Zhang Yifeng, Wuzhen·China Banknote Block Chain Research Institute: Distributed Digital Identity is the entrance to the blockchain

On the afternoon of November 8, the “2019 World Blockchain Conference·Wuzhen” hosted by Babbitt continued. In the sub-forum “Technology changes the world: the underlying infrastructure of the blockchain”, the China Banknote Blockchain Technology Research Institute Chang Zhangyi published the keynote speech "Distributed Digital Identity – Building Blockchain Infrastructure".

Zhang Yifeng first shared his views on the alliance chain and the public chain. Zhang Yifeng believes that the public chain satisfies our utopian imagination and yearning for Internet free innovation. But the guest watched, today's public chain performance is still relatively low, the complete anonymity caused by the lack of supervision and the proliferation of illegal applications, resulting in the public chain is still free from the application of our real economy. Therefore, an open license chain or a public alliance chain is an important technical path to promote blockchain infrastructure construction, build industry and regional public blockchain platforms.

For distributed digital identity, Zhang Yifeng believes that it is another important infrastructure to promote the wider application of blockchain. One of the most important reasons for the blockchain to have yet to form large-scale applications and killer applications is the lack of a public infrastructure for digital identity. Zhang Yifeng believes that only after the establishment of the distributed digital identity system, the application of the blockchain can open up with the real-world business, complete the relevant applications with the real world, and build innovative applications based on the technical characteristics of the blockchain.


The following is the full text of the speech, Babbitt finishing:

Thanks to the invitation of Babbitt, once again came to the venue of the Wuzhen blockchain. This afternoon's sub-forum theme is called "blockchain infrastructure", and everyone has a different perspective on the infrastructure. I tried to talk about some of my views from the perspective of the next step in the application of blockchain.

The first point is about the construction of a public blockchain platform for industry and region. The overall situation of the development of the current blockchain application is very good, so the number of people attending the conference today is much more than last year. We also see new applications being continually being explored and beginning to land. But there is a problem. If we are still going to build a broken alliance chain and a fragmented alliance chain application, we will find several problems: 1. For the team that applies business innovation, its technology The threshold is still relatively high; 2. In fact, it also causes a large waste of resources; 3. It is not conducive to the aggregation effect of innovation.

We know that every type of innovation requires certain technologies to drive innovation. We look at the public chain. In the public chain, users and nodes can move in and out freely, and data can be shared and shared. So it seems that the public chain satisfies our utopian imagination and yearning for Internet free innovation. But objectively, today's public chain performance is still relatively low, complete anonymity caused by the lack of supervision and the proliferation of illegal applications, so today the public chain is still free from the application of our real economy. So this is my first point: At present, the open license chain or the public alliance chain, that is, the number of consensus nodes is restricted by the license chain model, to achieve the purpose of improving system performance, and on the other hand, access Nodes, open data access, to achieve the largest range of cross-institutional cross-application data and business collaboration, I think is an important technical path to promote blockchain infrastructure construction, construction industry and regional public blockchain platform. This is the first point I want to express before I speak.

The second point is to talk about digital identity, which is another important infrastructure that I believe is driving the wider use of blockchains. Today, the blockchain, in fact, has not yet formed a large-scale application, and has not seen the killer application. There are many reasons for this. I think one of the most important reasons is that the public infrastructure for digital identity has not yet been established, which has led to some potential applications that have gone through the path from 0 to 1 and then from 1 to 100. It is difficult to form a breakthrough. For more than a decade, we can see that the smart application of mobile phones is booming. Thanks to the improvement of the infrastructure of the mobile Internet, and the rise of blockchain applications in the next decade, it actually needs a public infrastructure such as digital identity. Perfection, the application of the blockchain and the actual individuals form a closer connection, which not only protects the privacy of the individual, but also enables the blockchain application to break through the dilemma of complete anonymity and illegal abuse. So digital identity, I want to talk about four points of understanding and understanding today.

First, the evolution of digital identity

From the first day of the birth of the Internet, there is only an IP address on the bottom of the Internet, and there is no model of account and identity, so the account and identity are completely dependent on the application layer of the Internet. And we know that blockchain starts with bitcoin, and nodes and accounts are two different object models. We see that the earliest digital identity model on the Internet is the account-and-password application account model. This mode is very simple and clear, so it is still the most widely used today, and it is also adapted to the initial environment of the Internet. But today, each of us needs to memorize and manage a large number of accounts, our email account, WeChat account, and office OA account.

Today, this model has had huge limitations. After that, we can see some giant applications, such as Facebook and WeChat, which have begun to open their identity systems and allow other applications to directly use Facebook or WeChat accounts to log in to their respective applications, forming what we now call the alliance identity model. Of course, we also know that the issue of identity authorization and personal privacy under this model has occurred from time to time.

When the application of identity advances further, for example, we want to vote on WeChat, the initiator of our vote today is difficult to review the voting process, and even we can’t even confirm the vote of the vote yourself. It has been truly recorded in the results of the vote, so this is what we saw another cryptography technology began to integrate into our digital identity system. The digital certificate based on the KPI system can construct the true expression, transmission and verification of the individual will of the digital identity corresponding subject.

So we are seeing the development of the next generation of digital identities, beginning to change towards some new features. Digital identity is no longer monopolized by the application party and the alliance. The management of digital identity is back to the subject and is managed by the subject itself, so we are sometimes called the autonomy identity (SSI). On the other hand, the body and the part in the digital identity, that is, the identifier of the subject we say and the attribute of the subject begin to decouple, the attributes of the subject form an independent verifiable voucher for a broader and user-controllable digital identity. Information interaction.

We see that the digital identity of the next generation must be distributed. In the real world, the two basic paradigms of concentration and distribution, centralization and decentralization have always coexisted and complemented each other. From a partial point of view, each of our identity proofs is issued by a centralized center, but from a global perspective, the identity of human society and the identity of the digital world are jointly provided by countless centers. So centralization and decentralization are in the field of digital identity, which is opposite but unified. In general, digital identity presents a distributed form that is more flexible and flattened. This is both a true reflection of the real world and more in line with the needs of the development and governance of the digital world.

Second, the distributed digital identity model

We see that in the real world, each of us has a different identity. In the unit you may be a manager. At home you are a husband, so a subject is multiple identities. However, multiple identities are often not mixed, so often we return home and still regard ourselves as a manager, so this is why many family tragedies begin.

In the distributed digital identity model, each of us can have different IDs. Each different ID corresponds to a different environment, a scenario, and a different identity under the application. These different digital identities belonging to the same person should be Individuals manage, maintain, and collect, and each digital identity is verified and used in the W3C model as verifiable credentials. This verifiable credential can be passed through Wi-Fi, via Bluetooth, via NFC, via a QR code, and trustedly verified.

The second point is to talk about the business model of distributed identity. In this business model, we usually have three roles: issuer, holder, and verifier. For example, we have a marathon event. The results of the marathon prove that the organizer of the event is the issuer of the certificate. Every player who is responsible for participating in the marathon is the holder of the certificate of achievement. He is responsible for applying, saving and Present the certificate of this achievement. And each of us can verify the credential to verify that the voucher was issued by the then issuer and verify the legal identity of the event organizer or the issuer through the identity registry on the blockchain.

In the previous identity system, the issuing party also needed to provide the online service of the certificate. Once the service was terminated, the validity of all the previously issued certificates no longer became verifiable. In the distributed digital identity model, all The validity of the issuance voucher no longer depends on whether the issuer still provides the service, so we also call this a semi-offline verification mode.

Third, let's look at the typical architecture of distributed digital identities. The bottom layer is the blockchain-based digital identity account registration layer, and the second layer is the proxy layer, which provides secure access services and message forwarding channels for each digital identity subject. This is a bit like our mobile communication. Base station. At the third level is the flow of verifiable credentials we just introduced, from issuer to holder to verifiable. At the top of this model is what we call the governance layer of distributed digital identity.

Third, distributed digital identity standards and password technology

From the perspective of protocol layering, the protocol layer of distributed digital identity can be basically divided into four layers: W3C has now defined a set of the world's only universal standardized machine-readable DID distributed digital identity identifier, and Verifiable Credentials The standard has standardized the data format and intersection of verifiable digital certificates, and has prepared conditions for the interconnection of future digital identities. The third is DID, which has been proposed for DIDAuth, which focuses on ways to resolve authentication control between different services. The fourth layer of DKMS is dedicated to building a trusted peer-to-peer secure communication link by managing the distributed key cycle.

Among the key cryptographic techniques of distributed digital identity, the most important is the design of anonymous credentials, which is a cryptographic technique based on zero-knowledge proof, so that the vouchers are no longer just a transparent channel in the process of voucher flow. The technique of anonymous credentials allows the holder to truly become the manager of the voucher, and can autonomously determine and select the content range, granularity and form of the disclosed voucher. For example, we need to show a certificate that is older than 18 years old. With anonymous credentials, we no longer need to over-disclose your birth date or even over-disclose all information about your ID card. As another example, we can use an anonymous voucher to present a voucher with a bank deposit of more than 500,000, without the need to provide the third party with the amount of your real deposit at the bank. So, this is an important value of the anonymous credentials we see in distributed digital identities.

Finally, a summary, only after the establishment of the distributed digital identity system, the application of the blockchain can open up with the real-world business, complete the relevant applications with the real world, and build the innovation with the help of the blockchain technology characteristics. application. In the era of mobile Internet, WeChat and Alipay have become the actual entrance for the Chinese to record this digital world. So in the new world of blockchain construction and evolution, we believe that distributed digital identity will be a real entry, and as long as the open agreement is followed, this portal will no longer be monopolized by a certain enterprise or institution. Through this portal, data can be managed and streamed and used around the owner (personal body) of the data. The value objects inferred on the blockchain can also be determined and transferred in an orderly manner. Therefore, identity, data and value are the three basic elements of the blockchain world, and distributed identity is the most important basis we believe.