Mobile Identity – Humanising the Crypto world
BY Gautam Hazari – Chief Technology Officer – Sekura Mobile
As a long term technology enthusiast, when I hear the word ‘crypto’ my mind thinks of cryptography and I need to override my thoughts and retrain my mind to translate that to cryptocurrency, and that is digestible; the word ‘crypto’is derived from the Greek word, ‘kryptós’ which means “secret”, or “hidden”, so the word is perfect in its remit to “hide” another meaning, at least that’s what I use as a logical satisfaction for my mind.
We may keep ourselves fascinated with the discussion on who was the first to use the term ‘cryptocurrency’, and that Bitcoin was not the first cryptocurrency, but the fact is: we cannot ignore the crypto phenomenon – there is a world around it. As of July 2022, there are more than 20,000 cryptocurrencies in existence, although not all of these are currently active. Even if we discount these inactive ones, there are still around 11,000 active cryptocurrencies, and the market capitalisation is close to a trillion USD in October 2022.
One of the most critical elements of this crypto world is the human aspect to this: there are more than 300 million crypto users globally and around 18,000 businesses now accept a form of crypto-based payment and the crypto world, or rather, a major part of it, finds reliance on some form of blockchain technology.
Although there is no technical need to have a deep dependence on a blockchain technology for a cryptocurrency to become functional, one of the main attractions is the decentralisation. Yes, there are popular cryptocurrencies which do not use blockchain technologies – like Ripple – which uses the Ripple network or MIOTA which uses the Tangle (a transaction settlement and data integrity layer) as well as other cryptocurrencies which use Hashgraph, a distributed ledger technology gaining momentum as it claims to be more secure, efficient, and faster than blockchain.
Still, many of the cryptocurrencies use blockchains, making these the main use case for blockchain technology, at least at the moment and for the near future: Bitcoin using the Bitcoin blockchain, Ether using the Ethereum blockchain, Solana uses the Solana blockchain and Dogecoin uses a fork (essentially a split in the blockchain network) of a fork of a fork of the Bitcoin blockchain.
Now the important question: how does identity work in a blockchain? How is “someone” identified in the blockchain? That’s where cryptography comes to the forefront as the answer and hence the term ‘crypto’ – that “someone” is identified using cryptographic keys. The Bitcoin owner is identified by proving the ownership, possession and control of the private key using the ECDSA (Elliptic Curve Digital Signature Algorithm) by signing the digital transaction, and the corresponding public key is used with a hash function to create the public address that the Bitcoin owner sends, or receives, funds to, or from.
When Steve Jobs said, “Technology should either be beautiful or should be invisible”, he was likely referring to the humanisation of technology. Here is a sample private key which Identifies a Blockchain user:
It clearly is neither beautiful, nor invisible. Cryptographic keys are not for humans, they are for machines. There is absolutely no argument on the security aspect of using crypto keys to identify the users, but we know the balance between security and convenience is critical for the technology to have a world-changing impact, and when given a choice between convenience and security – the users generally lean towards convenience, sometimes subconsciously.
It is unfair to expect the user to understand the full implications, especially when the technology is not humanised: the implications are beyond the academic and conceptual paradigms. The crypto world was shocked to witness the seed phrase (a cluster of random words generated by your crypto wallet used as an emergency back-up) phishing hack on one of the very popular cryptocurrencies, IOTA, a few years back. The IOTA hacker exploited the fact that the crypto keys are not really humanised and offered the unassuming users assistance with managing keys for free through a seed generator, with the goal of stealing private keys (seed) of the genuine users.
It may sound strange, and radical, but invisibility of technology, as popularised by none other than Steve Jobs, is a humanising factor and has a critical security narrative. We can summarise it as “seamless” technology.
Invisible and seamless humanised technology nicely balances the much sought-after twin dimensions of security and convenience. We almost forget that we have been using such a technology for a long time, and that at least five billion of us use this technology many times every day: – it’s the mobile network technology.
Cryptography has been at the core of the mobile network technology from the first mobile network service ever used, still the cryptographic keys are invisible to the user – humanising it to a great extent. The SIM card (including the recent evolution into eSIM) contains cryptographic keys which are critical to the identity of the user, through the possession and control of the SIM card; the “I” in the SIM is for ‘identity’ after all.
Most users are not even aware of the existence of the cryptographic keys sitting nicely in the SIM, and that there are complex crypto dances going on to make the mobile network manage that identity. The identity of the user is managed using several cryptographic keys including the 128-bit Ki (authentication) key in the SIM. Added to that, the mobile network makes sure it knows if any changes have happened to the SIM – which is the cryptographic key manager.
If the SIM has been swapped, including if the user loses the mobile phone with the SIM, then the disablement of the SIM card – along with the cryptographic keys inside – is just a phone call away to the mobile operator’s customer service department. This is Mobile Identity – humanising the cryptographic technology for identity since the very first mobile network call made.
In the mobile identity world, the user is equipped with more humanised identifiers like the mobile phone number, although it can still be argued that the mobile network does not even need to ask the user, “Hey, what’s your mobile phone number?” to identify them, it does so invisibly.
The obvious question that comes to the forefront now is, “Can we not reuse the same technology used in mobile identity to seamlessly identify and authenticate the user in the crypto world, thereby humanising the crypto world?”. The answer is a resounding, “Yes”.
Let’s humanise the crypto world, Mobile Identity is already here to do that.