Banner2230×1146 196 KB

DOT I AM - Project Proposal

SUMMARY

DOT I AM is an application aiming to transform the Know Your Customer (KYC) process. Leveraging the power of blockchain and zero-knowledge proofs, we provide a secure, efficient, and privacy-preserving KYC solution. Our user-centric approach enables secure identity verification whilst keeping personal data private, fostering trust and reducing the redundancy in KYC processes across multiple platforms.

BACKGROUND

The traditional approach to KYC processes presents a range of inefficiencies. These processes often involve repetitive and time-consuming procedures that require the surrendering of personal data to multiple parties. This not only undermines their experience but also raises concerns about privacy and data security.

From a business perspective, this approach is fragmented and repetitive. Each KYC procedure necessitates the commitment of significant resources, including manpower for processing and verifying documents, systems for secure data handling and storage, and ongoing management to ensure data accuracy and compliance.

Moreover, there is substantial risk associated with handling sensitive customer data. Data breaches can lead to significant financial penalties, reputational damage, and a loss of customer trust.

DOT I AM addresses these issues. It’s a platform embedded within the Astar ecosystem and integrates with Metamask. It offers a single source of truth for KYC data, providing immutable, secure, and efficient storage and retrieval of verified identity data. Zero-knowledge proofs help to protect user privacy, ensuring that sensitive information remains confidential while still allowing users to verify their identities to third parties.

Our goal with DOT I AM is not only to simplify the KYC process for users within the Web3 space but also to significantly reduce operational costs and data security risks for businesses. By transforming the way KYC is performed, we believe we can foster a more seamless, secure, and cost-effective experience for all parties involved.

THE CONCEPT

DOT I AM is a blockchain-based, decentralised KYC solution designed to streamline identity verification while preserving user privacy. We leverage the Astar network to provide an efficient and secure means of managing KYC data. Here’s how it works:

1600×1015 247 KB

USE CASES

1. Cryptocurrency Exchanges: Centralised cryptocurrency exchanges are required to verify their users’ identities to comply with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations. With DOT I AM, users can validate their identity details (such as name and country of residence) securely, aiding faster onboarding and reducing data management burdens for the exchanges.
2. Crypto-Casinos: Online crypto-casinos need to confirm their users’ age and residence to ensure they comply with gambling laws and regulations. DOT I AM enables users to prove they meet these criteria without disclosing their exact age or residential address.
3. Initial Coin Offerings (ICOs) and Security Token Offerings (STOs): These fundraising methods often require investors to undergo KYC procedures. With DOT I AM, investors can verify their identities without sharing unnecessary personal information, reducing the data management responsibilities for the ICO or STO organisers.
4. Decentralised Finance (DeFi): As DeFi platforms mature, some are beginning to implement KYC measures for compliance reasons, particularly those that involve fiat on-ramp or off-ramp. DOT I AM can support these platforms by providing a secure and efficient KYC solution.
5. NFT Marketplaces: Transactions involving fiat currency, as well as the sale of rare or expensive NFTs, often require KYC to adhere to anti-money laundering laws and prevent illicit activities. DOT I AM enables users to confirm their identities in a secure and private manner, streamlining the process for both buyers and sellers while ensuring compliance with necessary regulations.

DIFFERENTIATION FROM COMPETITION

We acknowledge the presence of other projects pursuing similar goals. However, DOT I AM is designed with key distinguishing features that set us apart:

• Data Storage and Retrieval: While some projects like KILT store hashes on the blockchain, we adopt a different approach by storing encrypted data on-chain, and then generating zero-knowledge proofs. Users can store, retrieve and control their actual personal data, providing increased flexibility, privacy, and opens the door to more usage possibilities.

• Ease of Access: Another differentiating aspect is our focus on accessibility. Some solutions require users to download specific wallets, which can limit their potential user base. At DOT I AM, we’ve chosen to integrate with MetaMask, a widely-used digital wallet that’s already installed by 80-90% of Web3 users. This approach significantly lowers the barrier to entry and does not require users to download additional extensions, thus broadening our reach and facilitating user adoption.

TECH

The backbone of our system is a smart contract, developed in Solidity. This smart contract serves as the operational engine for our KYC system, controlling the storage, retrieval, and management of KYC data within our ecosystem.

Smart Contract

The smart contract developed for DOT I AM is designed to store KYC claims in a secure and efficient manner. Each claim contains a type, which defines the kind of data the claim pertains to, and encrypted data. This encrypted data encapsulates various forms of personally identifiable information (PII) such as date of birth, address, name, etc., depending on the claim type.

To further extend the system’s functionality and security, we’ve incorporated a provision to include additional meta-data relevant to each claim. This can include details such as the expiry date of the claim, providing an added layer of control over the data.

Data Encryption and Zero-Knowledge Proofs

Unlike other solutions that rely on storing hashes, DOT I AM leverages the power of data encryption to securely store actual personal data on the blockchain. This encryption ensures that the user, with their private key, can decrypt and access this information, maintaining the control and privacy of their data.

We take privacy a step further with the application of zero-knowledge proofs. Using this cryptographic principle, users can prove they hold specific information (such as being over a certain age) without revealing the actual information itself. This further preserves the privacy of our users and ensures the only necessary information is disclosed.

1600×944 127 KB

Architecture

The user interaction with DOT I AM is designed to be minimal, straightforward, and most importantly, secure. Initially, a user interacts with DOT I AM only to submit their data for verification. Once this verification process is completed and the data is encrypted and stored on the blockchain, the primary interaction of the user shifts from DOT I AM to the third-party service they are accessing.

This design reinforces the principle of decentralisation and the user’s control over their data. When a user wants to prove their identity or any specific claim to a third-party service, this process is handled directly between the user’s client-side and the Astar Network. The user’s client-side decrypts the required data using the user’s private key and generates a zero-knowledge proof. This proof, which verifies the user’s claim without revealing the actual data, is then sent to the third-party service.

By having this architecture, we are able to maintain the highest levels of privacy and security for our users. This model ensures that DOT I AM does not need to act as an intermediary once the data has been verified and encrypted, further minimizing any potential security risks and maintaining the ethos of decentralization.

ROADMAP

Current Status:
Our journey began with a winning idea at the Astar track during the EasyA x Polkadot hackathon, where our initial DOT I AM prototype won us first place. This encouraging start propelled us to develop our project further. As a result, we’ve built a solid foundation, established a working proof of concept, and we’re now leveraging a Solidity contract as a minimum viable product (MVP). We are steadily progressing towards the finalization of our MVP.

Watch our demo - DotIAM Proof of Concept

Next Steps

• Perfect our blockchain architecture: Our immediate focus is to refine and finalize our blockchain architecture. We understand the weight of this decision for our long-term plans. Thus, we intend to keep our process agile, defer commitments until the last responsible moment, and engage with experienced blockchain consultants to ensure we make the best decisions.
• Integration with third-party apps: The next step is to start integrating DOT I AM into third-party applications using integrated components. Our goal is to facilitate easy and seamless identity verification across various platforms.
• Forge strategic partnerships: We’ll be actively seeking partnerships with other entities in the blockchain and fintech ecosystem to broaden our reach and enhance our offerings.
• Develop an Adaptive Model: In order to cater to a variety of use-cases with differing requirements, we plan to develop an adaptive model. This will allow individual use cases to specify the fields they require for their unique applications. This flexible approach will enable a more personalized and efficient identity verification process, ensuring DOT I AM is versatile enough to cater to a wide range of needs.

Roadmap850×540 39.4 KB

LIMITATIONS

Money Laundering Regulations:
While we aim to delete user data as soon as possible, for users wanting to access certain services like exchanges and casinos, Anti-Money Laundering (AML) regulations state that we must retain personal information for five years. This will be an opt-in procedure, but those wanting access to these services may feel that they’ve lost some privacy and their data is more at risk. To comply with these laws, we’ll need to store data off-chain and maintain tight security over this.

Right To Erasure Compliance:
With GDPR’s right to be forgotten - users must possess the ability to request the deletion of their personal data - even if they lose access to their wallets. Because there is no trusted proof of personhood yet, in order to achieve compliance with this provision, we have designed our system to allow for the removal of user data upon request and verification. While we are committed to maintaining the benefits of blockchain technology, such as transparency and trust, we must also ensure that we meet legal standards concerning data protection and privacy.

FAQs

What is the difference between Kilt and DOT I AM?
Both Kilt Protocol and DOT I AM aim to address the problem of identity verification in the blockchain ecosystem, but we aim to differentiate ourselves in a couple of key ways.

Firstly, Kilt stores hashes on the chain, while DOT I AM stores our encrypted data on the chain and then uses zero-knowledge proofs to protect user data. This means that on Kilt you can only prove your claims, whereas with DOT I AM you can store and retrieve your actual personal data which adds more control and flexibility.

Secondly, to access Kilt you have to download a sporran wallet. In our opinion, this greatly limits the potential user base as not everyone wants to download another extension. However, with DOT I AM, all you need is an Ethereum address. We have initially chosen to integrate with Metamask which automatically gives us access to 80-90% of web3 users without any downloads required.

Why have you chosen Astar Network?
DOT I AM has chosen the Astar Network for its scalability, interoperability, and support for Ethereum-based smart contracts. As part of the Polkadot ecosystem, Astar enables high-throughput, facilitates cross-chain communication and significantly expands our potential user base via access to various networks. We’re also thrilled to see substantial use cases, including projects from major players like Sony, being built on Astar. Astar’s robust community support, coupled with its strong security inherited from Polkadot, provides an ideal environment for us to innovate, grow, and reach a broader market.

If my data is stored in the Blockchain, can everyone see it?
No, no one may see your data. Even though the data is stored on the blockchain, it is encrypted using the user’s public key. This means that the data is transformed into a format that can only be read and understood if you have the private key to decrypt it. In DOT I AM’s case, the user is the one holding that key. This approach ensures that your personal data remains private and secure, while still being able to prove certain facts about yourself, like your age or address, to others.

How can I begin utilising DOT I AM?
To get started with DOT I AM, the only requirement is an existing Ethereum address. We’ve integrated our platform with Metamask, a popular extension already employed by 80-90% of web3 users. This means there’s no need for additional downloads; you can simply connect your Metamask wallet and initiate the process. Our primary goal has been to offer a straightforward user experience.

Once set up, you’ll have full control over the information you upload to your wallet. Furthermore, you can selectively choose what specific data you wish to verify, ensuring you retain complete control over your personal information at all times.

TEAM

Tom Rowbotham
Full-stack Engineer
LinkedIn

Sotiris Yiallourides
Blockchain Engineer
LinkedIn

Indi Sofyar
UX Developer
LinkedIn

Clive Tsungu
Full Stack Engineer
LinkedIn

Our core team is made up of seasoned software engineers who first collaborated on a blockchain-focused dissertation at Cardiff University. This initial work sparked a shared passion for decentralized solutions and led to the formation of the DOT I AM team. The group expanded when we met Indi at the EasyA x Polkadot hackathon, where the first foundations of DOT I AM were laid. Each member brings extensive experience in their respective fields, including blockchain, full-stack development, and front-end design.

Highly support the Proposal!!
Your aim to revolutionize the KYC process by using zero-knowledge proofs aligns with our vision at Astar network.
I believe that DOT IAM will bring significant value to the Astar Network, and I am excited to see how the project progresses!

I saw this on Discord.

Screenshot_20230728_0944141080×618 161 KB

Sorry to say that I cannot trust anyone for not selling my data. We have seen many cases like this in Web2. People are greedy and this is bound to happen.

Why should I trust you when I don’t even know you? Perhaps, you can display all your personal details here and see what happens to those data.

I cannot support this proposal.

Hey Toga, I hear your concern and sorry you feel this way. One of the biggest barriers we will have is gaining trust and reputation, this will take time, but we are willing to put this in, and will do as much as we can to assure customers we are doing everything correctly. However, I think you are missing a key point, businesses need KYC. If you want to buy astar tokens with fiat, you need to provide your credentials for every single exchange you use. If you want to buy any ICO’s you need to KYC… There are so many apps that require KYC due to regulations and there is no way around it.

Now tell me, would you rather risk submitting your data 5 times or 1 time? And this one time will be with a specialized KYC company, that has been audited, and is fully transparent with the whole process. This is the problem DOT I AM is trying to solve.

Thank you for submitting your proposal for DOT I AM, it’s an intriguing project with great potential to revolutionize the KYC process. However, I have a couple of questions regarding privacy and the potential leak of personal data:

1. How do you ensure that personal data stored on the blockchain remains secure and inaccessible to unauthorized parties? While encryption is mentioned, I’d like to understand the measures in place to protect against potential data breaches.

2. With the implementation of zero-knowledge proofs, users can prove certain claims without revealing the actual data. But are there any limitations or vulnerabilities associated with this approach that users should be aware of?

I believe addressing these concerns would further strengthen the trustworthiness of DOT I AM as a privacy-preserving KYC solution. Looking forward to your responses and further developments on the project.

Hey Matt, thanks for raising these points!

1. To ensure the security of personal data stored on the blockchain, we’re leveraging asymmetric cryptography. This means the personal data is encrypted using the user’s public key and can only be decrypted with the user’s private key. Therefore, without access to the user’s private key, the data stored on-chain remains indecipherable. Due to GDPR’s “right to be forgotten,” if a user’s wallet becomes compromised, we have the ability to remove the data from the account, further enhancing the privacy and security of our users.

2. Zero-knowledge proofs are a great tool for privacy preservation. They allow users to prove certain claims without revealing the actual data. However, I would mention that while this approach does significantly bolster privacy, users must still exercise discretion about what information they choose to share

Hope this clears things up, let me know if you have any more questions!

Although I don’t like all KYC s in crypto:), I know that we need them for mass adoption in next future.
So I am OK with u team !

Thank you for answering those questions! Good luck with the vote!

I am not familiar with the team, and I would like to try DEX and not a big fan of KYC, and I am not sure about the market size for this KYC solution, and right now I would prefer to support it for the following reasons: 1. The team won the hackthon 2. zk is quite interesting tech and the team might bring some value to Astar eco, I might need to check a little bit more about the project and team, thank you for submitting the proposal

Working on some use cases with zk proof is interesting. I’d rather you choose to use ink! smart contracts (moreover, some works are ongoing with zk and ink!). I support this proposal even if you use a deprecated (evm) technology

I’m quite concern with using Metamask as this wallet using Infura, and they are collecting users data also can ban several users from specific countries. Obviously this issue already happens since a year ago (mid 2022), but I’m still worried for that kind of issue if we want to keep our vision for web3 mass adoption as we all know that those who were really need web3 and financial access is those who live in developing countries.

Do your team have future roadmap, let’s say integrating Substrate-based wallet like Talisman, Nova, Sub, etc?

I am not a fan of KYC and AML processes , it’s the centralized artifacts from previous financial era. Stop serving banksters.
I vote no for this initiative.
And I will be cool to see Kilt and Litentry in Astar ecosystem first.

Hi @rowbo,

thanks for the elaborate post!
I have some questions about the following:

Q: Why is it important to store the data on-chain?
The data could be stored off-chain, with only hash being on-chain, same as described for Kilt.
This doesn’t mean you cannot utilize ZK, right?

In general, storing data on chain is expensive, that’s why going with something controllable like hash, which has a stable size, is a better approach.

Our goal is to reach as many users as possible and make it as easy as possible to onboard users. This is why we chose to go the EVM route and integrate with metamask (80-90% of web3 users). In the future we hope to integrate with more wallets to reach more users - but I can’t comment on which these will be yet.

By storing the encrypted personal data on-chain we are able to add a level of flexibility and control that hash-based methods cannot do. With our system, users can store data such as their date of birth and generate zero-knowledge proofs as needed. For example, they can demonstrate that they are over 18, 21, or any other age, all from a single piece of stored data. This level of versatility would require multiple proofs using hash-based methods, with each additional proof necessitating further requests from third parties.

It’s true that hash storage can be less expensive, but the cost implications should not overshadow the primary aim: to provide users with control and flexibility over their personal data. We believe these are critical attributes in a decentralized context, and our approach aligns with these core principles. The marginal cost of our method is a small price to pay for the significant benefits it delivers to our users

KYC is a deal breaker for me no matter how you try to disguise it. We need new decentralized solutions not pandering to the old world economy of defunct regulatory systems. The future is DAO vs. DAO inter-operations, DAO vs. Nation-State User will be an artifact of the old world system.

I think the KYC process is necessary right now, as it allows companies or web3 projects, and users, to operate adapted to their legislation and thus not have legal problems.

I call for mass adoption of cryptocurrencies right now and that we don’t need KYC or fiat processes! But there is still a long way to go and first we have to find solutions that allow these companies and web3 users to operate in the ecosystem.

Whether we want to or not we still depend on banks and fiat, either to exit or enter the ecosystem, we can not close the entrance to those companies and users that by policies of their countries need KYC to operate in the ecosystem, KYC sucks but our time of Cypherpunk glory has not fully arrived.

DOT I AM presents an innovative proposal and I like that I want to differentiate from the competition such as KILT that all your data is collected in hashes and that if that is really seductive because a hash is somebody and at the same time nobody thanks to blockchain. I have a question for the team:

The smart contract I understand acts as a black box thanks to ZKP. If a third party (country) asks you to disclose the information of all your users would you give them all the personal data embedded there or would you segregate the information?

Or

Would it be sufficient for you as verifiers to attest that a person is indeed of legal age and has a certain nationality, without the need to give for example the address of the wallet or other sensitive data that expose their privacy, to the point of deriving a thorough investigation by the authority of a country?

Thank you…

“I have never supported situations like KYC in the Web3 space. I believe it goes against the principles of a decentralized world. Therefore, I will not provide support for it. Thank you for understanding.”