Readers have asked us: how we can secure private data publicly on a blockchain and also keep it private? Specifically, how would Factom “never lose your child’s birth certificate?” It would be foolish to publish private data, such as a birth certificate, on a blockchain where the whole world can read it. However, if you only publish a hash of the data, it does not prevent the loss of data, it only gives a reference point to see if it changed. This is a great question and core to the ideas around data management on the blockchain.
When we talk about all the wonderful things that can now be done with a blockchain, it takes a little thinking outside the box. As Henry Ford said, “If I had asked people what they wanted, they would have said faster horses.” Blockchains can change the way we do things, not what we do. Our claim would be confusing if you thought of birth certificates from the perspective of the 20th century; sheets of paper issued by a certificate authority, like a government.
What probably comes to mind is a mere hash of a digital certificate on the blockchain. “If I delete my copy, how is the hash going to retrieve my document?” As many of you know, hashes are one way, you cannot derive the original content from a hash. Conversely, things like a birth certificate should not be published on a blockchain because then anyone could read them. So how does one create a record that can never be lost?
Let’s dig into this a little: A paper-based form, like birth certificates, maintains authenticity because of fancy security features printed on them. We have seen that this is not a very secure way to issue identity. Having a digital copy would be nice, but they are problematic. Assume a certificate authority cryptographically signs digital birth certificates and distributes them to individuals. If that authority were hacked, all the certificates it issued earlier would be invalid. Everyone would need to get new certificates issued since the hacker could forge new ones very easily. The OpenSSL Heartbleed bug from a couple of years back showed the headaches involved with this re-issuance. This risk is a big reason why digital birth certificates aren’t even tried today. Computer hackers cannot invalidate paper birth certificates. This is why our society has clung onto paper records, it’s harder to forge them at a massive scale.
It will be some time before we move past the need for paper. We currently do have digital birth certificates; they are just not held by individuals. They are kept on mainframe computers maintained by the vital record-keepers, such as government, which have the longevity to maintain the data. Organizations come and go, but the government is serious about its records. The information stored in the government vaults are the canonical versions of the truth. In this new digital age, the vaults are databases ripe for modification. Due to these risks, the databases require lots of permission to access.
Other authorities can connect to the servers and request data from the government. Digital access is only available to a few organizations due to privacy concerns. If you, as a citizen, want to securely show a birth certificate digitally to a non-approved organization, you are out of luck. Currently, you would take a digital photograph of a paper document, which is much easier to forge than the original paper one. Even if you were privileged enough to get database access, the services go up and down for maintenance, etc. One agency’s failure stalls out all other connected agencies who rely on it. If individuals were given their own digital certificates, they could use them with the same ease as the paper versions.
Blockchains are good at three things timestamping, publishing, and Peer-to-peer (P2P) communication. Timestamped publishing prevents backdated data and allows detection of fraudulent versions. Info can’t be hidden if you are looking for it. P2P communications are enabled with censorship resistant publishing along with allowing anyone to read the data.
This is one way the Factom data layer would allow a government to issue a signed digital birth certificate in a secure way.
First, the government acting as a certificate authority would generate a certificate, in our example, a birth certificate. Next, they would sign a hash of the certificate with a key belonging to the government. This authenticates the certificate as coming from the certificate authority. Data within the certificate cannot be changed without breaking the hash or signature. Fakes cannot be made without cooperation of the government computers. This authentication gives people trust that the certificate is valid.
Now that the certificate has authenticity, a copy of the certificate and the signature are given to the individual. Now someone holding the signature and the certificate can prove the birth certificate to others in a peer-to-peer fashion. The government did not stand between the two parties with a mainframe. The verifier only needed to know the public key used by the government at the time.
At this point, no blockchain tech has been involved. The process is similar to how HTTPS certificates are managed today.
Blockchain technology used properly can show that a document is properly aged, give perpetual authentication, and quickly uncover fraud.
With some implementations of blockchain tech, when a document is issued, it would get timestamped (without publication). To use the certificate, the individual would present the signed certificate and its proof of age. If the issuer got hacked and could tell the private key was stolen, then the issuer would just start using a new key. All the old certificates could still be used since they were issued before the key was stolen. While the hacker could forge new birth certificates, they could not forge them into the past. The system would keep running fine even after a hack which would devastate other systems.
The problem with mere timestamping minus publication is that data can stay hidden. Most often computer hacks go undetected. In the above example, the hacker can forge birth certificates and timestamp them independently in secret. The issuer would not know about the forgeries since they would be hidden inside innumerable Merkle trees containing mostly private content. The forger could make fake certificates for years before some accident alerts the issuer to the hack. Even then, it would not be known how long forgeries had been issued for.
The answer is a timestamped publication system, like the Factom blockchain. For a certificate to be valid, it would be published in a particular form on the blockchain. All observers can see signed hashes going into the chain. If a hacker steals a private key, they must publish in the same public fashion as the issuer to make a believable forgery. Since the issuer can see the chain along with everyone else, they will know instantly when a forgery is made using the stolen key. They can immediately cancel the stolen key and cancel the recently forged certificate in the same chain. Now digital birth certificates can become something reliable in a world full of hackers.
For the extra paranoid, in a world with quantum computers, perfect computer security will not keep private keys secret. Blockchains resist even this nightmare scenario. Hash functions don’t break even with quantum computers. Blockchains will still protect these processes even when most other crypto standards need to be radically overhauled.
Paul Snow, the Chief Architect of Factom, likes to talk about a transition from Systems of Record to Systems of Authority. He developed these ideas seeing deficiencies when he was rewriting the Texas welfare software system. Birth certificates are a perfect example of how the certificate issuer can change from running a guarded mainframe, to merely granting authenticity to documents individuals hold.
By separating the authority from the record-keeper, multiple copies can be kept even on a low-security system. If the most untrustworthy record keepers tried to modify the documents, it would be apparent. If old random backups could be found even in insecure locations, and the hashes matched what was in the blockchain, history could be reconstructed securely. Separating out record keeping from authority can also help prevent loss from disasters, both man-made and natural.
These same concepts can be adapted and applied to many forms of human cooperation where trust is in short supply. Substitute birth certificates with EV certificates and now a company can manage their own internet identity. Pair an IoT device with its owner through the blockchain, and rogue device commands from a hacker can be detected by the owner. Modification timelines of wills (authorized or otherwise) can be tracked and validated through history. The list goes on and on. With this perspective, we believe the world’s systems and data can be secured, including birth certificates, in Factom.
by Brian Deery – Chief Scientist, Factom