Leveraging Social Networks in the Web of Trust: Making Decentralized Identity Accessible
Decentralized systems that rely on public private keypairs for identity such as Polykey's NodeIds face the Zooko's triangle problem.
The public key identifiers are decentralized and secure, but they aren't human meaningful. This makes it difficult to find your friend's NodeIds.
Traditionally establishing a web of trust between these NodeIds without a centralized registry involved cryptographic key-signing parties in dimly lit back rooms of tech conferences—hardly accessible to your everyday internet user.
But what if we could skip the awkward small talk and instead tap into platforms where people already feel at home, like social networks?
Keybase discovered that social networks could serve as discovery focal points for discovering decentralized identities. Most people already trust these platforms and are familiar with how they work.
The idea is simple: users can post a cryptographically signed claim, or what we call a "cryptolink" on their social network profiles. This post, publicly accessible and searchable, serves as a verifiable claim that links their social network identity to their decentralized Polykey NodeId. As long as the social network provides APIs for posting and searching, it can be integrated into Polykey.
However, there's a hitch. Social networks are increasingly closing off their platforms, limiting API access for posting or searching content. This trend forces us to either adapt by using manual methods or restrict the range of supported networks. For instance, manually posting a cryptolink might involve copy-pasting a generated message, while manually searching for someone else's cryptolink could become a scavenger hunt. But with a unique link, the process remains feasible, even if less automated.
By using a platform like Polykey, users can discover the NodeIds of their friends or acquaintances directly through social networks. This approach doesn’t just democratize access to the web of trust; it makes it practical and intuitive. Unlike our inspiration, Keybase, Polykey does not maintain a centralized registry of cryptolink claims. The claims are simply replicated on each Polykey node's sigchain.
Do note that using these centralized social networks is entirely optional. Polykey does not depend on them. Any social network can be used as a discovery point, including your IRL key signing party.
Currently, Polykey integrates with GitHub, allowing developers to leverage their GitHub identities in the web of trust. We’re eager to expand this to other platforms and encourage contributions from the community. Given the nature of Polykey, future integrations will likely involve WebAssembly (WASM) plugins, offering flexibility and performance across various platforms. Decentralized identity platforms, particularly those using blockchain-based identifiers (DIDs), are tailor-made for this. They align perfectly with the principles of decentralized trust and provide a robust foundation for identity verification in the web of trust.
The potential here extends far beyond just identity verification—it could lead to advanced trust metrics, scoring systems, and even a marketplace for trust. The integration of social networks with decentralized identity systems represents a significant leap forward. It makes the web of trust more accessible and practical, moving it out of niche tech circles and into the broader internet community.