DID for DeFi, Definitively

Main Published on: Apr 21, 2021 Last updated: Apr 21, 2021


Decentralized finance, or DeFi, is a cryptocurrency area that has recently been attracting significant attention. DeFi refers to financial services using smart contracts. These are automated enforceable agreements that do not need intermediaries, such as banks or lawyers, and use online blockchain technology instead.

Between September 2017 and September 2020, the total value locked up in DeFi contracts has grown significantly, from $2.1 million to $6.9 billion (£1.6 million to £5.3 billion). Since the beginning of August 2020 alone, its rise has grown even faster, and as of April 2021, it stands above $45 billion.


The current situation

These days, the eyes of regulators are fixed upon the cryptocurrency market. With the controversy around Ripple, frequent cases of money laundering, and stress put on banks caused by users trying to cash out their 500k EUR “moon bags”, it's not hard to understand why governments are doing their best to monitor the cash that is flowing in and out of DeFi.

DeFi has been a leading factor in cryptocurrency growth over the last five years. As an example, Uniswap, the decentralized exchange with the currently largest trading volume, collected billions of dollars from trading fees.

From a regulation perspective, it is understandable that DeFi markets cause these offices a lot of concerns - especially to officials tasked with anti-money laundering (AML) laws, who created the Bank Secrecy Act. It is just a matter of time until we see enforcement actions or settlements related to DeFi.

It will just take a little bit longer for regulators to understand the technology thoroughly, which means that enforcement is probably still far away. Once they do, they can then figure out who would be subjected to regulation and to what extent there have been actual violations of those regulatory frameworks. It is still the early days of DeFi, but the situation is similar to the initial cryptocurrency boom in 2017, which created a lot of suspicion that it involves activities that violate the security laws. Even today, there are still various unlawful activities that some call DeFi, but which are in fact centralized, or at least disputable. Within a couple of years, there will be obvious enforcement actions related to those violations.

Decentralization is not a magic cure nor a perfect defense to all regulations. It does not mean that decentralized finance has no regulations, but it can’t follow regulations designed for centralized systems. Also, these regulations were not designed for technology, like Blockchain and cryptocurrency, but apply to people and their conduct. So, the question isn't necessarily “Is DeFi regulated?”, the real question is “are there people using DeFi protocols who are subject to regulation?”.

Then the related question to the one above is: “Are cryptosystems money transmitters or money service businesses?”. This is because money transmitters are regulated in a different fashion than DeFi.

Money transmitters - A centralized exchange, regulated under the Bank secrecy act

An entity that receives money from one person and transmits that money to another person or location. This entity needs to be registered with FinCEN and is required to have an anti-money laundering compliance program, including the “Know Your Customer” procedure, KYC.

DeFi

Non-custodial DeFi systems do not take possession of your money and do not transmit any either. Therefore, the system is not a regulated financial institution and is not required to have an anti-money laundering program.

The DeFi problem

DeFi platforms reward users for contributing to liquidity “pools”. There have been times when that liquidity has been used fraudulently for market-making and removed entirely to purchase real estate. Dutch regulations already stated that DeFi lenders become contaminated, bearing the same risk as the risk that banks have when they are about to approve lending to someone. To mitigate this risk, DeFi needs to have similar checks as the banks do. With banking, everything is just on paper. The bank needs to be sure that the information provided on paper is correct and that deals done on paper can be enforced. So, they need to do some verification first.

Example:

A bank’s check of a user or a real estate of interest

  • A potential client needs to be verified using the KYC process before they can deploy their money into their products.
  • Banks need to be able to evaluate an object before it is lent out to somebody or before it is used as a financial pledge. They use:

Notaries

  • To evaluate if a house is actually worth 1 million EUR
  • To check on the user’s balances
  • To check on the sources of the income stream

Accountants

  • If the user’s declared equity is accurate

The same is true for DeFi; you need to be able to trust that the information on-chain is correct and that the rules set out in a smart contract can be enforced in real life.
For instance, if you've tokenized a house (as NFT) and used that as collateral to borrow crypto. The lenders need to be sure that the house can actually be claimed by the owner of the NFT. Otherwise, the NFT is worthless.

This means that DeFi users also need to know who they are borrowing from and whom they are lending to. If an object, such as a car or a house, is involved, its value needs to be verifiable.
Also, in the case of any conflict, a rule about how on-chain transactions will be enforced off-chain need to be specified.

This regulation has already been made in Germany and some other EU countries, and it is currently one of the biggest problems DeFi has.


The Solution

The solution to this problem is to have Verifiable Credentials (VC) to identify every user participating in DeFi. VC is a digital version of a user identifier, not unlike the plastic ID cards we carry in our wallets. The VC includes a name, address, and public address a user used for participating in DeFi.

The public address is a part of a Decentralized identifier (DID) string, which is the important part of this VC, but not all VCs need to have the DID string attached. Thanks to the DID, a user can prove the ownership of their VC by comparing the user’s public address from the VC with the user’s public key, which is stored on a blockchain.

DID important facts:

  • DID format:

scheme: the method used: user's pseudonymous ID

Such a unique Decentralized Identifier verifiable on the LTO network would have the format similar to:

LTO DID example:

did:lto:3JuijVbbserasr48h8rz8451RTyeL

  • DID is a new type of globally unique identifier that is assignable to any subject, which can be a person or an object, such as a car or a house. This further applies to organizations, things, data models, abstract entities, etc.
  • In contrast to typical, federated identifiers, DIDs have been designed so that they may be decoupled from centralized registries, identity providers, and certificate authorities. Specifically, while other parties might be used to help enable the discovery of information related to a DID, the design enables the controller of a DID to prove control over it without requiring permission from any other party.
  • DID is a new format that connects a user's blockchain public address, generated from the user's key pair, with the user's real-world identity. Most of the time, it is a user’s blockchain address, but the user's pseudonymous ID could of course differ.
  • With DIDs, it is possible to attach a value to an object, so the collateral that has been provided has a specific value, so an owner can give out this object credential that could be verified on every chain.
  • DID verified with the X.509 certificate can be used instead of VC, on which a company would have its name and address, to identify companies publicly on a blockchain.
    The public key certificate (X.509) is declared by a Certificate authority (CA) is assigned to the company DID. When publishing the X.509 certificate, verifiable information about the company is public. The X.509 certificate serves more or less the same purpose as verifiable credentials but for publicly accessible info.
  • Since the generation and assertion of Decentralized Identifiers is entity-controlled, each entity can have as many DIDs as necessary to maintain their desired separation of identities, personas, and interactions. The use of these identifiers can be scoped appropriately to different contexts. They support interactions with other people, institutions, or systems that require entities to identify themselves, or things they control while providing control over how much personal or private data should be revealed, all without depending on a central authority to guarantee the continued existence of the identifier.
  • The point of the DID standard is to create an interoperability bridge between the worlds of centralized, federated, and decentralized identifiers. This also enables implementers to design specific types of DIDs to work with the computing infrastructure they trust, such as distributed ledgers, decentralized file systems, distributed databases, and peer-to-peer networks.

The challenge

The most significant obstacle to using DID is that in DeFi, nobody really wants to be verified. However, the upcoming regulations will most likely speak clearly: Be verified or be gone.


LTO Network as a blockchain solution for VC, DID, and DeFi

The paragraphs below provide an example of blockchain-based solutions and a company that delivers under ISO standards and GDPR compliance. LTO is able to provide additional features to verifiable credentials, thanks to the hybrid approach. For example; combing verifiable credentials with an event chain on the private layer can help a projection comply with privacy regulations.

DIDs from a DeFi user VCs can be placed, anchored, indexed, and associated on the LTO chain. LTO Network solution is GDPR compliant and goes hand in hand with ISO/TC307 - BLOCKCHAIN AND DISTRIBUTED LEDGER TECHNOLOGIES . LTO Network approach uses Chainlink oracles for reaching the cross-chain operability and the Dutch company Sphereon for wallet integration.

GDPR compliance

Because of GDPR and similar privacy regulations, businesses are required to keep track of the personal information they store and with whom that information is shared. Upon request, this needs to be communicated to the user. Additionally, the user is entitled to request for information to be destroyed. It's up to the business that initially received the data to ensure that any party with whom the data was shared will also delete it. This can be an administrative nightmare to handle manually. LTO has a decentralized solution to automate this process, which is being used by several enterprise clients since 2018. Combining this solution with verified credentials gives the end-user full control over its personal data while reducing the regulatory burden for all businesses involved.

Cross-chain interoperability

Associations can be used to specify a relationship between accounts on LTO Network. By using associations with cross-chain DIDs, relationships between accounts on different blockchains can be established on LTO Network. LTO Network is partnering with Chainlink to make this information available for smart contracts through its decentralized oracle network. For example, an organization could add associations to establish an account belonging to an accredited partner. In this example, the accredited partners are allowed to certify businesses. With the use of Chainlink, it's possible to create a smart contract that can only be used by these certified businesses.

Wallet integration

LTO identity nodes will follow the W3C Decentralized Identifiers (DIDs), W3C Verifiable Credentials (VCs), and Rosetta standards. Adhering to these standards will make it interoperable with software run by other stakeholders in this space, such as governments, enterprises, vendors, users, etc. Rather than creating our own wallet to store credentials, the focus is on interoperability and integration in other applications. Blockchain-specific identity wallets are often hardly used. The trend for integrators is to create project-specific applications that hide technical details like the use of the blockchain. This trend can be witnessed in the growing number of wallets as an integrated part of (enterprise) apps, such as Rabobank/Randstad Career wallet, Off-Blocks Signing app, and BlockChangEU wallet. As for the launching partner, LTO will collaborate with Sphereon to integrate the LTO Network identity solution into their existing software, making it available to potentially hundreds of enterprise clients.

Why is Blockchain a good solution?

Traditionally, electronic security focuses on authorization, authentication, and access control. These mechanics are intended to keep unauthorized users from accessing or modifying data. However, when it comes to authorized access, either on application or system level, it does not provide any protection. Blockchain enables tamper resistance for data through distribution over many systems that are run and managed by independent parties. This is ensured by the architecture of the blockchain, where every piece of data has thousands of globally distributed copies. A potential attacker intent on breaching the certificate would have to compromise the majority of the data distribution at the same time, which is extremely hard, expensive, and with a well-designed blockchain almost impossible.


Outro

Anonymity on the blockchain is a double-edged sword. It protects the identity of the user, but it also hinders business adoption. DIDs and verifiable credentials help to replace anonymity with privacy, by connecting blockchain addresses to real-world identities. This puts the user in control of when and how to share personal information. The aim of on-chain identity solutions should be to improve upon existing identification methods.

In these matters, we need to be careful not to repeat the same flaws, like depending on a small group of trusted third parties.

The LTO Network identity node combines verifiable credentials with public key certificates, which form on-chain trust networks. This allows LTO to present a permissionless solution that doesn’t rely on network appointed trusted parties. Also, allowing users to fully participate in DeFi in a way that is secure, keeps user credentials private, and provides the solution for the upcoming regulations.

With cryptocurrencies, there is no restriction related to wealth, social status, or religion; almost everyone can take part in DeFi. This is an advantage for those who can not access traditional financial services because of the lack of formal documentation or the absence of such services in that country. Also, the current conditions and rate of APY attract various investors to DeFi ecosystems every day.

With the proper solutions that help meet the regulation in mutually accepted settlements, it will be possible for DeFi to thrive henceforth, and slowly become the financial investment choice of the future.

Mickey Maler

Among with Christian Zhang

"In blockchain we trust!" A crypto-enthusiastic believer, trader, cryptocurrency blogger, LTO Network supporter, and seed-round researcher.