To allow people and organizations to interact safely, they need to be able to trust each other. The old way of doing this was to have trusted intermediaries. Today, technology helps us to achieve this at the technical level. At Twala.io, we build tools that enable people to manage their personal data, undergo an intricate know-your-customer verification, and conveniently process their digital documents.
Before diving deeper on what we are currently working at, let’s first take a moment to discuss the technologies we’ve used to build these awesome projects!
A blockchain is, in the simplest of terms, a time-stamped series of immutable records of data that is managed by a cluster of computers not owned by any single entity. Each of these blocks of data (i.e. block) is secured and bound to each other using cryptographic principles (i.e. chain).
So, what is so special about it and why are we saying that it has industry-disrupting capabilities?
The blockchain network has no central authority — it is the very definition of a democratized system. Since it is a shared and immutable ledger, the information in it is open for anyone and everyone to see. Hence, anything that is built on the blockchain is by its very nature transparent and everyone involved is accountable for their actions.
There are a lot to discuss about blockchain technology, but as for the purposes of this document, we will only discuss the three primary types of blockchains, which do not include traditional databases or distributed ledger technology (DLT) that are often confused with blockchains.
a. Public blockchains
b. Private blockchains
c. Consortium blockchains
Let’s explore the different types of chains. And start with public blockchains, which are open source. They allow anyone to participate as users, miners, developers, or community members. All transactions that take place on public blockchains are fully transparent, meaning that anyone can examine the transaction details.
a. Public blockchains are designed to be fully decentralized, with no one individual or entity controlling which transactions are recorded in the blockchain or the order in which they are processed.
b. Public blockchains can be highly censorship-resistant, since anyone is open to join the network, regardless of location, nationality, etc. This makes it extremely hard for authorities to shut them down.
c. Lastly, public blockchains all have a token associated with them that is typically designed to incentivize and reward participants in the network.
Another type of chains are private blockchains, also known as permissioned blockchains, possess a number of notable differences from public blockchains.
a. Participants need consent to join the networks
b. Transactions are private and are only available to ecosystem participants that have been given permission to join the network
c. Private blockchains are more centralized than public blockchains
Private blockchains are valuable for enterprises who want to collaborate and share data, but don’t want their sensitive business data visible on a public blockchain. These chains, by their nature, are more centralized; the entities running the chain have significant control over participants and governance structures. Private blockchains may or may not have a token involved with the chain.
Consortium blockchains are sometimes considered a separate designation from private blockchains. The main difference between them is that consortium blockchains are governed by a group rather than a single entity. This approach has all the same benefits of a private blockchain and could be considered a sub-category of private blockchains, as opposed to a separate type of chain.
a. This collaborative model offers some of the best use cases for the benefits of blockchain, bringing together a group of “frenemies”- businesses who work together but also compete against each other.
b. They are able to be more efficient, both individually and collectively, by collaborating on some aspects of their business.
c. Participants in consortium blockchains could include anyone from central banks, to governments, to supply chains.
Artificial intelligence, AI for short, is the ability of a computer program or a machine to think and learn. It is also a field of study which tries to make computers "smart". They work on their own without being encoded with commands. Artificial intelligence, on its own is a very broad and interesting topic with almost endless possible applications. With that being said, we will only tackle two AI applications that we’ve used.
a. Face Detection
b. Optical Character Recognition
Face detection is an AI-based computer technology that can identify and locate the presence of human faces in digital photos and videos. It can be regarded as a special case of object-class detection, where the task is to find the locations and specify the sizes of all the objects that belong to a given class – in this case, faces – within a specific image or images.
Face detection applications use algorithms that determine whether images are positive images (i.e. images with a face) or negative images (i.e. images without a face). To be able to do this accurately, the algorithms must be trained on huge datasets containing hundreds of thousands of face images and non-face images.
Optical character recognition is the use of technology to distinguish printed or handwritten text characters inside digital images of physical documents, such as a scanned paper document. The basic process of OCR involves examining the text of a document and translating the characters into code that can be used for data processing. OCR is sometimes also referred to as text recognition.
The process of OCR is most commonly used to turn hard copy legal or historic documents into PDFs. Once placed in this soft copy, users can edit, format and search the document as if it was created with a word processor.
Cryptography is the practice and study of techniques for secure communication in the presence of third parties. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography.
Modern cryptography is heavily based on mathematical theory and computer science practice; cryptographic algorithms are designed around computational hardness assumptions, making such algorithms hard to break in practice by any adversary. It is theoretically possible to break such a system, but it is infeasible to do so by any known practical means. Today we will talk about two of the widely-used applications of cryptography.
a. Asymmetric Encryption
b. Cryptographic Hashing
Asymmetric encryption is an encryption scheme that uses two mathematically related, but not identical, keys - a public key and a private key. Unlike symmetric key algorithms that rely on one key to both encrypt and decrypt, each key performs a unique function. The public key is used to encrypt and the private key is used to decrypt.
It is computationally infeasible to compute the private key based on the public key. Because of this, public keys can be freely shared, allowing users an easy and convenient method for encrypting content and verifying digital signatures, and private keys can be kept secret, ensuring only the owners of the private keys can decrypt content and create digital signatures.
Cryptographic hashing is a method of cryptography that converts any form of data into a unique string of text. Any piece of data can be hashed, no matter its size or type. In traditional hashing, regardless of the data’s size, type, or length, the hash that any data produced is always the same length. A hash is designed to act as a one-way function — you can put data into a hashing algorithm and get a unique string, but if you come upon a new hash, you cannot decipher the input data it represents. A unique piece of data will always produce the same hash.
Hashing is a mathematical operation that is easy to perform, but extremely difficult to reverse. (The difference between hashing and encryption is that encryption can be reversed, or decrypted, using a specific key.) The most widely used hashing functions are MD5, SHA1 and SHA-256. Some hashing processes are significantly harder to crack than others. For example, SHA1 is easier to crack than bcrypt.
To explain all the above mentioned technologies thoroughly in the space of this article would be impossible! Instead, we will now talk about the projects we are currently working on and how Twala.io implements the above discussed technologies . Depending on how tech-savvy you are, the following is either a high-level glance or a granular deep dive.
1. Twala Identity. Our Self-Sovereign Identity Mobile Application.
Twala Identity is a mobile application that lets users manage their own self-sovereign identity in a consortium blockchain network. We use the terminology of self-sovereign identity, as the concept of individuals or organizations having sole ownership of their digital and analog identities, and control over how their personal data is shared and used. Specifically, Twala Identity uses ERC725 and ERC735 for claims and keys management. One of the best things about ERC725 and ERC735 is that they’re open, community-driven, and participatory standards. This adds a layer of security and flexibility allowing the identity holder to only reveal the necessary data for any given transaction or interaction.
Since identity is such a central part of society, we need to ensure that user control will be the primary foundation SSI will be built upon. Under self-sovereign identity model, individuals and organizations (holders) who have one or more identifiers (something that enables a subject to be discovered and identified) can present claims relating to those identifiers without having to go through an intermediary. As a result, the best way to implement a system with self-sovereign identity would be through blockchain technology where no intermediary is needed.
Guiding Principles of SSI:
Existence — Users must have an independent existence.
Control — Users must control their identities.
Access — Users must have access to their own data
Transparency — Systems and algorithms must be transparent.
Persistence — Identities must be long-lived.
Portability — Information and services about identity must be transportable
Interoperability — Identities should be as widely usable as possible.
Consent — Users must agree to the use of their identity.
Minimization — Disclosure of claims must be minimized
Protection — The rights of users must be protected
2. Twala Sign. Our Document Signing and Verification Platform.
Twala Sign guarantees the integrity of your documents with a digital signature. The digital signature is tied to the user’s self-sovereign identity. Blockchain technology provides a method of securing the digital signature by entering it into a permanent, verifiable record. This means that in the event of a dispute, you can prove that your document has not been altered, was not forged, and was created on an indicated precise date and time (timestamped).
In the case of a Twala document, the file is a PDF of the electronically signed document. To seal an electronically signed document, Twala Sign uses the SHA-256 algorithm, which makes it impossible to generate an identical hash from any other document or file. And the nature of a cryptographic hash is such that it’s impossible to use it to re-create the document’s content. The hash is then encrypted using the signer’s action key - a key generated and owned by the signer’s identity contract. The hash, along with the signature, the signatories’ identity addresses and the current timestamp will be written as a new record on a consortium blockchain. Additionally, the documents’ hash will also be recorded in the Ethereum Main Network (Public Blockchain) to achieve absolute immutability. In this way, users can always verify their document virtually forever.
We offer solutions fit for professionals, small and medium sized businesses (SMEs) and large enterprises. Data sharing between individuals and organizations can be done in a trusted and secure way if people are provided with the right tools, services and platforms.