 Cool, so thanks for joining me here. Today I'm going to be talking about decentralized identity and reputation. So first of all, I'm Sina. I was previously the engineering lead at TrueBit, a project for scaling computation on Ethereum. Also helped launch this project called ETHPrize, where we interviewed over 100 engineers around the space to pinpoint shared problems around development, like deploying a test net or doing security audits and helped fund resources towards solving those problems. And more recently, I've been exploring open problems and helping at the Ethereum foundations with the grants program. So today I'm going to talk about identity. And I think identity is one of the most important problems any of us could be working on. In the blockchain space, identity plays into a whole host of things that we're all excited about. So I'm just going to kind of talk through a few of them. The first is, if you're familiar with some of the protocols that are being built, you know that Ethereum addresses are pseudonymous. You can create a new one at zero cost. And because of that, a lot of the protocols that exist, like Casper, LivePierre for decentralized video streaming, TrueBit for computation, the only way you have of keeping your participants honest is to make them deposit some stake, and then if they do something wrong, burning that stake. And that, by definition, is a one-off game. Now imagine if instead of staking ETH or some amount of monetary collateral, people had to stake their reputation and their persistent identity. And if they did something wrong, it was a reputation that would take a hit. This would give us much stronger guarantees around the space. There's a whole host of application layer things that depend on identity. One is governance. If you want to do any kind of quadratic voting, you need a sense of identity. On-chain lending relies on identity to be able to underwrite the loans, determine how risky someone is, because you just can't give money to someone who's anonymous and could disappear. Air drops, which are means of economic distribution and bootstrapping networks. It's one of the very interesting, like, crypto-native primitives that we have. Having identity would help people do these in a more nuanced way. And rate limiting and pricing. So some of the Web 2 services that we all use, and which are great, for example, Dropbox, make extensive use of these techniques. For example, there's freemium models where as a new user you get free access to the service, or there's tiered usage models, where as a pro user you get a discount on what you're doing. And you just can't replicate these models on the blockchain right now. And finally, the problem of sampling, which is kind of theoretical, but if you can basically pick an address from amongst a number of addresses, and right now you can't do this because they can be cybbled, this would change everything. This is basically, in some way, it's what proof-of-work and proof-of-stake and these various mechanisms we're trying to get at is selecting a leader or sampling a number of people from a large pool. And even in the real world, we're seeing identity become, or digital identity become more and more important. So the Aadhar program in India, it's an identity system based on biometrics and has over one billion people using it now. And you can use it to sign up for bank accounts, take out loans, e-residency in Estonia, of course, and China's rolling out this virtual ID, which could speak to alternate ways that we could provide a more self-sovereign way of doing this. So today I'm gonna talk about what we mean by identity and reputation and then talk through some of the nuances through the lens of three particular applications, governance, lending, and security tokens. So an identity is basically the atomic actor within the system. So if we're talking about Ethereum right now, each Ethereum address could be an identity. When you're buying a token on XeroX or you're staking some ETH in a protocol, that's the identity. And these addresses can obviously be backed by a human being who's controlling the private key or they could be a smart contract that has interesting mechanisms around different spending limits, access control mechanisms. And if you build up a history as you engage with the network through your identity and this speaks to the importance of being this identity being secure and why if you have a multi-sig and you have ways to recover your keys, it's important. And obviously it plays into the user experience which a lot of other people are talking about at this conference. The next kind of part of this that you should know about is this idea of a claim, which is you have all these identities dispersed around the network and each one of them can claim something about another one. So you can, identity A can say that identity B has passed KYC or that they're a resident of this country or they have this income. And these could play different. It's just kind of a primitive that you can use within different applications. And you don't really need to enforce any kind of authority here. Any, I can claim something about someone else, they can claim something about someone else. And there's a lot of awesome teams working on pushing this stuff forward. Project like Zeppelin, TPL, Bloom, U-Ports, ERC 725 and 735. There's different architectures like storing these claims in a smart contract registry, storing them with the user in a more self sovereign way. And this is kind of an area of active experimentation. And what do we mean by reputation? Reputation is when one of these identities kind of builds up trust over time. So it goes from this state of being just this anonymous, Ethereum address to an identity that people can trust. And you can think of this analogously to the real world. So think of you just hearing of an engineer for the first time who you've never met before, you don't know anything about them. How do you know if they're any good or if you should work with them? This can happen in one of two ways really. Either someone you already trust goes out on the limb and is like, no, this person is amazing. And through their trust you take a chance on this person. Or that graph of trust isn't there and instead this person just shows up and does some good work over time. And through their own good behavior they build up their reputation. So we can use the same two kinds of ideas on blockchains. So let's talk about governance a little bit. Governance is really important in this space as it comes to decentralized networks upgrading without a central party making that choice when it comes to allocating funds and making decisions as a whole. And we can't really replicate the model that exists in the real world which is one person, one vote because obviously you can spin up multiple addresses and civil the system. And so what's been happening so far is coin voting which is you have the scarce resource which is the number of tokens you have or the amount of ETH you have and you stake this ETH and your voice in this vote is determined by how much you stake. And this works but it has this problem of being plutocratic which is people with more money get more voice in the system. So this all speaks to this need for decentralized civil resistant identity. Civil resistant meaning one person can't spin up multiple identities and it's decentralized meaning it emerges from the network. And this is one of the hardest problems that exists in the space and I think anyone who wants to work on an interesting research problem should go and attack this. And I'll just talk through kind of a thought experiment of how you can think about this. One method of approaching this though no system has been built that fully achieves this. So I think that there's some protocol let's say one of my favorites zero X that wants to upgrade their contracts. This is couple like some time in the future and the system is fully decentralized and they want the network to vote on whether this change happens or how it happens. And one way you could do this instead of doing the coin voting is you could just announce that any Ethereum address who wants to have an input on this we're just going to airdrop 100 vote tokens onto them. And so you just give this to everyone on the network. And obviously you can't just like get these people to vote with these tokens because it would be civil. But what happens instead is there's a campaigning period where anyone can use the existing social channels to campaign for their voice to be heard. So the core zero X team people in the community developers anonymous reddit commenters everyone would make their case for why they should have an input into this. And they would list their Ethereum address next to their name. And during this month of campaigning you go and allocate your vote tokens between all these other people and whatever proportions that you want. And now once the month is over you take the vote. So everyone just cast their vote once. But instead of counting each vote as equal or equal to the number of tokens they had instead the naive way would be how many vote tokens did they get allocated to them by the community which would already be pretty interesting. But what you could do is actually run page rank on this which is Google's algorithm for ranking websites. So you would say this person person X received all these vote tokens to them. So their voice obviously matters and you can imagine Will in a mirror from zero X receiving all these vote tokens. But then you wouldn't stop there. You would iterate the algorithm again and you'd be like who have these people allocated their limited 100 vote tokens. And those edges themselves have more value and this wasn't determined by any centralized process. It's just a property of the network. People, someone gets a lot of votes from the community and because of that their own votes become more important and then in turn that person's votes become more in turn. So this process converges and is a really interesting idea. The problem is that this approach also can be cybbled. So you can, if you have the real trust graph here of all these people allocating their tokens within the real Ethereum ecosystem someone could just spin up a thousand addresses and replicate the exact same structure on this side. And this is why this is an open problem. So some ideas there are having globally trusted peers, maybe like 10, 50, or 100 addresses that kind of everyone agrees should be trusted. And you kind of start the graph from them and you're like who do these people trust? Who do they trust? And this has a way of bringing the network to grounding the network. Another approach is to requiring a scarce resource to create an edge. So you could use those zero X tokens to create these edges and that makes them means that one person just can't create an infinite number of them. And the final one is you could pattern match from the top down. So you could say that these addresses seem to be trusting themselves within this cluster but no one from the outside is trusting them. And the next problem is how do you actually incentivize these people to allocate these tokens correctly? So what makes you spend the time and the due diligence to find out who to give your tokens to and what prevents you from giving this to just bad actors in the system? And there's ideas around using collateral and requiring people lock up some value that they get back in time or if these edges actually come to existence as a byproduct of existing behavior. So a great example of this is in the web itself where Google didn't go to all these people and tell them to point to each other so that the PageRank algorithm could work instead someone who's building a website personally just wants to have good links going out because that means that their website is more interesting and they get more traffic and they're just doing that in a selfish way. And that in turn means that this PageRank can be built on top of it. So there's projects exploring this in crypto as well like SourceGrad which is doing it for a GitHub. So this is a really interesting area to explore and you should all kind of look into it. Next kind of application we'll look at is lending. So lending intuitively makes sense as a place where we all should look for applying this blockchain technology. It's a global network, you can write code instead of legal contracts, it's self enforcing. But then again there's a problem. You can't just extend the line of credit to an anonymous person because they can disappear, they can take that money and run. And so there's a few ideas, I'll kind of talk through a spectrum of them here. And my goal is to show that the identity systems that we build are nuanced and relates to what we're trying to achieve on the application layer. So there's existing companies in the Web2 world that give out loans to people without credit scores. And they begin by lending really small amounts. So let's say it's a village in Sub-Saharan Africa, they start by lending out $5 a month or till the loan is paid back and then as this person builds up reputation, they increase that amount. And this has actually worked. These are successful companies actually making a difference in the world. But the critical thing is that they all rely on this person's real world identity. So they use the person's contact list and GPS location and if they have identity information and they use these things to underwrite that person's risk and know that in the future, if this person exits the system that they don't let them in again. So this is how these systems have been able to build up trust over time. And that's not really available to us in the crypto space if we want to build fully anonymous, decentralized lending systems. And the example of this kind of was shown in earlier when this awesome company, BTC Jam, which was doing Bitcoin lending in the developing world, a lot of people were very excited about it but there was just a lot of exit scams. So people would build up their reputation by borrowing, paying back in time, not defaulting. And as soon as this value would get large enough they would just run away with the money. And then they'd start over again. So how do you solve that? Another idea is, okay, let's not do this decentralized anonymous thing. Let's do peer to peer loans in a user's own community. So in their own village, people trust them socially so you can do that. And that wasn't possible before either. We can use blockchain technology to enable that. There's a few questions there, again more on the social layer rather than the technology layer, which is does our community actually have the capital to lend, like is that a believable idea? And the other one is, do people like to borrow a lend from people they know? If you think about it right now would you take out a loan from your friends or would you lend to your friends and how would that impact your personal relationship? So some people, there's some research that shows people actually behave better if you do that because of the social accountability and there's a bunch of people who think that people would rather have this relationship with some bank and not involve, have the separation between the person and the financial life. So again, things that we need to all think about. And on the other side of the continuum is, okay, it's actually not using the blockchain for peer to peer lending, for building up reputation. We're just using the blockchain to simplify the payment rails and make it global and automate the settlement. And the case here is that even the peer to peer lending marketplaces like Lending Club and Prosper and these companies that have been built over the last 10 years, even though they're peer to peer, most of the volume comes from institutional investors. And the catch is that if you talk to these institutions they actually can't go off of peer to peer claims. Like it's not good enough if 10 Ethereum addresses or your friends in the community say that you have this income. They actually need to know that. And when it comes to KYC and AML they actually need certified authorities to do that. So again, it's like you need to think about how what the application is as you design the identity reputation layer. The final thing I wanted to talk about is security tokens, which have been getting a lot of attention recently. And the case makes sense. So the idea is that there's all these real world illiquid assets like real estate, art, private company equity, and you can tokenize them. You can open them to global markets. People can own fractional amounts and it seems like a value add. And maybe this would open up ownership to people who aren't in the US. Someone could own a piece of an American company even if they live in Asia or in Africa. So we actually looked into this because we were researching identity broadly. And it turns out that if these issuers are in regulated countries themselves and because this is in the name is a security token, the compliance means that they're actually on the hook for who buys these tokens. So they need to run all the traditional processes that they would have to in the real world on the buyers. So KYC, AML, accreditation, OFAC lists, debarment lists. And that's fair enough. And then you think about what you could really change on the identity layer and you realize that again, peer-to-peer identities don't work because this issuer is actually legally on the hook. Like they will go to jail if the government realizes that someone didn't have the KYC, AML. So they need to rely on certified authorities to do that. And another kind of nuance, again, that emerges is so you could, you know, you say that, you know, let's put the KYC, AML self-sovereign, the user hosts them. And this is what, you know, an awesome company like Bloom is doing right now. So the attestations come from regulated authorities, but the user actually holds them, they reveal them when they want. But there's other things you need to navigate here. So these providers, the attestors, actually their incentives are right now, you know, if a user is going to buy five different tokens, each of those platforms does the KYC wants and this like provider like makes money from that. So by putting this stuff on chain, you're actually like lowering the redundancy. So there's a lot of kind of case-by-case nuances that you need to navigate. And so just wanted to kind of give some context, you know, beyond the key management and the user experience and these things which are all really important and we need to work on to make this stuff viable for people who aren't, you know, who aren't in the space like so they can actually use this stuff. But we need to actually think about what use cases we're building for and design with that in mind from the architecture layer. And that's what I'll leave you with. We do have about four minutes, do anyone have one to ask a question? Okay, down there. Hello, Dmitri Bispalovic knows us safe. Let's imagine that you have solved most of the problems that you were talking about. In this case, what would be the major problems for the adoption of the decentralized identity? Decentralized meaning it's not pegged on the real world. It emerges from the network. Maybe in this case, like maybe it depends on the problems that you were talking about, but in a sense, what would be the adoption barriers for this kind of thing? So the question is what would be the adoption barriers to an identity system? And I think there's multiple aspects to this. One part of it is you just need to have like a very compelling use case where people are coming in and using, because this technology still, it's hard to use. And one thing you notice is that identity in the web2 world has always emerged as a byproduct of an application that people actually wanna use. So there's been attempts to build more self-sovereign identity on web2 from 10, 15 years ago. But eventually what became people's identity was their email address because they were just using it to communicate with everyone. Or was their Facebook login because everyone had it and people had originally joined to build relationships and stay in touch. So I think a key part is actually having use cases that pull people in. And then beyond that, it's security. So there's a lot of good ideas around having different keys with different levels of permissions, different key recovery mechanisms, because you just can't lose your identity. And most people aren't gonna have the level of understanding of the technologies, be able to do that stuff hands-on. And the user experience. So even having to understand claims or transactions or delegation or all these things need to get abstracted over time. Which I think I'm hopeful will happen given how many great people are working in this space. But it's all stuff we need to figure out. Thank you. Whoops, hi. We're working in the self-sovereign identity space and I would be curious what's your opinion about the major challenges to get the current understanding of self-sovereign identity, either the approach of Uport or Sovereign or whoever. Where do you see the major challenges to get it on a broader level towards the people? Or even here in the room. So basically take that crowd and not just the ordinary person if you like. I think this speaks to why it's important to think of the design consciously upfront. So if you let it purely emerge as a byproduct of the application, then you don't really know what's gonna happen. All these claims might be on chain and it might be, it might completely lack privacy or the dominant service that's getting all the traction might just store all the information in a centralized server. So it's good that we're thinking about it upfront. I think, I mean I've seen some approaches that are pretty interesting. Like again, talking to the Bloom team while you're here would be like they have a pretty interesting go-to-market strategy. But yeah, I think it's use cases, user experience, security, just kind of things. That's gonna have you be able to do that.