Blockchain-based Authentication

or
"Beyond the Bubble: A Drupal Ethereum module"

#DrupalEthereum @digitaldonkey09

About me

  • 20 years ​​web development  
  • 10+ years with Drupal
  • 2+ years in Ethereum 
  • Developer at ConsenSys 

@digitaldonkey09

Overview

  • Blockchain basics
  • Ethereum Blockchain
  • Blockchain Applications
  • UX challenges
  • Drupal Ethereum Module
  • Authentication with Ethereum

Blockchain Basics

Imagine the Blockchain as a
"Decentralized & Distributed Consensus Database"

"0xd62e7da1d30af2abed70f0ec677fefe0a0db5774  owns 5 Bitcoin"

agree
agree
agree
agree
agree
agree

Blockchain Basics

Decentralized
P2P consensus

No central authority
 

Any state change requires a cryptographically signed Transaction

Global ledger with immutable records

Data can be updated, but older revisions remain public

BLOCKCHAIN

Timestamps

Currency

Digital Signatures

Accounts

Immutable Ledger

Basic Blockchain components

BLOCKCHAIN

Timestamps

Currency

Digital Signatures

Accounts

Immutable Ledger

Transactions

Transactions, Blocks & chaining

  • "Writing to Blockchain" requires a private key to sign a transaction
     
  • Blocks
    • contain a hash of the last block
    • are created about every 17 seconds

time

Blockchain's promises

"Sharing Economy" of
Uber, Airbnb

Centralized User Data,
Facebook, Google

Reduce costs of
middlemen

Self-sovereign
user identity

Internet of
Information

Crypto enthusiasts see the new layer of trust and value as Web3.0
Visionary talk by Don Tapscott: How the Blockchain is changing money and business

Internet of
Trust and Value

Ethereum Blockchain

"Ethereum is an open-source,
 public, blockchain-based
 distributed computing
 platform featuring smart
 contract functionality"

Ethereum - Global or Private

Private Consortium
Blockchain
(permissions, privacy)
 

Global Public
Blockchain

Ethereum Blockchain

Decentralized
P2P consensus

No central authority
 

Cryptographically Signed Transactions
 

To change state (or 'write to') the blockchain

Immutable Distributed Ledger

Programmable
money:
Smart Contracts

What is a Smart Contract?

  • Can run automatically when certain conditions are met
  • Addressable, can handle money / escrow, Turing-complete
Contract crowdFound
 if (time_is_out && account_balance) > $10,000
   move account_balance to founded_account
 else
   move donation_account to original_donor

(pseudocode)

Smart contracts are programs with code and state stored on the blockchain

ETHEREUM BLOCKCHAIN

Timestamps

Currency

Digital Signatures

Accounts

Immutable Ledger

Ethereum Blochain components

Smart Contracts

Tokens

Multi-party Signatures

Registries

Oracles -
off-chain input

Summing up

  • Ether is the currency in Ethereum
  • Computations  cost "gas" (payed in ether) to run
    -> anti-spam and incentivizes miners to run the network
  • Data changes to a blockchain create immutable audit trails
  • Blockchain data is public! (on public chains, if not encrypted)
  • Smart Contracts: Code deployed to the blockchain that can control funds
  • Ethereum Improvement Proposals (EIPs) and Ethereum Requests for Comments (ERCs)
    describe standards for the Ethereum platform, including core protocol specifications, client APIs, and contract standards.

Blockchain
Applications

  • Peer-to-peer Music / [add our digital good here] markets
  • Asset Management: Trade Processing and Settlement
  • Supply chain records
  • Voting, Self-governing organizations
  • Tokenized ownership
  • Sustainable Journalism
  • Incentivizing Renewable Energy infrastructure
  • Peer-to-peer Airbnb, Über, food delivery ... with lower fees
  • Self-sovereign identity

Blockchain Applications

The decentralized long term perspective

or
How I imagine decentralized, localized business of the future

Übermorgen

       Übermorgen
[German: The day after tomorrow]

How can we create standard for any kind of transportation business, which features transparency, diversity and fairness?

Übermorgen
approaching a decentralized transportation standard

DRIVER

PLATTFORM

CUSTOMER

STANDARD

Übermorgen
approaching a decentralized transportation standard

  • Chooses a favorite platform
    (like today with Über, Lift, RideShare, Food / package Delivery Service....)
  • The platform is the Trademark/Brand. It sets service type, quality, payment options

CUSTOMER

Übermorgen
approaching a decentralized transportation standard

DRIVER

  • Driver is the service fulfilling entity
  • owns his data with a private key
  • may join multiple platforms
  • data and history access-controlled by a Smart Contract he controls
  • Can point to files published to a decentralized file system (IPFS, DAT, etc.)
  • uses a Dapp to work with multiple platforms
  • Provides various services like
    • Taxi rides
    • PickUp/delivery
    • Long distance rides

Übermorgen
approaching a decentralized transportation standard

  • Provides a marketplace for services like like taxi, rideshare, food or package delivery
  • Ensures service quality by verifying Drivers
  • May set requirements (black car, red bicycle, min 5 tons transport capacity ... )
  • Takes escrow for the rides and is responsible for conflict resolution / customer service
  • Takes it a predefined share as transaction fees

PLATTFORM

Übermorgen
approaching a decentralized transportation standard

  • define Contracts and data standards for decentralized data
  • find allies and work on a Ethereum Improvement Proposal (EIP) or (ERC)
  • gather feedback from business people
  • rethink, iterate...

STANDARD

Blockchain Applications

Lower hanging fruits

 

  • Payments, Money transfers
  • Paywall, Micropayment
  • Donations, tipping
  • Signature Systems
    Verify-able, timestamped signatures for anything
  • Bounties
  • Subscriptions Services (EIP-948)

User interaction

Ethereum Keys can

  • Signing requires user interaction (if you don't host the keys      )
  • Signing Transactions (writing anything to the blockchain is a transaction, also sending money, deploying code)
  • Signing text (Signatures, off chain)
  • You may use the key for Encryption (not recommended)
  • Ethereum Address is derived from the private key
    --> account is independent from the network

UX Challenge - Transaction Signers

  • How to interact with a Dapp? (Decentralized Application)
  • Literally the key for the user
  • Metamask is most popular
    • Connects via Infura.io or any other Ethereum node
    • Key in the Browser. Uses seed phrase
  • How we get to a standard for TX signers for a great audience?
  • Lost keys have no PW reset

Ethereum wallets, Identity providers ... 

"Web of wallets"

by Bobby Dresser (uPort)

The Front-end challenge

  • How to make users not lose their key?
  • Deal with Identity contracts (no ECverify available)
  • integrate multiple wallets to allow users to chose
  • is the user/wallet on the right network? 
  • unlocked account ? (if you need his address to interact)
  • How onboard new users, which have no wallet?
  • Idea of Metamask Mascara Wrapper
    Experiment interaction UX
    ⇢ watch and help to develop standards for Dapp  interaction

Digital Identity

Digital Identity Today

Is proprietary / Isn't self owned

  • Facebook / Google 
  • Visa, Master, Bank account
  • Equifax -> Random hackers
  • State IDs / Passports

You pay for your "free" online identity by exposing your privacy

You can be excluded ("You may leave if you don't like the new Terms & conditions")

Self Sovereign Identity

The Idea of decentralized identifier (DID)

  • You create a claim:
    "My address is 949 Metropolitan Av, Brooklyn"
  • Others attest your claim:
    "New York State verifies that this person is registered at this address with the offical NYS signature"
  • As a developer you would chose which attestation entities you consider trustworthy

Many people work on this

  • uPort (ConsenSys)
  • Blockstack
  • http://www.weboftrust.info
  • http://identity.foundation
  • https://sovrin.org
  • https://www.civic.com

Drupal Ethereum module

Drupal Ethereum Module

  • Founded and abandoned in 2014
  • New approach started 2016
  • PHP Library (Ethereum-PHP)
  • POC for signup with registry
  • Currently
    • finalizing infrastructure
    • UX research

Current web

Ideal decentralization

How to connect Drupal and Ethereum?

Semi-decentralization

Client side signing using Transaction-signers

Server just pulls data

(no private key on Server)

Architecture challenges

Ethereum-PHP Library

  • Abstract Ethereum JsonRPC API
  • strict Datatypes, keccak hash , EC-Verify in PHP
  • SmartContract Objects
  • Lots of tests, ability to test against smart contracts
  • API documentation: http://ethereum-php.org
  • https://packagist.org/packages/digitaldonkey/ethereum-php
  • TODOs
    • complex data types Arrays + Lists
    • Testing framework for PHP library for various Ethereum clients
    • Contract Event Listening

Mapping Ethereum to Drupal

Infrastructure modules

Servers (Ethereum-nodes)

List Servers, gather information (Server Entity)

Deployability, Testability


Accounts

Ethereum Addresses
Map Accounts to Drupal Accounts
➡ Identity for known user group

          Transactions

               Read (own contracts/known ABI)

               ​Log TX based on Contract interaction

               Process Events data in Drupal
 

          Smart Contracts

               Manage deploy as Drupal Admin

               Provide ABI to process data in Drupal & frontend

               Watch for Blockchain Events triggers by Contracts

Ethereum Module
current state

  • Main 
    • ​Manage Networks
    • Manage Servers
  • ​Manage Contracts
  • Submodule Ethereum Signup
  • Submodule Ethereum User connector
  • Iterating on Transaction signers

Why two
Authentication modules?

Ethereum Signup

Text

Text + Private Key => Signature
Text + Signature Text  =>  Public Key (--> Ethereum Address)

Ethereum User Register

Two signup modules?

Ethereum Signup

  • Challenge/response authentication
  • No Blockchain interaction - no fee
    Just Elliptic Curve cryptography
  • Uses externalauth module

Ethereum user connector

  • Smart contract with registry
  • May be changed to a paywall
  • Transaction require little payment in Ether
  • Example module for contract interaction

Experimental
Mascara & Dapp launcher

Visualize TX signer state 

Initialize dapplet when requirements are met

Architecture summary

Current state

  • "User connector" (former POC)
    connects Ethereum accounts and user profiles via registry contract ("paywall").     Refactoring to new infrastructure.
  • "Signup"
    currently in github branch feature-ethereum_signup
  • Docker's
    https://github.com/digitaldonkey/docker-drupal-ethereum 

Drupal Ethereum module

Roadmap

Finalizing infrastructure modules (MVP)

  • Ethereum-PHP library needs more love
  • Contract deployment from Drupal backend (implement Remix?)
  • Contract events ---> Rules ? 
  • Explore and improve UX
  • Keep up to date with EIPs and start implementing some
  • Drupal and frontend Library loading
    Add support for installing libraries via asset-packagist #278

Drupal Ethereum module

Lots of Thanks to early
contributors & testers

and all others I talked to

(Commit stats refer to the various involved projects)

Questions & Thank You

thorsten.krug@consensys.net
       @digitaldonkey09

The development of Drupal Ethereum Module
Has been sponsored by ConsenSys
       @ConsenSys

https://consensys.net

https://slides.com/digitaldonkey/drupal-ethereum-drupalhackcamp

Beyond the Bubble – Blockchain Applications and the Drupal Ethereum Module

By Thorsten Krug

Beyond the Bubble – Blockchain Applications and the Drupal Ethereum Module

Presentation about Drupal Ethereum module at Drupal Hack Camp Bucharest 2018

  • 2,546

More from Thorsten Krug