Securing Our Identity with Blockchain-based Credentialing
Imagine applying for an apartment: The rental agency or landlord usually wants proof that you can pay the rent. This proof, or credential, comes in the form of bank statements, past payments, or payslips.
In most of my applications, I’ve been requested to send an email with those attached documents to the landlord or agency. This process, however, has two problems:
The landlord reviews and potentially leaves these confidential documents in their email account or somewhere on their computers — I have no control over my confidential documents.
With minimal design skills, anyone can forge or fraudulently manipulate documents — the landlord can’t fully trust the information provided.
Self Sovereign Identity (SSI) uses the blockchain to provide a solution to these problems. If you’ve never heard of SSI, I recommend reading my article here. It’s a technology that allows users to keep ownership of their credentials, allowing them to share these credentials with organisations and institutions when required, ensuring people are in control of their data. The party requesting the credential can easily verify who issued it.
SSI can do more than improve the process of applying for an apartment. There are a ton of use cases, and businesses are starting to see the potential of using SSI technology. This is especially true in supply chains where whole ecosystems are based on trust. Something as simple as connecting two business partners, establishing trust and kicking off a business relationship could be done with SSI. IDunion is establishing a communication standard among European corporations. Master data management between businesses is a very important topic to increase efficiency in aligning corporate IT-Systems (Bosch has a nice breakdown of the process here).
In the Web3 space, we often talk about blockchain becoming mainstream and being used beyond just finance, but it hasn’t really happened yet. SSI could be that trojan horse, getting corporations to more widely use Web3 technology.
For corporations to start using SSI to connect to business partners would require certain pieces of infrastructure like the connection to a blockchain to issue credentials and wallets, which hold tokens and sign transactions. Once this is in place, nothing stops them from using smart contracts and paying each other with tokens. It could be this simple and boring technology that rolls out Web3 infrastructure within corporations, bringing us closer to a broad Web3 adoption.
The KILT protocol has just launched its own blockchain, specialising in supporting self-sovereign identity. KILT aims to provide the infrastructure for applications wanting to make use of this technology. The KILT protocol is built around the $KILT utility token (there are many other ways to implement SSI and I’ll get to that towards the end of this piece), the protocol does a great job explaining the basics:
https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2F0wTTNx9-AHQ%3Ffeature%3Doembed&display_name=YouTube&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D0wTTNx9-AHQ&image=https%3A%2F%2Fi.ytimg.com%2Fvi%2F0wTTNx9-AHQ%2Fhqdefault.jpg&key=a19fcc184b9711e1b4764040d3dc5c07&type=text%2Fhtml&schema=youtubeKILT protocol explained
The creation of a potentially self-sustaining ecosystem with the help of a utility token is worth exploring further.
KILT is a blockchain built within the Polkadot ecosystem. Polkadot, similar to Cosmos, has a development framework called substrate, enabling protocols to easily build their own blockchains and connecting them to others within the ecosystem (Polkadot calls them parachains). This makes it fairly easy to spin up something new.
Blockchains should really only store stuff that really needs a decentralised ledger. KILT stores three things on the blockchain:
Attestations of claims (credentials) is where a user creates a claim and requests someone to attest the claim. This creates a credential the user receives and holds in their wallet. The hash of this credential is stored on-chain.
Similarly, the hash of claim-type schemas (or CTYPES) is stored on-chain. This is metadata describing how a claim is defined.
Of course, all transactions of the KILT token are also stored here.
Like SSI, KILT has three main roles as described in the diagram below:
KILT protocol roles
Claimers are users or organisations claiming certain properties about themselves (e.g. i have a driver’s license, we have a carbon footprint of 0, …). A claim is not yet attested. Once attested, it is called a credential. As shown in the image above, a renter can claim to have sufficient income to pay the monthly rent and can request attestation from his bank.
The claim then needs to be checked by an attester. The attester, paid by the claimer, then attests the claim and signs it. A hash of the credential is stored on the KILT blockchain. Anyone can be an attester, since the verifier decides if the attestation is trustworthy and will thus direct claimers to certain attesters. A renter might know that the landlord trusts his bank, so a credential from the bank is a good document to prove his monthly income.
Verifiers receive credentials (attested claims), check who the attested claim was signed by (the attester), and then decide if they trust this attester. The verification of a claim is really based on the trust between the verifier and attester. In the image above, the landlord trusts the bank and can thus verify the renters credential.
The KILT team has some interesting concepts on how attesters can delegate attestation to others and with that build whole hierarchies of trust (this whitepaper goes into the details). They call it trust market economies (the image below shows the basic dynamics).
KILT protocol trust market economies
The idea is based on the monetisation of trust with which attesters can build business models around the attestation of claims. Essentially a credential will only be worth paying for if the verifier trusts the attester, e.g., if a landlord won’t accept an attested document for a KYC-check, a claimer is unlikely to pay for it. This brings it down to the reputation of an attester. Reputation can come from external sources, such as a government institution, or from within the KILT network, like the number of verifiers accepting credentials from the attester. With a better reputation, an attester can start delegating trust to other attesters and collect a portion of the fee. Regardless of internal or external reputation, the reputation always is determined by the verifiers, who accept credentials.
This allows for sophisticated revenue models within the ecosystem and gives participants a great level of flexibility to utilise the $KILT token.
KILT protocol tokenomics
Within the ecosystem, the $KILT token is used for three things: (1) attestation payments, (2) infrastructure payments and (3) staking. The token can be classified as a utility/usage token, since it provides access to the attestation service (I’ve used this classification framework here).
I have published an interactive-full-screen-version here.
KILT Protocol Token Distribution
Distribution of total supply
50 million tokens are allocated to BOTLabs, the developers and maintainers of the protocol.
100 million are allocated to the community with different lockup and vesting periods. From the documents and on discord, I wasn’t able to find what community allocation means. I assume they are offered for sale publicly.
The remaining ~ 140 million will be minted and paid out to collators, delegators and the treasury via protocol inflation (starting at 6% annually, dropping quickly towards 0).
The treasury receives 10 million $KILT tokens from protocol emissions over the course of 5 years. After this, the treasury will collect 10% of the collator rewards.
Spending of treasury funds is based on governance (token holders can vote) and can be used for maintaining the protocol and providing grants (at the time of writing, the protocol has not been completely decentralised, but it is planned for the end of 2021).
KILT protocol runs its own blockchain and thus its main purpose is to maintain an immutable ledger of all credentials that have been issued.
The SDK (Software Development Kit) is a key part to drive adoption of the KILT protocol. It will help apps to use the features the KILT infrastructure provides.
In order to get a claim attested, a claimer needs to pay an attester (in $KILT or other tokens).
The credential (attested claim) can then be stored in the claimer’s SSI wallet from where the claimer can choose to present it to verifiers.
The attester receives tokens as a reward for the attestation of claims. The price for the attestation can be set by the attester. It has a price discovery based on reputation and demand for the attester and could potentially be free for government services.
Once a credential has been created, a hash of the credential is stored on the KILT blockchain to ensure the credential can’t be tampered with.
Writing to the blockchain includes paying transaction fees, which the attester can deduct from the fee collected for attestation. The transaction fee is used to pay blockchain collators for validating transactions.
Like with SSI, the attester can revoke a credential by adding a revocation to the revocation register.
A verifier may request a credential from a claimer (e.g., for KYC). The verifier will not actually store the document but will be given access to view it.
To truly verify the credential, the verifier needs to look up the hash of the credential on the KILT blockchain and compare it to the hash of the credential presented by the claimer. Only if the hashes match can the verifier be certain the credential hasn’t been tampered with.
Collators are like stakers. $KILT needs to be staked to validate blockchain transactions and receive an annual reward from the KILT protocol.
The reward is up to 10%, dropping over time and adjusted downwards based on the number of collators.
Delegators can delegate funds to stakers without assuming the role of a validator.
The reward is up to 8%, dropping over time and adjusted downwards based on the number of delegators.
While KILT might be one of the first open networks dedicated to self sovereign identity, it is only one of many initiatives in the broader SSI space. Most of the other initiatives do not have a token, which I consider an important factor in driving adoption, bringing attention to the space and attracting developers.
Without a token there is less incentive for developers to build features and applications, as they would require pay from somewhere else. A developer who holds the ecosystems tokens will have a much stronger incentive to improve the ecosystem as that might increase the value of the tokens.
For corporations interested in using SSI,their focus may actually be on how much they can save, in addition to any token price increases. KILT has some competition and if we want a fair comparison, it makes sense to look at open blockchains like Bitcoin and Ethereum instead of permissioned blockchains like Hyperledger Fabric.
The most important initiative is Sidetree, which describes how to utilize a second layer to deal with credentials and then batch them back to a layer one blockchain (like a rollup on Ethereum). Sidetree is a blockchain agnostic specification of how this works and implementations exist for Bitcoin (ION) and Ethereum (Element). Microsoft has contributed to the ION implementation and are probably planning to link this to their Azure Active Directory services which could lead to great adoption.
The question is, why do we need a specific chain to run SSI if we can simply utilize large popular chains like Bitcoin and Ethereum via Sidetree implementations? Unfortunately, I haven’t found a good answer to this from the KILT community.
The $KILT token just launched in November, and everything is still very early. The documents are quite confusing, the discord is pretty quiet, and the whitepaper doesn’t match the token paper. While quality of code is obviously more important than quality of documentation, this is something that should get some attention from the team.
I like the way KILT embeds their utility token deep into the functionality of the protocol. Every credential that is created requires $KILT, and with increasing adoption of the platform we should see more demand for the token. Generally, a token can be a great way to bring a community together, working on increasing SSI adoption. The fact that the SSI ecosystem doesn’t have a token yet is an opportunity for KILT.
No matter how the KILT protocol proceeds, it is another contributor to the Web3 trojan horse getting Web3 infrastructure into corporations.
Florian Strauf is a technical writer exploring and visualising the tokenomics of various Web3 projects. Interested in collaborating on tokenomics and discovering new protocols? Join the tokenomics discord channel.
BanklessDAO is an education and media engine dedicated to helping the individuals achieve financial independence.
This post does not contain financial advice, only educational information. By reading this article, you agree and affirm the above, as well as that you are not being solicited to make a financial decision, and that you in no way are receiving any fiduciary projection, promise, or tacit inference of your ability to achieve financial gains.