) is recovered and ownership of it is proven. Then, the smart contract is called to get all the addresses that “0xabc…” has permission to prove the ownership of. Hence, ownership of these addresses (in this case “0x123…”) has also been proven and custom verification logic may take place.
Design choices
Criteria
The protocol outlined above has been designed to fulfill several key criteria. It must
- prove ownership of a web3 address,
- not require the private key of that address to be present at the time of verification,
- be protected against replay attacks,
- not depend on a centralized database and
- be adaptable to change should the method of proving (i.e. the private key of the proving address) be compromised.
The following sections will develop the rationale behind these criteria.
The Traditional Way of Proving Identity
Today there is one almost ubiquitously adopted means of proving your identity to someone else: an identification card with an image of your face. A person or machine will compare the picture on the ID with the person handing it over and, if they match up, grant that person some set of permissions.
The Traditional Way Applied to Web3
This method of verification might be transposed onto a blockchain. Firstly, one is required to authenticate oneself as the owner of a certain wallet address (by signing a message) and then one can mint oneself an ID card with one’s picture on it. In the real world, one only needs to show that token to a verifier who will (if the token is valid and the person on the picture is the person showing the ID) be able to conclude that the owner of a given wallet address is standing before them. The second step is equivalent to the traditional way, with the blockchain acting as the database and the ownership of an NFT (or another bit of information) granting permission to access specific goods, services or otherwise.
Improvements on the Traditional Way
Indelibly publishing their face together with a reference to their entire financial (and social, etc) history onto a public blockchain does not seem to be desired by most people.
Instead, it is better to prove ownership of a web3 address in a different way. There is one simple way to do this: by signing a message. Hence, the first attempt at a solution could be drawn out as follows: when going to a venue, one scans a QR code with random plaintext which one signs using a mobile wallet. Then, one presents this signature to a ticket checker in the form of a QR code, letting them verify that they own the address that signed the message. This is good in some ways but bad in others, namely it is cumbersome to sign a new message every time that a person needs to authenticate themselves. And this assumes that they have the private key to an account that stores potentially valuable assets on their phone or that they carry around a hardware wallet.
A way to improve this original design is by pre-signing the message. Instead of being required to sign a random plaintext at a venue, a person may sign a message akin to “I am the owner of 0x123…” at home and just carry around that signature on their phone. This solves many problems but gives rise to a different, potentially devastating problem: replay attacks. If someone scans the signature or even screenshots it, they would be able to impersonate that person without their knowledge in a way that cannot be found out easily. That’s a problem if the scope of the interaction between web3 and the real world potentially extends to important activities such as voting in an election, opening a smart lock or accessing financial services.
This problem could be solved by using a company to vouch for the integrity of a signature. A person signs a message that is stored on the company’s database and timestamped. Additionally, it is encrypted with the company’s public key so that only they can decrypt it. This removes the possibility of a replay attack and allows users to invalidate and regenerate signatures, which is an immense improvement. Yet, once again this advance is diminished by the appearance of another, major flaw: this entire concept depends on a centralized entity that keeps your signatures without impersonating you and that keeps its private key safe so that no one else can exploit their protocol. In many ways is this a terrible idea and the exact opposite of the vision of web3.
So finally, having exhausted all of these other and more obvious solutions, we may start to design a protocol that combines the best of each step of its evolution: the proving message needs to be a signature that is timestamped. Thus, the idea may be initially expressed as an add-on to a mobile wallet that signs the current timestamp with one’s private key every thirty seconds. The verifier verifies this signature and that the timestamp is within the last 30 seconds and thus can be fairly certain that the person in front of them is the owner of a wallet address.
There remains one final problem: what if the assets are stored on a hardware wallet? Instead of proving ownership of an address directly, a person could prove that they own another address that is trusted by the former. In a way, this is very much akin to the Ethereum Name Service, but rather than rerouting a human-readable string to an Ethereum address, the contract will reroute a web3 address to another web3 address.
Example Use Case
One example use case of the Signet Protocol is opening the doors to a DAO office space. This permission may be granted to all members of the DAO i.e. those that hold its token. In order to facilitate this use case one might build a custom verification program that can run on an NFC-enabled smart lock. This verification program completes the signature verification process outlined above to verify ownership of an address. Then, it queries the contract of the DAO token to verify that the balance of the address is greater than 1 (or any other threshold). Only if this is the case, the door unlocks.
The DAO member would simply need to have installed an app on their phone that holds their proving addresses private keys and generates the regenerating signatures and uses HCE to emulate an NFC-enabled card that transmits the payload to the smart lock.
Conclusion
This paper has proposed an open standard for generating proofs of the ownership of a web3 address. The Signet Protocol aims to bridge the gap between blockchains and the real world by creating a foundation on which permission-verification systems can be built. Being agnostic towards the projects it enables, the protocol could function as the foundation of the next generation of dApps: those that create real world utility based on assets stored on-chain.
My goal is to implement this protocol on EVM chains in the first instance and on other chains later on. Further, I am currently developing Signet, both as the first project built on top of this standard and as an SDK that makes it easier for projects to use the Signet Protocol. If you want to stay up to date on further developments, join the discord. Click here to visit the Signet website.
Acknowledgements
Special thanks to Kyle Duffy, Josh Lavorini and Alex Groves for helping me with valuable feedback and helpful ideas.
Sources
[1] World Bank