Introducing "Linked identities"

Article
bitpost

7 months ago by bitpost

I recently did a deep dive into Bitpost’s approach to user authentication and I explained some of the reasons behind our choice to stick with good old usernames and passwords. In case you were left thinking that meant we had eschewed Bitcoin-wallet authentication methods, such as those offered by Money Button and Relay, then think again!

Today I’m pleased to announce our latest new feature — linked identities. In this article I’ll explain what linked identities are and how they can enable much, much more than convenient authentication methods.

Linked identities

What are linked identities?

Your profile on every new website or application you sign up for forms part of your broader digital identity. On the traditional Web there is little that actually links these identities together, other that if you happen to use the same username. And even that isn’t a reliable link because there’s no way to really prove a handle belongs to a certain person.

With Bitcoin, we can do better. We can use digital signatures to link accounts together in a way that is cryptographically provable. This allows us to tie the disparate parts of our identity together into one overall graph. And of course, we can broadcast that to the public blockchain.

This is a simple but powerful concept that enables lots of things, but fundamentally it empowers individuals to break out of digital silos and carry their identity around with them.

To clarify, when I am talking about identity, I am not referring to your name, address or date of birth. I mean your Tweets and your Twetches, your photos, your follow lists, your likes and branches and troll tolls and whatever — all the things you say and do in the digital realm that makes you, you.

How it works

The approach Bitpost uses to link identities is very similar to how Keybase.io does so — but instead of using PGP keys, we use Bitcoin keys, and the wallets and protocols in the BSV world do a nice job of abstracting the über-nerdy crypto stuff in to a more user-friendly experience.

To understand how this works let’s take a look at an example. The following is a simple JSON document that references a Bitpost account and public key, as well as a Money Button account and its identity public key.

{
  "key": {
    "host": "bitpost.app",
    "pubkey": "02411436ea2900d16836966d43fbb1f08a6dcf6a59b6a9d6040b23c964f6983d6e",
    "uid": "7817bcec-6fcc-4852-a502-92688368462d",
    "username": "satoshi"
  },
  "service": {
    "name": "moneybutton.com",
    "paymail": "satoshi@moneybutton.com",
    "pubkey": "03981af5c662a21033d61fe273a7259fb4af753a23f51b90aaf2043cfe572bdeed"
  },
  "timestamp": 1607178033,
  "type": "paymail_link"
}

If we normalise and sign this document (Bitpost uses the BSM algorithm) with the Bitpost user’s private key, it gives us the following signature:

H5KH9awQERrJ1flOkMQNHJWXzL/nVCdyJl4aqUK0ObvyPpmZyBnEDO7zYtnTbidjqOOFKva8nEYMX7s4B/WvJ6A=

Because we may want to do things with the signature where character count is limited, we can hash it and re-encode it to create a more compact signature token.

const sig = Buffer.from(signature, 'base64'),
      hash = Hash.sha256(sig),
      token = base64url.encode(hash);

Which yields the following token:

X-f_lYDNDZvd5ebKVzJx41j9ibnigTt0lTY2xtYTIRo

Now we have this token we can do lots of things with it. For example, we could Tweet it if we were linking to a Twitter account; or we could add it to a DNS record to assert ownership of a domain or website. In our case, we’re linking to an external wallet, so we should just counter sign the token with the wallet identity key, giving us a second signature:

II/Sm/Ud9i3m2uvRgNuSD6XxnhLjyJPnXxbWzMD56FVcLSskb6FF/NicnqnbQg2r0XhFJvx4i3ZeMaGqamG31Fg=

These two signatures can now be verified by anyone, and it cryptographically proves the same entity controls (at least at the time of signing) both the referenced Bitpost and Money Button accounts. And because Money Button is commonly used throughout the BSV app ecosystem, we can implicitly link the Bitpost account to a Twetch or Powping account (as well as many others).

There is one simple rule in place. A Bitpost account can be linked to as many external identities as required, but the same external identity can only be linked to one Bitpost account. This ensures integrity and that each linked identity has some meaningful value to it.

Use-cases

Linking identities like this is all very clever, but what exactly can we do with this? What the benefits to both users and Bitpost? Here are just some ideas as a taster:

  • Bitcoin wallet authentication — Once you have cryptographically linked your Bitpost account to your Money Button or Relay identity, Bitpost can securely log you in by asking your wallet to sign a challenge. No complicated OAuth flows necessary — this is pure Bitcoin-native authentication. This is possible with Bitpost from today.
  • Improved interoperability — If a Bitpost account is linked to a Money Button account which in turn is associated with a Twetch account, then in theory we can do things like share follow lists. Or publish from Powpress directly to Bitpost. There are many possibilities and I’m keen to work with other app teams to play around with some of these ideas.
  • Smarter ranking algorithms — Eventually Bitpost will outgrow the humble “latest” feed and will need to develop algorithms for ranking content and showing the best quality and most trustworthy content to readers. Creating a universal identity graph is one way for users to prove their trustworthiness and value. In future this will help Bitpost sort the wheat from the chaff.

Try it out

You can link your Bitpost account to your Money Button and Relay accounts, or a NBdomain right now. Once logged in, head to your profile, click the “Edit” button, and click on Identities (or just click here).

List of linked identities

Just click the blue “Link Identity” button and follow the instructions. You can choose to put the signed link on chain or keep it off-chain if you prefer. Once linked, you’ll be able to benefit from 1-click sign in with Money Button and Relay.

In future, you’ll be able to link off-chain services like Twitter, websites and domains, email addresses — and so much more. This was always a big part of Bitpost’s take on identity and I’m excited to get this first step out the door. There’s much more to come!