The Accumulate protocol is constructed around an enhanced version of a fourth generation identity framework known as Decentralized Digital Identities and Identifiers (DDIIs). The implementation of DDIIs on the Accumulate network is referred to as Accumulate Digital Identifiers (ADIs), which allow for smart contracts, consensus building, validator networks, and enterprise-level management of digital assets. The versatility of ADIs lends itself to a variety of real-world use cases, but before we provide some examples it is necessary to understand the history of identity verification and the limitations of legacy technologies.
Since the dawn of human civilization, people have organized themselves into communities for the purposes of distributing labor, sharing resources, and building infrastructure to survive the harsh realities of nature. Early humans needed to establish trust between individuals and communities without the convenience of written language, and they likely relied upon simple mechanisms of validation such as greetings, style of dress, and other cues that we may define as “carbon identities”. These mechanisms are easy to implement since they’re present in our culture and hardwired into our DNA. They’re also efficient in small groups so long as group membership doesn’t exceed the capacity of an individual’s memory. Carbon identity is hierarchical in the sense that partners, families, clans, and regional communities may have different appearances or customs. As language evolved, so did multimodal signaling in the form of greetings, pass phrases, and scripted exchanges. However, carbon identity is severely lacking in security and scalability. For example, a spy can easily counterfeit a handshake or record a pass phrase, while visual identity becomes unreliable in larger communities.
Physical, or analog identities leverage the ability to write data into documents to define membership and roles. Credit cards, photo ID, and signed documentation may be used to validate identity, membership, and transactions. Analog identity improves upon carbon identity by adding a physical token that is universally recognized by members of the community, therefore increasing its scalability. Technology reduces the risk of forgery by using materials with limited access or adding complex security features (e.g. holograms, fine print, fluorescent threads) that require specialized tools to reproduce. However, counterfeiting has also evolved, and criminal gangs may also have access to sophisticated equipment. Another approach is to require both physical identity and presence, such as when a customer shows ID when purchasing an age-restricted item. However, this often requires the participation of a third party in the validation of an identity. If this third party is unreliable, the fraudulent identity may be falsely verified. Despite the growing use of digital identity, the majority of identity theft still involves analog identity, highlighting the need to migrate to more secure solutions.
Centralized Digital Identities
The invention of the internet compelled the creation of electronic security in the form of passwords, MAC addresses, IP addresses, and digital accounts that are often secured using passwords, cryptography, and multifactor authentication. We refer to these as centralized digital identities because they are highly dependent on central authorities for the issuance, security, and validation of identity. For example, Google Authenticator and Duo are two common two-factor authentication (2FA) apps operated by large companies that students or employees may be forced to use in order to access email or make changes to their accounts. Unlike analog identity, digital identity does not need to be physically present on the individual. Instead, credentials can be efficiently distributed anywhere in the world, which has led to the creation of entirely new industries such as online commerce. Analog and digital identity can also be combined to enhance security. Radio-frequency identification (RFID) chips and 2FA devices, for example, can validate physical ownership and transmit digital data.
However, the user has no ownership of their personal information, which can lead to a data breach in the case of a hack, or the irreversible loss of data in the case of bankruptcy with far-reaching consequences. In 2014, for example, a data breach at Yahoo exposed the personal information of more than 1 billion users across the world. In 2017, Equifax reported a data breach that compromised the private records of 147 million Americans. Additionally, passwords offer marginal security compared with the security of the blockchain, which contributes to the millions of cases of identity theft that occur throughout the world each year.
Decentralized Digital Identities and Identifiers
With the creation of distributed ledgers like Bitcoin, individuals and organizations were able create and maintain ownership of their own identities. A user’s identity on the blockchain is defined by knowing a secret that can be validated by a script. This secret is typically the private key of a public/private key pair, and the private key does not need to be exposed by the user when creating cryptographic proof of their knowledge of the private key. Minimizing the exposure of a user’s private keys and cryptographically securing those keys is a major advantage of decentralized digital identities and identifiers (DDIIs). In addition, validation of data on the blockchain can be done without the involvement of a third party, at any point in the future, and by any person or organization so long as the blockchain is available. Multifactor and multisignature authentication is also supported on the blockchain.
While DDIIs offer a number of advantages over centralized digital identity, private keys as well as the assets they protect can be permanently lost if the private key is compromised or forgotten. Offline or “cold” storage of private keys protects them from hackers, but cold storage backup of keys is not generally possible. Key management, where a user may upgrade or downgrade security, add a multisig address, or transfer control of an identity to another party is also not supported.
Enhanced Digital Identities
A fifth generation blockchain-based identity framework is emerging that adds additional features to DDIIs to increase their utility and adoption. Accumulate Digital Identifiers (ADIs) fall under the category of enhanced digital identities because they allow for the support of complex identity operations beyond the simple and constrained smart contract-based frameworks of other blockchains. Each identity in Accumulate is its own independent chain, and subchains under the control of an ADI provide different levels of support for keys, tokens, and data. A hierarchical key structure allows higher priority keys to be kept in cold storage, perhaps under multisignature control, and lower priority keys to be kept in warm storage for frequent or low value transactions. If a low priority key is lost or stolen, it can simply be restored from an administrative key. Flexibility in key management allows ADIs to be bought, sold or managed by multiple parties. Flexibility in security allows keys to be upgraded to new algorithms as new security features are developed. However, legacy keys are supported to enable interoperability with older protocols. The result is a manageable, upgradeable, and backwards compatible digital identity with broad utility as we’ll discuss in the following section.
Specific Use Cases for ADIs
The following examples represent only a small fraction of the possible use cases of ADIs on the Accumulate Network, and were chosen to illustrate their utility across a diverse set of use cases. Nearly any application that currently uses digital identities would benefit from the security and flexibility that ADIs provide.
1. Distributing an inheritance: Every signature that secures your assets on the Accumulate network can be maintained in cold storage, and multisig controlled across a set of trusted parties. This may include family, lawyers, accountants, or business partners. None of these parties individually have custody of your assets, but they can reach a consensus, perhaps under your will, to access and distribute those assets according to the legal documents that may be present in a smart contract.
2. Managing company funds: A petty cash fund for purchasing office supplies may be managed by a single entity, while a major account may be managed by several parties, each of which must sign a transaction to validate it on the blockchain. A company’s funds can be organized under a single ADI with sub-identities controlled by different departments or hierarchies within a department. The departure of an employee, or the addition of a signer on a multisig transaction simply requires a change to the security of the key, not the creation of an entirely new identity that would expose sensitive information to the public. If a petty cash fund is abused by a low priority key holder, a high priority key can reassign authority to another employee.
3. Reaching a consensus: Important decisions that are made at the management level of large companies must often reach a consensus before an action is taken. The Accumulate network can facilitate conversation via Scratch Space, which is a transient blockchain for fast, private, and cost-effective consensus building off-chain that temporarily stores data but permanently records cryptographic proof of an event as described in the Litepaper. When a poll is completed and a conclusion is reached, all parties to an ADI involved in decision-making will cryptographically sign their approval. Their signatures will also create an immutable audit trail of the event once it is written into the permanent blockchain. If a consensus pertains to legal documents, they can initiate real world actions. In the summer of 2018, for example, China allowed the use of the blockchain as evidence in court.
4. Auditing the supply chain: Products arriving at a port authority are inspected and signed, then handed over to customs for additional inspection and validation. If approved, the product moves to the country of destination and is delivered to the recipient. Traditional supply chain management relies on digital identity, physical verification, and inspectors who may record their activity for auditing purposes. Blockchain technology is typically applied in the form of IoT devices like QR codes and RFID chips that are tied to a distributed ledger and provide an immutable audit trail. In both instances, the product is queryable against its provenance. There are many solutions that work, but this generally holds true so long as nothing changes. Accumulate is designed to handle both normal operations and exceptional cases through its use of dynamic key management and a network of trust. The bankruptcy of a supply chain company, the retiring of an inspector, and the transfer of their keys can be handled on the Accumulate network but not on other blockchains. The past work of a fired employee can even be deleted, although a record of their involvement is permanently recorded on the blockchain.
The success or failure of a company is largely influenced by exceptional cases and Accumulate provides a robust and secure method for managing and recording unpredictable events. This flexibility in record keeping and identity management, as well as the use of scratch space to perform these activities without burdening the protocol, makes Accumulate useful in a variety of applications.