Voting and Identity

Hi everyone, this is Charles Hoskinson broadcasting live from warm, sunny Colorado. Today is April 30, 2024. I'm making a video about voting and identity. As some of there was a poll recently that the Cardano Foundation tweeted out, recommending people take a look at it. This poll is from Blockchain Life, which is hosting a conference in Dubai on April 15th to 16th.

There are a bunch of fields here, but because I'm blacklisted in the industry, they don’t even list me as an option to vote on. It would be one thing if I lost, but it’s another thing entirely when you’re not even allowed to talk about it. More importantly, if you take a look, there are no Cardano projects on here except for SingularityNET and MultiverseX. They are neck and neck, with 3,268 votes versus 3,365. A lot of times when these polls come out, you look for the regional context, and you notice that Luna PR, one of the best marketing agencies I’ve worked with, is based in Dubai.

That’s Nikita’s firm; she’s great, and I really enjoy working with them for Mina-related projects. They’ve put together a few things for us, and we were even featured on CNN in the region. This is a very Mina and Dubai-focused poll, so there are probably a lot of people in that region associated with MultiverseX. The reason I’m making this video is that there’s always a teachable moment whenever you see something like this. This is a great example of how we do things in the legacy world and why crypto exists—to get rid of these legacy systems and do it the right way.

There are kind of two glaring, well actually three glaring issues. The first glaring issue, in my personal opinion, is that in the design and structure of this polling, there’s no custom field where you can put your favorite project. This would allow for much more diversity in the options. It’s not really clear where they selected these people from to vote. More importantly, you have to sign in to vote, and there’s no notion of verification for the vote.

So, we go to the whiteboard. We’re in the identity business at IO, and actually, if you take a look at this right here, I have Hyperledger Labs' Open Enterprise Agent. The Open Enterprise Agent is a Talar Prism. We are in the identity game, and we’ve been building a standards-compliant framework to identify people. Many of about this from the Ethiopia days; this is what came out of that.

It’s an open-source project that is now part of Hyperledger, and this is the framework we use for all identity. It’s cross-blockchain but native to Cardano. Here’s a nice little schema of how Prism works. Many of about Prism, but in general, you have different roles: the issuer, the holder who holds credentials, and the verifier. In a physical sense, think about the physical world.

You have cards—like passports, driver’s licenses, and national ID cards. People are very used to having a national ID card. You have credit cards, health cards, and insurance cards. You are the holder of these cards, and they’ve been issued to you. Then, someone is going to verify them.

For example, let’s say you’re in the United States and you go to a bar to order a drink. You, Bob, and Alice are there. The bartender says, “Okay, you have to prove something.” What do you have to prove? You have to prove you’re over 21.

So, you reach into your wallet and show your driver’s license to Alice. Alice thinks about it for a moment and says, “Oh, that’s a legitimate license; I have verified it.” Alice is the verifier, you are the holder, and the issuer would be the state that issued that driver’s license. Alice knows that’s a credible institution, so the attestations made about that credential are fine. You could also use a passport, military ID, or national ID card, depending on the context.

We’d like to move to a world of a digital wallet where your digital ID wallet has all these representations. The nice thing about that is you can have as many as you want, and they can also be custom-built for different contexts. You can have all kinds of new properties with that custom ID. Once we move to this model, we typically represent these as having a DID and a DID Doc, which owns verifiable credentials. You can build your identity domain bespoke to the type of verifiers you deal with, gaining universality and portability.

There’s infinite scalability with these types of solutions. When you look at things like Atala, it’s really a framework to sort out how the issuance, holding, and verification of these credentials work. Moving from the physical to the digital world gives us a bunch of new properties that are amazing. For example, you can have different views based on context. You can have a work view and a personal view, each with different DIDs associated with them.

For different purposes, you can have different permissioning policies about where and when you can use those. For example, in the military, it’s common to have something called a CAC card, a common access card. This may be a multisig thing, so to use it, you need it dual-signed by not just you, but also by a third-party agency that is aware you’re using that particular credential. Your personal view, like your driver’s license, would be a digital version, and you can use that in the Alice-Bob relationship without causing any problems. We’re trying to move to this particular world because it gives you a lot more privacy, customization, and assurance.

When we take a look at this website and the poll they have, first off, do you really want to create an account just to participate in a poll? Not really. They want to create an account because it’s part of their suitability guidelines for voting, and they probably want some data to understand who’s interacting with them. This is a good trap to gather data for that particular conference. Now, if you have a digital wallet with verifiable credentials, you can open it and provide a series of proofs from that wallet.

You can provide whatever personally identifiable information they’re requesting, but exactly what they’re getting in the contract of use, in a fair and transparent way. If you cross that suitability threshold, congratulations, you are suitable to participate. Then you can vote, and you have results. What makes this interesting is that these proofs, ordinarily in the physical sense with a physical ID, only prove something to the verifier. However, in the digital sense, those proofs can be globalized, meaning that whenever someone requests something and says, “Hey, prove it,” you can generate all these different proofs, and everyone in the world could potentially see them.

This allows you to verify all participation. Why would you want to do this? If you’re publicly broadcasting this, the first concern people would have is bots and shills—people paid or connected to that project, which makes it not legitimate. If you can verify that everyone who participated in the voting meets some reasonable suitability thresholds, you can ensure it’s a fair vote. Of course, what “fair” means is contextual to each event and open for debate.

Some people may have a more restrictive definition, which most would agree with, but that would lead to low participation. Others may be less restrictive, gaining more voices but losing some legitimacy. The cool thing about building a digital wallet system with DIDs and a credential schema is that you can automate and scale this process to make everything a one-click or two-click experience. One click would be the proofs you sign; two clicks would be the proofs and the PII sharing, along with the terms and conditions. You can create a globally transparent network that proves everyone who participated is a real person and meets some fair guideline.

Suddenly, the voting process becomes fair. Now, why do I mention privacy? I mention privacy because part of proving is about the granularity of physical cards versus digital cards. At the physical level, you expose all the information on that card to the verifier. At the digital level, you can expose just one particular attribute.

We typically look at this from something called AnonCreds, which is another Hyperledger project. With AnonCreds, you can prove one thing without showing anything else. For example, what does Alice really need to know in this transaction? Is she asking where you live? No.

Is she asking for your exact age? No. Is she asking whether you’re an organ donor? No. Is she asking what your name is?

No. Alice is only asking for a Boolean: are you at or over the age of 21? Yes or no. That’s it—true or false. What an AnonCred allows you to do is generate a proof of an attribute, trusting the issuer’s diligence.

Once you have this capability at the attribute level, you can start doing some really interesting things. Here’s an example that all of you in the United States probably have dealt with: the TSA at airports. They have this concept of TSA Pre. You pay some money, and suddenly you’re “trusted.” This means instead of going through a body scanner, you go through a metal detector, and you can leave your laptop in the bag and keep your shoes on.

In the United States, we have people with top-secret clearances who have to take polygraphs administered by very scary people. They randomly get checked up on all the time, and it’s a brutal credential to have because they’re trusted with the nation’s top secrets—things like UFOs or nuclear secrets. In the physical world, we have this one credential, and you have TSA Pre, which means you’re “trusted.” However, it’s absurd that you could have a top-secret clearance without TSA Pre. From the perspective of airport security, we have to treat you like any person we’ve never met, putting you through the ringer.

On the other hand, you may be flying to a nuclear facility, handling America’s nuclear secrets. This is absurd when you think about trust circles. With AnonCreds, you can solve this. If you hold a top-secret clearance under this model, when TSA is determining which line you go in, you can show your digital wallet with an AnonCred. This proves the existence of a high-trust status with the U.

S. government, but the TSA agent won’t know the nature of that high trust. They’ll just know that this particular digital wallet is in a high trust category, allowing you to bypass TSA Pre. TSA Pre would be a digital card, your CAC card would be a digital card, and other credentials associated with high clearances would be there. You don’t want the TSA agent to know you have access to nuclear secrets; you just want them to know which line to put you in.

This paradigm allows us to design far more credible systems where we can definitively say there are no bots or shills, and it’s a fair vote. It can also solve real problems that everyone faces, like categorizing people without revealing sensitive information. This applies to medical credentials, academic credentials, and whistleblowing. I recently had a meeting with a big technology company—one of the employees, Mr. Smith, told me they can’t speak their mind because they’re afraid of retribution.

The technology we have here can issue a digital card to employees, allowing them to express their opinions anonymously. For example, someone could say they disagree with a decision made by the CEO, and while people would know it was someone inside the company, they wouldn’t know who it was. This capability allows for anonymous expression of opinions and can also facilitate polls where there are definitively no bots or shills. Let’s say you’re a cryptocurrency developer and you want to build the ultimate DEX. The government comes in and demands KYC, AML, and anti-terrorist financing compliance.

You’re just a humble DEX developer, but the government is upset. You can design your DEX so that when people enter and exit, funds require contingent settlement. You can have a signature of the money and a signed AnonCred for suitability, associated with KYC and AML standards. The settlement of the transaction would be compliant. You can algorithmically define this entire scheme, even having a set of whitelisted verifiers.

They can be the contingency for settlement. As long as they check the DAP and verify the existence of a KYC/AML file, the entire process is automated. From the user’s perspective, they have a digital wallet and a crypto wallet. They click a button to sign, just they would in a legacy DEX. The government is happy because everything is compliant.

Your whitelist doesn’t have to be jurisdiction-dependent. You could have users from the U.S., Russia, Iran, and so on. When you do your matching engine, you can have suitability guidelines for who can match with whom, ensuring that only U.

S. people match with non-OFAC sanctioned individuals. This allows you to segregate the order book according to jurisdictional considerations. The DAP is decentralized infrastructure, so it runs autonomously, with sets of whitelisted verifiers accordingly. We call this RVP, or Regulated Value Transfer Protocols.

It’s something we’re exploring with Midnight as a use case. It’s a great example of how you can take technology and build things compositionally. You take a wallet and digital ID, combine it with AnonCreds and other elements, and create a regulated DAP that is autonomous and decentralized, but with compliance in settlement. There’s always a throat to choke because there are whitelisted verifiers who get paid for that role. There’s a one-time issuer-holder relationship, but then you roll back a little bit.

It’s still the same concept: I create a DID, the DID creates a wallet, and we start filling it with ID cards issued by various entities—state entities, business entities, self-issued, and so on. Then you have a layer to prove properties of the attributes without revealing them. The same thing that allows Alice to feel comfortable serving you alcohol allows Jim to categorize you appropriately. It also allows Smith to whistleblow on his company and enables you to use a verified DEX or anything else. Imagine a stablecoin in the future, which we’ll call USDB—not to be confused with any other stablecoin.

USDB has built-in suitability guidelines and two user flows. If you’re non-U.S., it behaves just like Bitcoin; it can’t be frozen or reversed. When you withdraw after purchasing a stablecoin from the DEX, the address structure you withdraw into or the smart contract you withdraw into would be based on the credentials you’ve provided.

If you have legitimate credentials showing you’re not under U.S. jurisdiction, you get the crypto-friendly version. If you have credentials showing you are under U.S.

jurisdiction, you get the compliant version. From the user experience, it’s either smart contract one or smart contract two, but they spend the same way. The difference is that when the government comes, they can do a lot more to you with the compliant version than with the crypto-friendly version. This is an example of a new workflow, but the user experience for Alice or Bob is very much the same. This is where the world is going.

When we look at crypto in 2030, this whole framework is necessary. The cryptocurrencies that will win or lose are those that can support this or ignore it. I highly encourage you to look at the AAL Prism GitHub repo and also check out the documentation at docs.alis.io.

Familiarize yourself with it. Once we have a system like this, you’re in the driver’s seat regarding privacy and attestation verification. Paradoxically, the more identity you have, the more anonymity you gain. You move from a model where everything is public, like Bitcoin-style privacy, to a more Monero-style model where everything is private by default, but you have selective disclosure built into your transactions and interactions. When you interact with regulated infrastructure, it’s a two-way relationship instead of a one-way relationship.

Right now, federated identity providers require you to provide everything to them, and they decide what PII is relevant. Under this model, the verifier only has what is required for their business logic, ensuring a higher level of privacy. When you think about royalty management, data management, security tokens, supply chain, medical records, or any records of private significance, you need both sides. One half of the building block is the DID framework and all the emerging standards, which represent a vibrant, beautiful, rich industry. There’s a revolution in identity and verifiable credentials happening today.

The other side of the argument is computational privacy and private smart contracts, with many projects chasing that. Midnight is one of them. If you go to midnight.