Long Term R&D: Internet Identity (proposal)

maria · December 16, 2021, 7:37pm

Internet Identity features (One-pager)

Summary

Internet Identity is a blockchain authentication system built for and on the Internet Computer. Internet Identity enables users to authenticate toward each dapp with a pseudonymous identity, which is consistent across multiple user devices but unlinkable across different dapps. Internet Identity has been launched together with the Internet Computer, and is used by many users of the Internet Computer to authenticate toward their favorite dapps.

While Internet Identity as it is today already provides secure authentication and works seamlessly across multiple user devices – building on both web authentication (for secure key storage on client devices) and on the Internet Computer’s threshold cryptography (for supporting multiple ones) – several key features can still be improved. This motion suggests focusing R&D efforts in the following years to the following topics:

Improve security of recovery method management in the II canister.
Provide stronger, cryptographic unlinkability guarantees with weaker trust assumptions.
Performance improvement in generating delegations.
Secure account recovery using external identity verification providers.
Decentralized anonymous credential-based authentication.
Better mechanisms against bots, e.g. based on web auth attestations.
Support for devices without web authentication.
Support Internet Identity use in native apps.

Background

The core component of Internet Identity is a canister that manages the mapping between a user’s identity anchor and the public keys associated with the devices of the user. More technically, the users authenticates toward the canister from their devices, and upon successful authentications, the canister issues delegations with which the users can authenticate themselves toward dapps.

The Internet Identity canister also serves the Internet Identity front end into the users’ browsers. The front end is a light, Javascript-based application that manages the user’s identity anchor in the canister and that builds on web authentication as a mechanism for storing the user’s cryptographic keys in secure hardware. The front end also interacts with dapps that support Internet Identity for authenticating their users.

Topics

Secure management of recovery methods and keys

Currently, all devices and recovery methods associated with a user’s identity anchor have the same level of privileges. In particular, each device or recovery method can be used to delete or add any other device or recovery methods. This does not allow for reflecting the actual security properties of different devices, such as a USB security key that can be activated by a simple touch, a key stored on a phone or laptop that requires the user to authenticate via biometrics for each use, or a seed phrase stored in a secure locker. In the future, Internet Identity shall support different privilege levels for different devices, allowing a user to designate certain devices or recovery methods as more trusted and, e.g., make them non-deletable by lower-level devices and methods.

Cryptographic unlinkability under weaker assumptions

The unlinkability of pseudonyms that are related to the same identity anchor but issued for different dapps currently depends on the secrecy of a seed stored within the Internet Identity canister. (No other security property is affected.) A better method of storing such a seed would be in a threshold secret-sharing across all nodes of the subnet running the Internet Identity canister, since then no small subset of nodes can reconstruct the secret. It is proposed to develop new cryptographic protocols for the secure derivation of unlinkable pseudonyms based on threshold cryptography.

Performance improvement in generating delegations

The delegations that the Internet Identity canister issues toward dapp front ends (and that allow the user to always authenticate under the same pseudonym for that dapp) are authenticated via the Internet Computer’s certified variables mechanism. Certifications of variables require finalization on the block containing the request, which leads to a noticeable delay in creating the delegation. In the future, and in line with the previous topic on securely deriving unlinkable pseudonyms, the Internet Computer shall be able to issue the delegations without the need for finalization in consensus.

Secure account recovery based on external identity providers

Internet Identity provides two recovery mechanisms: additional (e.g. USB) security devices – which require additional expenses – and recovery phrases – which are difficult to manage securely for most users. In the future, Internet Identity shall provide an additional recovery method in which users associate (in encrypted form) personal information with their identity anchor, and designate specific identity verification services for recovering access to the account, based on validation of documents proving the associated personal information.

Decentralized anonymous credential-based authentication

Authentication of users on the Internet Computer is based on their principal, which serves as a pseudonym for the user. The Internet Identity does not yet support additional attributes such as age, citizenship, residence, bonus program membership, and so forth. In the future, Internet Identity shall support a self-sovereign and privacy-friendly implementation of attribute-based authentication based on anonymous credentials.

Improve protection from bots

The current implementation of Internet Identity uses proofs of work to protect from bots, which have been proven insufficient and will soon be amended by a CAPTCHA. Yet, also the CAPTCHA-based protection may be insufficient as a protection from bots at some point in time. An additional measure can be based on web authentication attestations, which attest the device used for the registration, and thereby require the involvement of a person. In the future, this and similar mechanisms shall be scrutinized and implemented.

Support for devices without web authentication

The current implementation of the Internet Identity front end requires web authentication to be supported by the user’s device. Various users have devices that do not support web authentication, which they would still like to use to access the Internet Computer. In the future, Internet Identity shall improve support for such cases, with possible directions including delegated authorization from a web-authentication-enabled device, or software-based solutions if they can provide a similar level of security.

Support for Internet Identity in native apps

Internet Identity was designed primarily with focus on web-browser-based front ends served from dapp canisters, and it is difficult to integrate with native applications (e.g. installed on the user’s phone). In the future, Internet Identity shall provide better interoperability with such native applications.

Discussion leads

The motion proposal is driven by @bjoern, @maria and other team members who will also be available for discussion.

What we are asking the community

Review comments, ask questions, give feedback
Vote accept or reject on NNS Motion

Topic		Replies	Views
Long Term R&D: Decentralized CA and DNS (proposal) Roadmap	7	2143	September 20, 2023
Motion Proposals on Long Term R&D Plans Roadmap	17	7348	June 10, 2022
Long Term R&D: Secure OS (proposal) Roadmap	4	1596	December 20, 2021
Long Term R&D: Storage Subnets (proposal) Roadmap	44	4662	January 3, 2024
Long Term R&D: Integration with the Ethereum Network Roadmap	145	23998	April 23, 2024