The anonymity provided by some blockchains is one of the largest attractions about this technology. For business adoption though identity on and off the chain is crucial, legally and logistically. On an entirely distributed, decentralized blockchain such as Bitcoin or Ethereum, this anonymity serves a purpose and encourages individual use. For business adoption however it poses problems.
eIDAS are EU regulations for member states to accept legally binding electronic signatures and identities. They ease cross boarder transactions in multiple industries, including finance, health care, and logistics. In this article we’ll be looking at the need for identity on blockchains in business adoption, and explore how eIDAS could help meet that need.
Why do we need identity on blockchain?
Auditing businesses is how it is verified that they are meeting regulations to ensure company integrity and the security of customers’ sensitive data. While auditing blockchains is certainly doable, the lack of identity is a barrier. Public and private keys are used extensively on blockchains, but there is no inherent linkage between them and any legally identifying information. This makes auditing difficult and can facilitate illegal activity. For example, the 2016 DAO hacker’s public address is known, but that address isn’t linked to anything that could identify him/her/them. In order for blockchain to be more business friendly, there needs to be a way to manage identities on the chain, and link them to other identifying information for multiple reasons, including auditability.
How could eIDAS help?
The EU eIDAS regulations are legally binding and allow for the use of electronic signatures across boarders in the internal EU market. They provide authentication, ensure integrity, and ease usage by removing the need for physical handwritten signatures. Processes such as voting, taxes, and opening bank accounts can all be done easily and virtually using digital signatures.
Physical signatures are also less secure than digital signatures. Generally you have to use the same handwritten signature for every type of document, from signing a contract to a marriage license. This means that the one, handwritten signature can be taken from nearly anywhere and easily replicated. It is also the same no matter what the document's content is, so someone with your signature could change the contents of what you signed, and there is no way of proving that documents with a physical signature haven’t been altered.
Blockchain already has digital signatures and encryption built in, so merging this technology with eIDAS to ease business adoption across the EU is only a natural process. Under eIDAS advanced electronic signatures have several requirements. These include a private key controlled only by the signatory being used to create a signature, data integrity being verifiable with the signature (if the data has been changed the signature will not be the same), and others.
Blockchain’s digital signature features and cryptography are extensive, so it would not be difficult for it to work with eIDAS.
Auditing blockchains is necessary for large scale business adoption, but it has many difficulties, and ensuring identity of individuals on chain is a major one. Integrating blockchain with eIDAS could put us one step closer to wider use of this emerging technology across the EU. The fact that this regulation is already implemented is an excellent opportunity to integrate a juvenile technology with an existing regulation and propel businesses into the future.
This series tries to shed light on important security related aspects of blockchains and discusses some of the currently emerging loopholes. The first article looks at expected developments in the blockchain technology during the next 10 years. In the 2nd article we argue why blockchains will need to be auditable for successful business adoption. This 3rd article discusses how the digital signature regulation eIDAS can help making blockchains auditable.
About the author
Ulrich Scholten is an internationally active entrepreneur and scientist. He holds a PhD in information technology and owns several patents on cloud-based sensors. His research on cloud computing is regularly published in highly rated journals and conference papers. From 2008 - 2015, he was associated research scientist at the Karlsruhe Service Research Institute (KSRI), a partnership by KIT and IBM, where he researched network effects around web-platforms together with SAP Research.