ARTIS member onboarding — Part 1

This article was co-produced with ARTIS team member Bernhard Zach —the privacy maximalist of the lab10 collective.

About the challenge

Maybe the most concise description of the challenge at hand is:
We want to deploy a piece of infrastructure as digital commons which is easily accessible by all human beings, yet protected against the tragedy of the commons.

ARTIS is a crypto-economic network and as such has a built-in unit of account, named ATS. While the Bitcoin terminology of coins has been universally adopted for describing the builtin unit of account of almost all crypto-economic networks, the description of Ether in the Ethereum Whitepaper is probably a better starting point for understanding what ARTIS onboarding is about:
“Ether” is the main internal crypto-fuel of Ethereum, and is used to pay transaction fees.

In Bitcoin, the coins are also used to pay transaction fees. So why is it that Ethereum puts so much emphasis on this aspect that it changes the metaphor from coin to fuel?
The reason is: in Ethereum, transacting the builtin unit of account is just one of an endless range of possible use cases. In fact, the value proposal of Ethereum is that of being a platform for decentralized applications.

ARTIS inherits this property, but also tries to learn from lessons provided by the history of Bitcoin and Ethereum.
One such lesson is that the distribution mechanism of mining rewards is doing a great job at securing the networks, but not such a good job at widely distributing the unit of account and thereby access to the network.

Several projects have tried other distribution mechanisms aimed to achieve wider distribution and thereby network adoption. Such efforts are nowadays tagged as airdrops — a concept somewhat reminiscent to helicopter money.
Executing an airdrop is however not as easy at it may seem, because there’s 2 conflicting goals:

  • distribute to as many individuals as possible
  • retain the value of the unit of account by keeping it scarce

In the end, every attempt to achieve both goals in an automated way is doomed to fail because: the Internet lacks a mechanism for verifying identity.

What we want

We want a mechanism which allows us to distribute ATS as widely as possible, yet make it difficult to cheat the mechanism, without relying on central 3rd parties.

More specifically, we want:

  • proof of human — not a software governed guess discriminating those with uncommon traits
  • proof of uniquenessone person has at most one identity in the system
  • a decentralized system which isn’t owned or controlled by a single entity
  • privacy: no information about registered members linked to the fact of membership
  • a well weighted incentive/punishment system that focuses on the registration system, not the members

Why we want it

Simple: in order to solve the chicken and egg problem.

The chicken is the network and the eggs are the decentralized applications.
Crypto-economic systems are networks, thereby their fate is heavily reliant on network effects.

ATS distribution can be designed in a way which helps bootstrapping the network and which also facilitates onboarding in the longer term.
While the economic incentive may be relevant, that’s not the only and probably not even the most important aspect.
We want to lower the entry barrier into crypto-economic networks by giving ordinary people a way to get hands without having to first transact with an exchange. In the early days of crypto currencies, that was often made possible by so called faucets. Mostof those have become victims of the price appreciation.

In a nutshell, this are the goals:

  • a transparent way to distribute ATS which is perceived as fair by most
  • low entry barriers to decentralized applications by offering everybody a free contingent of transactions
  • non-cheatable online voting systems
  • a basis for scalable liquid democracy

What exists today

Centralized 3rd parties

There exists a range of centralized identity providers with large user bases — most notably, Google and Facebook. Those are however not very well suited for the challenge at hand, some reasons being:

  • they have pretty weak checks for “is human”. Weak compared to a human determining another entity as human in the context of a physical meeting — imagine a country issuing a new identity based on a captcha
  • they have no uniqueness check — except of uniqueness of the Email address used for registration. If you own a domain and set up a wildcard alias for your mailbox, you got an endless number of Email addresses.
  • they have other, non-transparent checks (mostly heuristics) which can lead to discrimination — for example unusual names
  • they are not available everywhere, e.g. both Facebook and Google are blocked in China
  • there’s a lot of overlap between the set of people eager to engage in a decentralized network and the set of people not eager to engage in a centralized network (and thus probably not having an identity on such a system)
  • bootstrapping a decentralized network from a centralized one already compromises the system on a philosophical level

Government

Government issued identities may look like an attractive solution for the problem. They are strong in terms of “proof of human” (but still leave millions of e.g. stateless people and refugees uncovered) and mediocre to ok in terms of uniqueness (there’s many with more than one citizenship). But they are also far from perfect and do not really fit with the philosophy of a decentralized network.

  • basing the ARTIS identity system on gov id’s would require storage of personal data like name, date of birth etc. in order to be able to detect duplicates
  • information contained in gov id’s is mostly socially constructed information (e.g. the name) and not always under the full control of the associated person
  • gov id’s are still mostly paper based, requiring cumbersome and error-prone processes for online authentication. Paper is made for the offline world.

Other offline based systems

There are also Credit Scoring Companies like Equifax or Schufa in Germany which have an interest in uniqueness detection. As user you want to avoid using databases like these with limited transparency and control over your records. Of course relying on such identity providers would also exclude the large chunk of people which are not covered by these companies.

(Cheatable) decentralized solutions

There have been efforts to establish decentralized identity systems which aren’t bootstrapped from a central identity provider before.
One of the most detailed such proposals we’re aware of is that proposed for the Cicada platform. It attempts to establish Human Unique Identifiers (HUID) based on IRIS scans.
While it works around some of the well known weaknesses of biometrics, e.g. by proposing the use of recoverable biometric features (in order to work around the fact that a biometric fingerprint could be stolen and thereby an identity captured), there’s one big unsolved issue which can easily destroy such a system: there’s no way to know if an electronically delivered biometric fingerprint belongs to an actual person.
AI technology is advancing fast and its nowadays quite easy to generate unique, yet fake fingerprints — see generative adversial networks.

The only way out of this dilemma could be locked down hardware, but that would just introduce another way of centrality: that of relying on a well defined hardware manufacturer (or set hereof).
A single point of failure is always also a huge honeypot. Avoiding such points is what makes decentralized networks robust and resilient.

The ARTIS approach

After having analyzed the status quo in depth, lets focus on the alternatives we’ve figured out so far.
First, lets make clear that we’re not aiming for a perfect system which cannot make mistakes. We’re out for a solution which is overall better than all existing alternatives while keeping the cost (not only economic) of the process as small as possible and feasible, especially for the members being signed on.

Our personal experience with Web-of-Trust based systems (PGPkeysigning parties) has made sure we have little illusions about how far one can get with good intentions and working technology alone.
We do however believe that the addition of incentive design and new technology like emerging SSI standards and Zero-knowledge proofs to the toolbox has considerably improved chances to achieve the stated goals — something unthinkable just a few years ago.

General approach

What emerged from our analysis is that any solution to the challenge needs to rely on 2 strong pillars:

  • one human being recognizing another human being as such
  • a mechanism ensuring nobody can more than once

Network growth phases

Before talking about concrete ways to implement this pillars, lets switch to a related topic.
ARTIS is supposed to be scalable to millions of members at some point in the future, yet it has to start from zero.
The challenge of onboarding members will considerably change over time, because several important parameters are variable, e.g:

  • the size of the existing network affects how sensitive a duplicate check needs to be — which affects the rate of false positives
  • the economic (and non-economic) incentives to become a member change over time, thus also the incentive to cheat the system
  • innovators and early adopters may require different user journeys than late adopters

We define the following phases:

Phase 1: 1 to 10.000 members (innovators — can deal with rough edges, but need a convincing incentive in order to dedicate their valuable time)
Phase 2: 10.000 to 1.000.000 members (early adopters — like new stuff, but require some polish and at least a good story to give it a try)
Phase 3: 1.000.000 to 100.000.000 members (open minded people — require great usability and clear advantages over existing alternatives)
Phase 4: 100.000.000+ members (everybody else — because family and friends also use it)

Next…

Part 2 will be about the system envisioned for ARTIS:
This includes the role of registrars, a simple offline spacetime protocol (inspired by a paper of MIT PDOS), a possible role for biometrics and an inter-registrar protocol for hardened privacy.

Subscribe to get the latest
news and articles first

We follow privacy by design principles and do not tolerate spam.