[calabin]

I've been (lightly) thinking about this with regard to digital identity.

One of the few use cases that I find very compelling with regard to blockchain/web3 tech is as a means of ID/auth much in the same way that many sites now offer options to log in with FB/Google/etc.

One big obstacle (I imagine, I haven't really looked into this that far) is that of the password reset. Some non-trivial amount of people will forget the passwords to their identity tool, and in this scenario there's no central power with the capability to reset it for them.

The simplest option is to designate trusted friends who you could delegate authority to in order to perform some multi-sig reset, but then there's the issue of a FriendCoup. If you strike it big and turn on or ignore your friends, there's nothing stopping them from getting together and performing a takeover. Even if there are individual objectors, because it's blockchain, everything's public, and these are identity wallet contraptions, everyone knows who the hold out is and can lean on them or find some way to get their password, etc.

Even outside of a FriendCoup scenario, a FedCoup scenario where the government just leans on your buddies to grant them control is pretty plausible.

So I guess the question is, what sort of strategy for this is FriendCoup/FedCoup resistant but still grants the necessary amount of delegated power?

Not entirely relevant to the above, as doing this pen and paper for a password manager is a little harder for outsiders to game given that the holders aren't public, but still a question I've been batting around. Curious about anyone's thoughts/ideas or any existing work in this space.

Edit: After thinking about this for an extra minute, if it's not time sensitive a deadman switch could probably do it. If your friends perform the multi-sig and you haven't logged in in X days, then and only then will the reset occur, so you can void an attempt. That said, falls down on the FedCoup scenario since you'd presumably have restricted access to the internet.

[e63f67dd-065b]

I think that blockchain is not the solution here. The fundamental problem is trust: do you or do you not trust n other parties with the information required to take over your digital life, no amount of fancy crypto engineering will get around that.

No amount if crypto will stand up to a Russian mobster with a crowbar and some creativity, like the xkcd https://xkcd.com/538/.

What you need is to develop a threat model and then select an appropriate solution that matches your threat model. If the threat is the KGB might torture me and my buddies, then kill switches are appropriate. Otherwise it’s no solution.

Perfect security doesn’t exist, it’s all about tradeoffs.

[unboxingelf]

I think blockchain keys could work for identity, but you need another layer for authentication. Perhaps a smart contract could be used to generate and authenticate one time access codes?