What is decentralisation?

Decentralisation is one of the most popular terms being thrown around in the online community and is cementing itself as a buzzword of this decade. Traditionally, the trustworthiness of an organisation or a system can be proven by its track record, size, and scale. However, today’s view is that the conventional approach of establishing the day-in-day-out trustworthiness of such systems isn’t that secure.

What this means is that accountability and transparency are crucial in establishing trust. Corporate giants in the Internet world have been bombarded with controversies on a global scale for being responsible for swaths of user data being misappropriated by both public and private entities.

Decentralisation solves these issues by removing authority and accountability from a singular central entity and spreading it among several participants or stakeholders.

The blockchain approach to decentralised data was first widely introduced by Bitcoin, not only to address trust issues but reliability issues as well. This means that there isn’t a single point of access or accountability that can make the whole system go haywire. Instead, it is spread out so that if one stakeholder fails or goes offline, the workload is passed to other stakeholders to keep the entire system up and running with the least probability of failure.

How do decentralised identity wallets improve security?

Essentially, a decentralised identity wallet acts as a multi-level security system whereby a user can access goods or services by first proving their identities on a private level. Once private identity is established by legal means, the user is then issued a badge of their credentials, which does not disclose any personal information but can verify specific claims, i.e., the user’s age is over 21.

In this logic, the process is described by Anonyome Labs as such: users create a pair of keys–public and private–that are stored in their identity wallet. The public key, also known as the identifier, is stored tamper-proof in the ITF (identity trust fabric), which is checked against a legal database and is certified by the ITF software, also known as the digital identity wallet.

The certification record is saved as well for the purpose of being cross-examined by the service providers that the user is accessing. The private key is what makes this possible and is stored under the total security of the ITF software. This key is only pulled out to create the public key (identifier) or for any other purposes by the user.

This system allows users to manufacture their own digital identity as provided by their digital identity wallet applications of choice, such as Q-Wallet and remains secure in the user’s device. This allows the user to carry their identity with them wherever they go and freely replicate it to any of their other owned devices. Furthermore, this gives the user the control to delete the identity for any purpose, such as an untrustworthy website or compromised login credentials.

Under these circumstances, the user needs only to re-create a new identity to access products and services once again.

How do decentralised identities benefit users?

One of the many benefits of decentralised identity models is that users can easily enter peer-to-peer relationships with other users or applications with which they connect. Traditionally, a username and password are typically sent to remote applications when authenticating a user.

On the flip side, the decentralised identity model allows the identity owner and the remote application to securely exchange unique DIDs (decentralised identifiers) when forming a new relationship. These unique DIDs are secured with the parties entering the peer relationship for them to use during the encrypted operations.

Since these DIDs are privately hosted only between the two parties, no other external server can access their keys, allowing ironclad end-to-end encryption.

Aside from securing communications with end-to-end encryption methods, decentralised identities can validate and verify users’ identities through zero-knowledge proofs (ZKPs). This enables two parties to check assertions made about data points without divulging the data itself.

Under federated architectures, users can delegate their service providers to provide assertions to parties from which the user is availing of goods or services. One disadvantage of this traditional system is that users can provide false information about themselves to access certain perks.

Another is that disclosing personal data freely opens the door to being compromised by hackers or identity thieves. Both sides–service provider and user–are vulnerable under these circumstances and are simply hoping that they don’t get breached.

By utilising ZKPs, users can securely assert their identity without compromising their personal data. Through this method, users can present service providers with verified proofs of personal information, such as being above a certain age using verified credentials from government agencies, stored directly under the secure digital identity wallet in their own devices.

This method protects the privacy of users and prevents personally identifiable information from being leaked from any source since the specific data indicating the user’s age was never presented in the first place.

What are the challenges brought by decentralisation?

On the forefront, verified credentials are only as trustworthy as their issuing bodies and the initial identity verification process performed. How can users and service providers be genuinely secure with the credentials issued by verifiers?

With the late boom in digital wallets, how can multiple systems translate into real-world interoperability?

Over the previous decade, the world has seen several digital identity innovations with the blockchain and non-blockchain approach. A useful additional measure has been with the plethora of organisations providing the open authentication standard of operation for service providers and users to go by regarding multifactor authentication.

The OAuth family of standards on which OpenID Connect is based has also allowed more refined and more secure authorisation for third-party APIs to run by with the emphasis on user consent (and the option to withdraw).

One thing is for sure; the current landscape is showing signs of potential development to further enhance security, user accessibility, and ease of interoperability between service providers and systems to work across, which we here at Q-Servi are a firm believer in.

To learn more about how Q Services can help your organisation, get in touch via the contact form: