A blockchain-based identity method for signing and settling financial transactions.
Marshall Hayner and Fred Krueger
Note: This WhitePaper forms the basis for a new blockchain co-developed by Metal and Lynx. This intellectual property is patent pending.
Consider when you use a credit card to shop online. In order to settle the transaction, you need to pass the merchant your name, address, credit or debit card number, expiration date, and verification code. This can be
summarized as one string of letters, passed from one computer to another:
2121 6711 7221 4190 EXP: 12/24 CCV: 871
John Smith. 123 Main Street. AnyTown, USA 90516
This string of (in this case) 87 characters is then passed to a series of intermediaries, checked for fraud, and then resulting in funds leaving your bank account (for a debit card) and being sent to the receiving bank account.
If you stop and think about this, this is a highly insecure method of moving funds. If a piece of malware is installed on your computer, it can simply grab these 87 characters and transmit them back to the dark web for sale by criminals. This is not hypothetical. In fact, sales of stolen credit cards have tripled in the last 12 months alone.
How can we use Blockchain and Cryptography to fight this?
Well, suppose that instead of paying with a string of 87 characters as in the example above, you just paid with your unique username
The concept of these unique usernames is now prevalent on many internet platforms. The cleanest example is Twitter. Jack Dorsey, the founder of Twitter is “@jack”. Our own twitter usernames are “@dotkrueger” and “@MarshallHayner”. These names are completely unique on the system, and can even have a blue checkmark to indicate that Twitter is attesting that the “@name” is real. A prominent example is “@kimkardashian”, the user name of Kim Kardashian West, the celebrity.
Now assume you had a username on a global payments network. Instead of identifying your tweets, this username identified you to all participating banks, credit card processors, identity verifiers, and consumer wallets, such as Square, Venmo or our own MetalPay.
Now, you will simply “pay with your name”. When you do, you will get an alert on your wallet, securely verify the transaction (only you have your wallet, and the transaction is securely and cryptographically encoded). It would look a little bit like this:
Implementing the namespace
Blockchain-based protocols are the ideal way to implement this. The key is they are decentralized and secure.
Getting a push request on Venmo or Square happens all the time. If Bob is on Venmo and Alice is also on Venmo, it’s easy for Bob to push a transaction request to Alice. But what if Alice is not on Venmo but instead on Alipay? What if Venmo is not even offered in the country that Alice lives in?
We need a protocol that is independent of any wallet payment provider. A protocol that can work for Venmo or Square, Visa or Mastercard; and we need a common namespace so “@bob” means the same person regardless of the wallets and bank accounts that the person uses.
Fortunately, blockchain solves this problem precisely.
Starting with the launch of EOS in 2018, we have a system of distributed usernames such as “@fredfredfred” which is the unique username of Fred Krueger on EOS. This is not kept in any one database, but is replicated on thousands of computers worldwide as part of the EOS blockchain. There has not been a single instance of an account name “hack” on the EOS blockchain despite billions of dollars in transactions. The protocol is secure.
This is still not enough. There is no “blue checkmark” on EOS indicating that the name “@fredfredfred” belongs to the Fred Krueger living in California who co-wrote this article. Twitter has this concept of “blue checkmarks” but EOS doesn’t. It’s not enough for any one company to be the “attestation of identity” — we need a comprehensive, distributed network where multiple KYC providers can verify the identity.
We need each of these providers to have a “white checkmark” indicating that they have been validated by the protocol. We need the overall system to be distributed and not owned by any one company or individual, nor be under the control of any one government.
That is the general idea of Proton. And it’s not just an idea. The genesis of it is a blockchain called Lynx that started as an EOS fork and went live on Jan 6, 2020. Lynx has names, avatars, and a very crude notion of blue checkmarks that are stored on-chain. Without getting too lost in technical details, Lynx is the basis of Proton. And all of these ideas come from Metal’s concept of XID, introduced on April 2 2019.
Maintaining Identity in a distributed way
The way that Proton works with identity is leveraging multiple KYC providers, through openly opting-in, verifying and securely holding personally identifiable data. Nobody will trust any one party to be the “identity source of truth”.
What you want is to be able to see a blue checkmark next to somebody’s name, and also see who verified this person and when. As a merchant, you may also want to see the person’s risk score. For pending payments at a store location, you might relinquish goods to an “A” credit risk; but think twice if the person came back rated a “C”. This is all achieved without exposing PII (Personally Identifying Information) on the public ledger.
You, as the user, may also want to avoid re-submitting your identity multiple times every time you are applying for credit. This too could be handled by the Proton blockchain as a request for additional credit information.
Now, one of the first things you will think about as you dissect this idea, is that it is trivially easy, in theory, to spam the network and request payment from random usernames. How do you prevent this?
The answer is two-fold: gas fees and whitelisting.
The first anti-fraud measure is to implement a gas fee. Since all of this is implemented on a new decentralized blockchain Proton, we can simply charge any sender a very small fee in Proton tokens. This could be a few cents or even less. EOSIO technology is the fastest, most scalable blockchain tech on the planet currently, and can easily scale to 3,000 transactions per second at minimal cost.
With sidechains we can raise the transactions per second even higher. We can get to where Visa and MasterCard are today in terms of raw transactions per second, and this is not just a crypto dream, it’s a reality.
Side note: because we are implementing Proton using EOSIO, we do not have to face our own blockchain gas fees. In an earlier Ethereum vision of this new XID product, the cost of maintaining the blockchain became a significant factor. In fact, in our case, these fees will now be beneficial to Proton as they will help fund the Proton network (the example of SuperMan 3 comes to mind).
Lastly, let’s talk about whitelisting. I really do not want random people to ask me to confirm transactions I did not do. To solve this, we can simply have a system where you whitelist the vendor. In practice this could be as simple as scanning a QR code or confirming a link, and because all the participants in the payment side of Proton would need to be KYC’ed, if a spammer did emerge, they could easily be shut down by the block producer custodians of the chain.
Proton is being released as its own fully featured permissionless public blockchain, complete with apps, and mobile and desktop wallets. At its core is the simple but extremely powerful concept of just “paying with your name”. Long gone are the days of giving every merchant you’ve ever shopped with the keys to your bank, time to take back control, time for Proton.