TezID is an identity oracle for Tezos 🤖✌️
It allows users to prove that they own certain digital property such as an email address, phone number, etc. And perhaps in the future a physical address and even government issued ID's.
How it works
At it's core TezID is a Smart Contract with registered addresses and verified proofs for each address. A user might register his/her address and different proofs, and use the oracle to verify these proofs.
- A user connects their wallet to the TezID dapp
- The user registers their address with the TezID Smart Contract
- The user registers one of the supported proofs with the TezID Smart Contract
- The user requests a verification code from the oracle
- The oracle verifies the uniqeness of the property (you cannot register the same email twice)
- The oracle sends a verification code to the property
- The user receives the verification code and enters it in the TezID dapp
- The oracle marks the proof as verified in the Smart Contract
What is the point?
It can be used from other Smart Contracts to verify that a Tezos address is associated with a real human being.
I'm interested in collective decisionmaking mechnisms. Some of these require unique identities. One example is Quadratic Voting. An example usage of TezID would be to create a QV voting contract that will query the TezID contract if a certain address has registered a government issued ID proof within the last year, before allowing this address to vote.
But who knows what other use-cases might pop up 😬✨
What about security?
You might wonder if it's such a good idea to connect your Tezos address to your email or phone number etc. 🤔 This is not a good idea at all! 😳
Luckily this is not how TezID works. 😅 On the Smart Contract TezID only stores that you have registered a proof; it's type, the date this happened and a boolean to indicate if the proof has been verified by the oracle.
The TezID oracle only stores a hashed representation of your property. This means, even if the TezID oracle database was compromised, all an attacker would get was a list of hashes.
This is however not unproblematic. If an attacker get's ahold of the list of hashes, they could potentially attempt to hash known email addresses and compare to the list of hashes they have stolen.
Luckily this will not be so easy with the TezID hash table, since each hash is salted and generated using pbkdf2 (key stretching). We follow best practice principles outlined here. 🔒
We have done what we can to limit the attack surface of TezID.
Also check out our Tips section for how to avoid linking your TezID address with your other Tezos addresses.
Why is it costly to register proofs?
We have a added a cost for registering your address and proofs on TezID. At launch the cost will be around $10 for each, and we have the ability to adjust this over time.
We have introduced a cost here for several different reasons:
- To incetivice behaviour
- To fund running the oracle
- To fund further development of the oracle
To incentivice behaviour
It's super important to discourage people to register multiple addresses on TezID. The main idea is to have 1 Tezos address map to 1 human being.
For many of our proof types this is impossible to ensure. But having a high cost for registering proofs is a great way to discourage this behaviour. You can register 2-3 addresses, sure. But if you try to register 1000 it's going to cost you 😅💸.
Contracts using TezID should also require multiple proofs be registered and atleast one that is not easily duplicated.
To fund running the oracle
It's not free to run the TezID oracle. The cloud infrastructure has a cost. Sending out SMS'es has a cost. And the humans need to eat.
To fund further development of the oracle
We have lot's more ideas we want to realize with TezID, and any additionalt funds after running costs will go to further development.
The current owner of a property on TezID can renew it at any time. If a property has not been renewed for 365 days (depending on type of property) anyone in control of this property can use it to register a new proof.
It is a good idea for other contracts using TezID to require proofs less than a year old.
Calling from other contracts
You can see an example of how to use TezID from another contract here.
What about W3C Decentralized Identity?
We are aware of the work being done on W3C Decentralized Identity on Tezos spearheaded by Spruce Systems. We see TezID as supplemental to this work. On TezID you can verify your digital (and perhaps in the future physical) property. This makes TezID more of an issuer in a Decentralized Identity context. And who knows, perhaps one day someone will build a DID issuer layer on top of TezID 😬🙊
Looking forward to any and all feedback be it praise or critizism 🙌
Avoid linking your TezID to your other Tezos addresess
In order to register on TezID you need a Tezos address with some XTZ. You can just make a new one and transfer some Tez to it, but then your "main" Tezos address and all other addresses it has been in contact with (sendt to/from) will be linkable, and if just one of those addresses is connected to your personal identity, all the others will too 😳🙈 Such is the nature of public blockchains.
However, one "trick" you can do is to create an empty address. Then go on an exchange and purchase some XTZ. Transfer the XTZ from the exchange to your newly created address and register that address on TezID. That way there is no link between your other Tezos addresses and TezID. The exchange still has the information linking your identity and your TezID address, but there is no link to your other addresses on-chain.