Kerman Kohli

Share this post

Crypto's Biggest Use Case: Permissionless Identity.

kermankohli.substack.com

Crypto's Biggest Use Case: Permissionless Identity.

It's always been there, we're only just starting to see it now.

Kerman Kohli
Sep 28, 2023
18
Share this post

Crypto's Biggest Use Case: Permissionless Identity.

kermankohli.substack.com
7
2
Share

We’re currently in the depths of a major crypto bear market. Everyone’s asking what the use case is of all the technology we’re building. Many have a thesis that sounds good, but no clear reason as to why it’s better than normal Web2 apps. I’ve been wondering this for a while and I have a view that I’m reasonably bullish on through my own personal experience. This isn’t a post about ideology. This is a post about technology and standards.

Before we get into it, let’s take a look at the way the existing internet works.

Web2, Data Producers and Identity

When you sign up to a service on the internet, it doesn’t actually know who you are since everything about you can be forged. Your IP address, cookies, fingerprints are all approximate but forgeable identifiers. Everything can be faked.

This lead to the creation of authentication standards that predominantly rely on:

  • Email address

  • Password

  • 2FA authentication schemes

Whenever you use some service on the internet, it needs a persistent, secure identity to attach your data to. More importantly a way for you, to authenticate you as you.

This is fine, except all your data is attached to that particular database’s unique identifier of you. Each database will create a different identifier of you. Facebook, Twitter, Instagram all create unique identifiers of you in their database.

When you log in with OAuth for other services, they can reference that identifier but they’ll still create a new row in their database to identify you. The OAuth providers might share certain data points to external developers although it’s usually quite limited. It’s then up to that specific developer to then attach any information generated in their app to your newly created user identifier in their database.

In case you can’t see it, “you” is represented over and over again in every service you use. This isn’t because web2 is “evil”, it’s because that’s the only logical way to do it given the limitations of the hardware present. This however, creates larger issues as decades of the internet have passed by:

  1. All your identity and reputation data is gated to the specific ecosystem you sign up to. Your Twitter followers stay as Twitter’s data that you can’t get out.

  2. Any information created on the internet is linked to the identity within that service. Google Reviews can only show you information that Google has about you.

  3. Every new service you sign up to requires you to rebuild your trust and credibility in that ecosystem, despite what you’ve done in the past.

This creates an environment where we get the worst of both worlds:

  • Our personal details are the only thing to identify us

  • Yet, our information still stays fragmented

We’re starting to see this become an increasingly larger issue on the internet as the authenticity and trust of all information has to become increasingly scrutinised. Whenever I read an article with a strong agenda, I typically will:

  • Find who the author is

  • Stalk their Twitter and any other sources I can find on them

  • Find references to the article on other sites

  • Create a holistic judgement of the author’s biases and what the opposing view is

However, I know I’m more in the minority here. Most people are happy to accept information presented without understanding the identity of the producer of that data (data being defined here as any information presented in the form of articles, tweets, videos etc).

The key problem we’re running into collectively is that we have no clear way of deterministically identifying who we are online. Every time you visit a website, receive a message from someone or get an email, there’s a chance you’re speaking to the wrong person due to us identifying someone by their unique on-screen names. This is already starting to create major issues where we can’t even identify who we are in online communication.

I might be “kerman.eth” on-chain, “kermankohli” on Telegram and “kermank” on another platform. However, if someone messages you on Telegram as “kermank”, you might believe that it’s me. Without public key authentication, trust is a mess on the internet. I talked about this more in my AI x Crypto article.

Kerman Kohli
The Next Major Crypto Narrative
If there’s one thing I’ve learned from my years in crypto, it’s that this market is highly narrative drive. The way I break it down from the smallest atomic unit to the macro is as follows: Stories that people can understand Beliefs that form around stories…
Read more
a year ago · 12 likes · Kerman Kohli

The lack of strong, persistent, digital identification is an enormous problem that humanity is collectively running into as time goes on.

Cryptography, timestamped by Crypto.

Pt 1: Cryptography

That may sound strange, but hear me out. They’re two distinct, yet similar, sounding concepts.

Cryptography for identities essentially involves multiplying two large prime numbers to generate a new, larger number. While this may sound simple, the complexity lies in the improbability of guessing these prime numbers, making them virtually impossible to crack. When you authenticate using your private key, your hardware employs unique information to establish its identity. This approach represents a key shift in how identities are managed: the owner of the identity knows large numbers that are also recognized by a common standard on the receiver's end.

In contrast to this method, traditional web infrastructure requires us to re-establish our identity for each new service we use, resulting in a different ID for every database we join.

Pt 2: Crypto

Okay, so where do blockchains come in? Well, the second challenging part of this puzzle is how do you verify when that piece of information was broadcasted? If you simply sign a message with today’s date, how do you know you have the correct date? Maybe you delegate the responsibility of time to another party, but what if they get corrupted? You end up with recursive logic.

Blockchains are innovative in the sense that they’re databases that are exceptional for recording dated information. They don’t have a notion of time like humans rely on, they rely on a notion of block numbers to determine when something has happened. I don’t think we realise just how groundbreaking this truly is. You don’t send a transaction with a “here’s when the transaction happened” field. You simply submit your transaction to the network and when it gets mined by a miner, it gets included in a block that then assigns a timestamp.

Think about that carefully for a second, what system exists where you give it information and it tells you when that information actually happened. Never. We always expect when we say something or communicate it online, that’s when it “happened”. Not in crypto land. When we want to communicate information on-chain, we simply express what we want to communicate and the blockchain tells us when it happened.

Just to re-summarise:

  • Cryptography creates a shared authentication standard we can all agree on

  • Crypto, powered by blockchains, creates a shared time standard we can all agree on

Why Identity?

What we’ve all forgotten in the mania of coins and riches is that the blockchain represents two key fundamental innovations, each built on one-another. What that also means is that we can start to change the world by introducing one innovation, and slowly layering the second one as it makes more sense. You don’t need to layer both at the same time to have an impact.

As of 2023, the world needs much stronger identity standards especially with the advent of AI. Information is what our societies are built on, however when trust and verification of information goes down-hill we end up in some dangerous places. Here’s an example of what I’m talking about:

https://twitter.com/8teAPi/status/1706520893621784780

Self-regurgitated bullshit being spread at scale.

Sending stablecoins and playing casino games are all fun and games, but crypto can address greater benefits & tackle much larger issues that face society today. Since crypto is built on the bed-rock of cryptography, it has a large ecosystem around cryptography standards than other places in the web. You can already see cryptography becoming the gold standard with Apple’s adoption of PassKeys and the rise of One-Time-Passcodes to enable 2FA authentication.

  • In Web2, cryptography is a second-class citizen.

  • In Web3, cryptography is first-class citizen.

Okay so now that we’re all on the same page, let’s talk about crypto and identity. I’ve been deeply involved with this problem for years now and I think I’ve figured some key pieces of the puzzle that weren’t obvious before. Crypto’s biggest use case isn’t “decentralized identity” or some lofty ideal of that involves:

  • “Own your own data and get paid”

  • “Upload your passport on the blockchain to enable better KYC”

  • “Link your Twitter, Facebook and Ethereum address to create One New Identity(tm)”

These notions are so far removed from reality and are just empty narratives that don’t create products that help real users. Narratives like that are mainly used to justify large raises from investors and no value-add to end consumers. To clarify these miscommunications, it’s important that we use better language to describe what we’re talking about. I think when people even say things like “on-chain identity” it creates incorrect conclusions since it implies that you have to do things on-chain. That also isn’t true. After months of thinking, it feels like the correct framing of whatever all this is…

The Path Forward

Permissionless Identity: “Portable, persistent identities that are cryptographically backed”.

They’re public key as we know them today. It doesn’t matter if the data is on-chain or off-chain. The point is you identify/authenticate yourself on a digital service via your public key. All information is tied to your public key which allows it to be interoperable.

However, here’s what makes them tangibly better than any other web2 system we have today:

  • Built in one context, and used in another. All of your activities and data in one ecosystem, can be accessed in a completely unrelated ecosystem.

  • Forever persistent. They cannot cease to exist once a private key has been derived. You can’t delete private-keys or data on-chain. Once those prime numbers have been generated to derive a public key, you can’t “undo” that action.

  • Can be used on-chain or off-chain. Your identity is the combination of every place you’ve authenticated as your public key, on-chain OR off-chain. The key is the innovation, not the blockchain.

  • The ability to create new identities (or fragment) at the click of a button alongside existing identities. Unlike web2 where all your identities are eventually tied to your passport (phone numbers, internet service provider). Permisionless identities do not require permission to be created or fragmented.

  • Available to anyone with an internet connection and access to the right hardware. There is no “issuing” authority to generate the identity. As long as you have the correct infrastructure to secure your identity you can create one. What you can do with this identity is also unlimited due to the borderless nature of it.

Closing

What permissionless identity fundamentally enables is a whole new class of applications that are 10x better than those you see on the existing Web! A world in which each app can make the experience of every other app much better. You actually get a flywheel-like effect the begins. Here’s how I see it playing out:

  1. With the rise of crypto-consumer-like apps, they’re all going to be relying on permissionless identity as a natural authentication standard

  2. The apps are going to be able to start being context aware of your actions and behaviours in the past and on other apps

  3. This ability to “import” context from the past and other places crafts are a far better user experience

  4. Users demand more applications to support public-key based authentication in order to sign in and use applications

  5. As more applications exist that support public-key authentication, the greater utility users derive from their permissionless identity.

My bet here is that crypto’s major use case is already here: permissionless identity based apps. The sooner we realise that, the faster we move on to creating applications that people actually want. I’ll elaborate more about permissionless identity and what’s happening in the space today in another post. For now, I’d love to hear your thoughts.

18
Share this post

Crypto's Biggest Use Case: Permissionless Identity.

kermankohli.substack.com
7
2
Share

Discussion about this post

Mark N
Sep 30, 2023·edited Sep 30, 2023Liked by Kerman Kohli

Great article and a promising future, but I am worried about the implications on privacy. If your identity is the sum of all your previous authentications and forever persistent, then you have a record of your private information and actions forever embedded in the blockchain. Who has access to this information? Is it conceivable that this information could become public, possibly due to a leak? What happens then?

Expand full comment
Reply
Share
6 replies by Kerman Kohli and others
6 more comments...

No posts

Ready for more?

© 2024 Kerman Kohli
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture
Share