The first decentralized apps where built to prove the concept that application could be run in a decentralized manner without any central authority.
What would be the real purpose of such application?
If we build decentralized applications, how do we know the number of real (a user can have multiple addresses or wallets) users using it.
How does the application restrict certain functionalities from a group of users? Remember there isn’t any central authority with a list of users and permission controls.
Let’s take the popular example of electing our politicians through voting on the Blockchain. Let’s have a simple list of requirements as follow:
- First of all, only citizen of a country can vote
- We have to make sure that they only voted once
- They should be able to see their voting history
- Other voters should not be able to see other people voting history
The above can be easily built using a centralised application but this is for another discussion.
If the above requirements where developed as DApps on Ethereum, everyone can see who voted based on their voting account address. By now we know that the address are not anonymous and they could be traced back to the actual owners. Anybody can create an account on Ethereum (or most public blockchains) as this is a very cheap. Malicious users can create multiple accounts and vote multiple times.
How do we stop people from voting multiple times without a central authority?
Simple answer is we cannot.
How can we guarantee that all voters are citizen of that country?
Basically, it is impossible to create a DApps which can handle our simple requirements. There are some solutions but none of them are decentralized. Let’s not forget that blockchain networks have no idea of what’s going on in the external world.
Oracles and side-chains are centralised
Any process which occurs outside the blockchain are controlled by a central authority; such as validating users, check the weather, polling stock quotes, etc…
How can we fix that issue?
First of all, we have to understand what role would the public chain play in our application. We need to step away from the Let’s save the world through blockchain rhetoric. What value does the blockchain brings to the application? There are governments’ laws and regulations on the use of people data. Also, not every transaction should be run in a trust less manner as in voting to elect our leaders.
In order to fix the issues with user management, a centralized user management authority needs to be put in place. Something that can allow for a seamless know your customer (KYC) process. In the context of election, the process can assign a PKI to each user which has no meaning to the outside world. The voting process can will be handled by the DApps on chain by recording users voting activities. In theory, the central authority will be able to tell who each voter voted for? Other measures can be put in place to prevent it.
Implementing a user management for the decentralized world is not a small feat. Stakeholders will spend more time about the security of their users’ data for fear hackers compromising or stealing the data. Just as banks go to extreme measures to protect their users’ data, applications with centralized user management should go through the same rigorous security testing process.
This is the subject of research we are currently conducting with the hope that a decentralized user management such as Hyperledger Indy can evolve to solve this issue in the future.