In the second session of day two of The Bitcoin Masterclasses, Dr. Craig Wright talked about keeping identity private and how to share certain attributes without revealing all of them. He explained how we could use specific features of Bitcoin, such as Merkle trees, to do this.
For something to be private, we need an identity. Anonymity is when there’s no identity, but that is not privacy, Dr. Wright begins. Looking back to the earlier session, when he talked about share ownership, he made the point that to prove ownership of anything requires us to have an identity.
However, while we want to prove who we are and everything about us, we don’t necessarily want everyone to know everything. We want to isolate our information. We can use a Zero-Knowledge Proof to link our identity to attributes without sharing all of our personal information. For example, Dr. Wright says, “my home address shouldn’t need to be copied for me to prove I’m over the age of 18.”
“How do you think we can create identities and isolate attributes?” Dr. Wright asks. One of the audience answers that we can use Merkle trees to share specific information without sharing all of it.
To illustrate the point, Dr. Wright asks how we might prove we are qualified investors. He explains that if we had a PKI certificate linked to our passport or other official documents, we could prove we have x amount of funds using a key agreement protocol like ECDH. We could also prove we have qualifications such as finance degrees or other subjects that qualify us.
“If I need to prove I have a million pounds, I don’t need to go further and prove I have a billion pounds,” Dr. Wright says, showing how we can prove what we need without revealing more. We can even establish we are an accredited investor without revealing who we are, he says.
“The company doesn’t legally need to know who you are. Marketing wants to know, but legally they just need to know you’re an accredited investor,” he explained.
Merkle structures, attribute changes, and more
What does a digital signature sign? Everything in the certificate. We’re effectively signing a hash, which means we can consider Merkleizing it, Dr. Wright explains. How deep can we make a Merkle structure? “We can make it large,” he says. “At 128 deep, I could name every atom in the universe, probably down to the quarks as well.” The problem with this is that no computer could save them all. Sixteen deep is more than enough for the average person and all of their attributes.
What if an attribute changes? Wouldn’t that change the hash? “It will,” Dr. Wright says, saying that change can be written on-chain. We can even keep records of name changes, gender assignment surgeries, and much more. We could also attach things like lease documents to prove where we are. When we register changes, they occur immediately unless we deliberately use nLockTime to make them appear later, such as after we have moved into a new residence.
Depending on how private we want to be, it’s even possible we could have Merkleized documents such as our birth certificate, linking specific details on them such as our date of birth, name, and other attributes individually. Dr. Wright once again aims at Ethereum, saying that dragging and dropping entire documents onto a blockchain is idiotic because they will be there for good.
“If we want to do this, we have to design it properly. That’s why it takes so long,” he says.
All of this can allow us to prove our identity, or specific attributes associated with it, without giving all our information up and relying on a centralized authority.
Watch: The Bitcoin Masterclasses with Craig Wright – Confidentiality, Privacy, Anonymity, Party to Party
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.