Nym credentials: a decentralized alternative to Faceopticon

---

Once you have completed logging in with Facebook, you lose your handle on what personal data is being shipped around, and never regain it. This is where you clock out — you just lost control to Facebook. Facebook goes on to divulge to Ebay what you like, who you know, and anything else to make Ebay’s advertising more effective on you or anyone similar to you, and Ebay tells Facebook what you buy and sell there, when and to whom, and on and on.

Blaine Cook

Nym credentials: a decentralized, private alternative to the Faceopticon

Nym’s ambition is to divert these flows of personal user data around Facebook, Google and other surveillance capitalists, bypassing them forever, using the power of cryptography. An alternative that decentralizes power but maintains privacy is long overdue.

Blaine Cook designed OAuth at Twitter hoping that he was contributing to the building of a decentralized web. When he saw that his creation had led to further Facebook centralization, he encouraged Nym co-founders Harry Halpin and George Danezis to redesign and privacy-enhance the protocol. Their original formulation, UnlimitID, used anonymous authentication credentials invented by David Chaum, but was still centralized. In 2017, funded by the European Commission’s data-sovereignty project Decode, Danezis and his students created the Coconut signature scheme that now serves as the basis of Nym credentials.

Nym credentials can be used to accomplish the same goals as Facebook Login — user authentication and data transfer — while preserving user control and rights. Unlike Facebook Login, Nym credentials are:

• User-controlled
• Private, and
• Decentralized

Nym credentials are user-controlled

As Edward Snowden said at the Web3 Summit this year: “When we are gating access to the infrastructure that’s necessary for life through this process of proving who we are, rather than proving a right to use, we’re being forced to give up ownership of our identities and our histories.” Nym credentials minimize user-data disclosure to only what is necessary, allowing you to prove you’ve, say, paid for a service while only revealing to the service provider the fact that you’ve paid, and nothing else.

If a site selling you a movie ticket requests proof that you’re over 18, why provide your full name, gender, phone number, home address and email address? Why even reveal your date of birth? A Nym credential that has certified your date of birth can simply state that, yes, you are over 18, while saying nothing of whether you are closer to 30 or 50 years old.

In order to prevent denial-of-service or sybil attacks in an anonymous messaging system, a Nym credential could prove you’re a unique user by embedding a zero-knowledge proof of possession of a key, without revealing the key itself. Nym credentials can also be used to pass KYC/AML requirements while maintaining the maximum amount of privacy allowed.

With Nym, the user is always in the loop over data transfer and so is truly self-sovereign. You have the final say on what data is as disclosed. This could be “real” data such as your verified date of birth, legal name or gender. Nym credentials exclude information a service doesn’t require.

Coconut architecture

Nym credentials are private

Surveillance business models rely on maintaining links between your online activity and your identity. If Facebook observes activity on a site but can’t associate it with a particular person or profile, it can not sell access to that person — it doesn’t have a product. Nym credentials sever this link: always private and always transferred in encrypted form and not plaintext, their unlinkability prevents surveillance and provides privacy. As used by Nym credentials, Coconut’s aggregate signatures also mean the credential stays incognito, maintaining a uniform size and appearance regardless of the size of the embedded data.

Coconut uses rerandomizable encryption that scrambles the ciphertext to be both unlinkable to its previous ciphertext form and still valid. Nym credentials can be rerandomized an infinite number of times into what looks like new, cryptographically indistinguishable credentials, breaking the links between every one of your online activities and transactions. This protects your ability to privately use a service without revealing it to the companies tracking you.

A Nym credential is disposable — it doesn’t follow you for life like Facebook Login, hoovering up everything you do. To prove you’ve paid your monthly VPN membership, for example, you can just show a Nym credential without revealing which user you are. When your VPN connection breaks, the new one you establish is not linked by the credential to the old one. At the end of the month, you buy a new credential that’s unlinkable to the last one you used. Nym can’t stop you from revealing your “real” data in plaintext, but the control over what you reveal is yours. All data is perfectly private by default when in transfer and shared.

Nym credentials are decentralized

Centralization creates monopoly “identity providers” like Facebook that end up controlling the identities of billions. The necessity that users trust a central authority ensures a single point of failure stays in the system. If Facebook is hacked, for example, its data could be used maliciously. If Facebook merges your personal and financial data, it would become a universal identity authority, Silicon Valley’s answer to China’s ominous, totalitarian Social Credit System for enforcing civil obedience.

Nym credentials eliminate the single point of failure by distributing trust through the network. A proof-of-stake system removes the barrier of entry to becoming a credential validator — anyone can become one. Multiple identity providers (your friends, a government, an organization) cooperatively verify the identity data points you require; this information is encrypted, blinded, and sent to validators of your choice; you then assemble a credential by aggregating the partial credentials received from each validator.

A threshold of validators must sign the credential so that you can be certified and receive it. A threshold ensures a malicious entity would have to compromise not just one validator but a supermajority to obtain fake credentials for itself. Much like proof-of-stake systems like Cosmos, Nym can ensure a misbehaving node operator is held accountable.

Decentralization alone isn’t enough. It could prevent a monopoly while theoretically creating a million smaller Facebooks if user activities stay linkable. Showing a Nym credential to a service and disclosing your data can’t be linked back to the issuing of the credential by the validators. Even if the validators that issued partial credentials colluded with the verifier, neither can be linked to the transactions that issued and verified the credential.

The Nym System

A world without centralized identity

Facebook has enabled surveillance systems to indefinitely hold and analyse users’ most personal information and share it with their partners at their discretion, all through seemingly innocent “Like” and “Sign in with Facebook” buttons. This power will only expand with Libra. Even if Facebook says Libra is decentralized, the likely use of Facebook Login by Calibra gives Facebook full visibility into all financial transactions on the Libra blockchain. It is an open door to the expansion of its surveillance operations.

Nym is not the first to recognize this problem. A host of “blockchain identity” projects like W3C’s Decentralized Identifiers (DIDs) are trying to fight back against centralized identity, even though the only thing worse than giving your identity to Facebook is writing it onto a blockchain, where anyone — not just Facebook — can harvest it. With just a key and no personal data on the blockchain, the metadata describing when the identity is accessed will be available for all. This metadata problem allows sophisticated traffic analysis attacks that can deanonymize Bitcoin key ownership.

We can do better. Nym credentials keep everything off-chain, only use a blockchain to keep track of the set of validators and prevent double-spending of the same credential. The thorny problem of traffic analysis will be dealt with in our next post on mix-networks.

Thanks to the Coconut signature scheme, Nym credentials allow a user to transfer and disclose only that personal data they elect to (hence preserving their privacy), and create unlimited decentralized pseudonyms (ensuring both anonymity and resistance to sybil attacks). Coconut is so powerful that Facebook’s purchase of Chainspace, also co-founded by George Danezis and Nym CTO Dave Hrycyszyn, was widely read as proof that Mark Zuckerberg would use Coconut to create a decentralized identity system. This has yet to eventuate, but while Danezis now works at Libra, Nym is using and improving Coconut to create a world without centralized identity. Selective disclosure, under your control, and without central power, is what we are building.

“Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn’t want the whole world to know, but a secret matter is something one doesn’t want anybody to know. Privacy is the power to selectively reveal oneself to the world.” — Eric Hughes, Cypherpunk Manifesto (1993)

Join us by hacking on the code, participating in our Telegram chat, and getting ready to run a Nym validator yourself. We look forward to integrating with other projects and building this new world together — powered by cryptography and the power of the people.