3iD | Devpost

Inspiration

Banking is inequitable and unjust. 8 million US citizens are unbanked and inequalities exist between consumers based on where they live, their criminal record and their ethnicity. Furthermore, 5 Billion people live in developing countries where government and financial institutions are prone to corruption. Initially, we wanted to create a framework for identity on the blockchain that can be used to increase accessibility to financial services and offer consumers a ‘fair deal’, regardless of their personal information. Users are given a ‘clean record’ and are judged solely on their web3 activities, with decentralized banks rewarding loyalty and punishing malicious actions.

However, we decided to take this idea one step further and develop a protocol that solves the problem of accessibility and accountability within web3. Protocols can log ownerships of assets, engagements within communities, loans from banks, and many more web3 interactions onto the user’s iD. This allows for cross-platform compatibility, the development of credit scores, protection against bots, and a new way to anonymously login, all on top of the same framework, opening up new possibilities for what is possible on web3.

What it does

3iD authenticates users with the help of identification authorities to ensure a one-to-one mapping between people and iDs. This ensures users are incentivized to maintain a ‘clean record’ on their iD and are kept accountable for their web3 activities. Once a 3iD NFT has been created, the owner of the iD can grant permission for protocols it interacts with to open a page and log the user’s relevant actions. Once an event has been logged on the Filecoin decentralized database, the record cannot be removed. 3iD follows an extensive list of precautions to ensure a NFT can never be paired with its owner: a user enrolls with a ‘temporary’ and a ‘private’ Ethereum wallet and uses a zero-knowledge protocol to securely transfer ownership to its private address. Identification authorities are also never given the address of either of the user’s wallets and sensitive files are deleted immediately after users have been verified. More information can be found on our documentation.

How we built it

We started with the problem of fixing the loaning system in the world. Deserving people will not be able to take a loan from a traditional bank due to a lack of access, criminal record, or due to being part of an underrepresented community. Additionally, Defi Apps cannot afford to give anything better than fully collateralized loans due to the risk of bots and inherent anonymity of their clients. Therefore we set out to build a protocol which would maintain the anonymity and privacy of users whilst ensuring the accountability and trust that occurs in traditional banking. We spent a long time developing the protocol and ensuring we have the necessary security and decentralization in our system. We were shocked to find that there is no other current decentralized protocol that offers a similar system to ours: combining anonymous identity verification with bookkeeping on the blockchain.

Once the protocol was figured out, we then created technical documentation explaining each step of the protocol and the security measures we take. We then decided to split our task into four core roles: developing the backend web to solidity interaction, writing the Ethereum smart contracts for the identity authentication protocol, interaction with the decentralized Filecoin database, and frontend web development and graphics. Whilst each member focused on their key roles, we ensured that the team was constantly communicating and helping each other. We wrote our smart contracts for the identification protocol and database management in solidity and deployed them on the Kovan testnet. The interaction with the Filecoin database was done using an HTTP API for Web3 Storage and Chainlink oracles to communicate data out of the blockchain. For the backend web development we used react (JavaScript), flask (Python) and the web3 and metamask APIs to integrate with the on-chain smart contracts.

Challenges we ran into

The first challenge we faced was to learn Solidity programming in order to develop the smart contracts. We had to get acquainted with the blockchain development ecosystem and learn about the industry standards for privacy and data security within the blockchain. The second big challenge we faced was the integration of on-chain smart contracts with the off-chain website backend. We had to implement a multitude of APIs to integrate with the functionality of making smart contract calls from the website itself, furthermore, we had to incorporate oracles to communicate data outside the blockchain whilst still maintaining a decentralized data flow and control. Upon integration of the smart contracts with the website, we uncovered a huge array of new bugs that took many hours and late night snacks to debug.

Accomplishments that we're proud of

We were able to develop a legitimate solution to a problem that is fundamental to our society: how to have accountability and trust whilst retaining privacy and anonymity? We are also really proud that we were able to develop the entire working system and integrate both on-chain and off-chain systems that are inter compatible. We are also proud of our beautiful and slick frontend website and logo.

What we learned

In terms of skills, we learned how to program smart contracts in Solidity and strongly improved our knowledge of JavaScript. We also learned about the blockchain ecosystem and the privacy and identity space. We developed a much stronger understanding of cryptography: Diffie Helman, Shamir Secret Sharing, ZK-proofs, ZK-rollups, PLONKS, Tor and IP masking. Although we were unable to implement all of these security features within the TreeHacks time, we gained a lot of theoretical knowledge on how these systems work. Furthermore, as a team, we hugely improved our communication skills and debugging skills as we helped each other debug code. We also learned about the process of software development in groups and making sure that everyone’s code is compatible.