What is LockChain?
LockChain is a digital identity and data authentication system. It uses the Bitcoin network to embed users’ identity and data into a transaction. The digital identity of a user is created through a keypair, the same cryptographic function used for Bitcoin wallets. The keypair can only be created once the user is authenticated using their phone’s biometric scanner to prove they are human and that they are the owners of the device. Once the keypair is generated, the user can now sign content and verify themselves to the world. The identity portion works in 3 simple steps:
1. Enroll: When the user enrolls, a keypair is generated after they confirm their biometric verification using their device. The private key is not revealed to the user. This is because if fallen into the wrong hands, the private key gives access to your identity claim, which they can use to create fake QR codes pretending it came from you. By not revealing the private key and leaving it in Android’s secure Keystore, if lost or stolen, nobody else can gain access to the private key without your biometric fingerprint. And extracting private keys from Android’s isolated high security modules such as the Trusted Execution Environment (TEE) or Secure Element (SE) is nearly impossible. However, due to our stringent process of never revealing your private key, please be aware that app uninstall, or loss of device requires re-enrollment. This may seem inconvenient, but identity theft is a serious concern that we will not compromise on. Once the private key is secured, the public key is sent to the Bitcoin blockchain for broadcasting.
2. Broadcast: The public key is embedded into a Bitcoin transaction using the OP_RETURN field. Once the Bitcoin transaction is broadcasted and verified by the network, your public key is now safely on the blockchain. But now that it’s on the public ledger, you need to “claim” it. There’s 3 ways to do this:
a. Social Media: To link your social media account to the LockChain app, simply sign up using your account. Currently we only offer Twitter sign ups with more options coming in future updates. When you verify yourself to others, the QR code will link your social media account. This method is tailored to influencers or casual users.
b. Government ID (coming in future updates): You can use our trusted KYC partner to verify your government issued ID so that your government verified identity is shown to users authenticating you. This is tailored to very important persons such as celebrities, politicians, CEOs, agents, etc.
c. Neither: You don’t have to claim it publicly at all. If you want to entrust your immutable identity to the people you choose, then you can simply share your public key to whoever you want. Your public key is an unrecognizable string of characters that has no tie back to you whatsoever unless you specify so. This can be done in person, over encrypted messaging software, or whatever secure measures you choose. This is tailored to individuals seeking privacy.
3. Verify: Once you’ve claimed your identity to the public (or not), you can verify yourself to others. To begin, you scan your fingerprint on the app to access your private key and to prove you are human. Once the software confirms you are the true user, you can then attach a URL link of any content you wish such as a tweet, YouTube video link, website link or plain text. There is a limit to character length as the more characters there are, the more complex the QR code will be, decreasing its legibility. Once you have attached the content you wish to verify, your private key signs the content. If you choose the private method of not claiming an identity, the QR code only shows the public key to the user. This QR code is generated with your content input, public key, your identity claim (if applicable), a timestamp of the verification event, and the digital signature. If your public key matches the signature and its contents that it signed, then it proves your private key signed all these contents. If there’s any tampering with the QR code and its data, the signature will not match and our system will notify your audience when they scan the tampered-with QR code. Our app also uses APIs to compare the public key in the QR code to the actual public key on the blockchain, cementing its integrity. Lastly if your social is linked, the unique ID for your social account is intrinsically linked to a special, private UID in our backend database that nobody has access to, which also contains your public key. Therefore, even if someone has your social account's UID, which indeed is public, they cannot create fake QR codes on your behalf because they can’t use your public key to sign content since they do not have your private key. Furthermore they can’t use their own keypair because our backend servers check the link between your social ID and your enrolled public key. They must match for a successful verification.
In 3 simple steps your immutable identity can verify your content to anyone in the world. Public-private key cryptography is not new and has been around for decades. However, the revolutionary aspect is being able to broadcast your public key onto a distributed ledger. In the past, a user would send the public key directly to the person they wanted to verify themselves and their messages to, which wasn’t very scalable. To announce their public key on a larger scale, they would have used a third party to broadcast their public key, which introduces the security concerns of intermediaries. Now with the advent of Bitcoin, LockChain can utilize the network’s secure, distributed, and global ledger to announce to the whole world users’ now-immutable public key for anyone to verify.
The data immutability aspect is similar. You “enroll” any file (document, picture, video, whatever) by hashing its contents and uploading it to the Bitcoin network. To be clear, your file is not uploaded to the blockchain, only its representation of it which is derived from the SHA-256 hash algorithm. Then to ensure it has not been tampered with or modified in any way, you or your audience can verify it by uploading it into our software, which then hashes it again to check if the hash produced matches the one originally stored on the blockchain. Even if 1 letter, 1 pixel or 1 frame from a video, picture or document is missing, a different hash will result and our software will notify you that it has been tampered with.
Who created it and when?
LockChain is my brainchild born in the winter of 2022, but it was a very different idea back then. Originally, I visualized creating a Bitcoin-based smart lock system, hence the name. I pictured a smart lock and a smartphone as lightning wallets and the microtransactions of lbtc between them acting as a communication channel to lock and unlock the door. The lock would be programmed to open by recognizing the address it came from. It was an intriguing idea to me. I spent some time modeling and planning out the design but eventually discarded it. Spring quickly approached and my summer contracting business picked up. In the following winter of 2023 I revisited the idea. However, my priorities have changed this time. I felt as if smart lock systems can wait, because there’s a new threat on the horizon and it’s evolving fast.
Why Create it?
I have been in the Bitcoin space since 2016. My journey to maximalism started similarly to many others; came for "crypto", stayed for Bitcoin. During the 2017-2018 bull run, my YouTube algorithm was mostly crypto orientated and therefore I got many of those ads. For the first time, I encountered the scam ad videos. These ones were trivial. It consisted of CEOs of projects, mainly the Ripple founder, giving a presentation in some room or setting with an audience. This presentation did really happen, I remember watching it. But the scammers edited the video so that as the actual presentation was playing, the screen also offered free giveaways of XRP if you visit the site and verify your wallet (AKA relinquish your private keys), or send x amount to receive x amount, or other clever tricks these losers conjured up. These types of scams in this era were quite easy to distinguish as clearly fraudulent.
Then came the 2021 bull run. The scammers were back with a vengeance. This time around I noticed they got a little more sophisticated. Interestingly enough, they love to use Ripple for some reason. I noticed the Ripple scam ad started to propagate my YouTube algorithms again, but this time the scammers edited the video with a voice changer. At this time it was possible to upload someone’s voice and have a voice changer recreate it. Then, using text-to-speech, the scammers would write their script for the ad and overlay it on the Ripple CEO giving his presentation, with the usual scam website or QR code overlaid on the ad. This way it would sound like the Ripple CEO is saying the script using his voice. This method was more believable than the 2017 method, but still had its weaknesses. For instance, the voice overlay, and the actual mouth of the person wouldn’t be lined up, which is why the clever scammers used a video of a presentation where the camera is further away and the CEO’s mouth can’t be easily seen. Also, the voice changer was a little off-putting, too robotic, and not human enough. Still, people kept falling for it. Scam victims were on the rise.
Now, here we are in 2024. It’s getting much, much worse. With the advent and rise of multi-modal models, deepfake technology has evolved to a scary point. I will get into much greater detail of LLMs, transformers, deepfake technology and AI in general in another blog post. For this bull run, I am already seeing scammers utilize deepfake technology and although I can still discern them from reality, I can’t say the same for others, especially for the more at-risk cohorts (boomers, non-technical users, etc.). I’ve seen all sorts of deepfake scams already; Michael Saylor from MicroStrategy, Larry Fink from BlackRock, even Andrew Ross Sorkin from Squawk Box. This time, the deepfake tech matches the scam script to their mouth, the voice is much more realistic and human-like, and even incorporates synchronized body movements like blinking and head turns with their speech. Although I can still discern the difference between real and fake, I am an exception. I have seen this many times before and am very familiar with this technology and AI in general. But can the same be said for our parents? Grandparents? Our non-technical friends?
Where are we going?
I have always portrayed LockChain as a proactive company. We may not need it today, but we will need it tomorrow. To answer the question of where we are going with LockChain, we must know where AI and deepfake are going, and the implications of those for digital identities. I will explore those topics more deeply in another post.
Here is a stark prediction of mine: within the next 12-18 months, it will be impossible to distinguish between real or fake humans on a screen. I think of this as the Turing test for AI generated visuals. Within another 24 to 36 months after that, AGI will be here. This means that human-surpassed intelligence(s) will exist alongside us that can generate themselves to be indistinguishable from us. Furthermore, I believe AGI this decade will be able to do anything a human today can do behind a computer and keyboard, but better since they are more intelligent than us. The implications of this are staggering. This means ‘they’ can create their own social profiles if released into ‘the wild’. Do your really believe a Are you human? captcha can stop a superhuman intelligence from creating their own account? If you don’t understand the concept of exponentiality, I highly recommend you read my Fold 15 blog post to put in perspective what it means to evolve exponentially.
I am not anti-AI but I am not naïve either. I am cautiously optimistic and desperately proactive. This is why I created LockChain. We need a way for humans to prove to other humans that they are humans. As far as I can tell, the only way to do that is to use something only humans have that AI and robots do not: biometrics. And the way to publicly prove to the whole world that you are human that nobody can tamper with is Bitcoin’s blockchain.
If we get this AI thing right and safely aligned with us, I think humanity will enter a Golden Age of Abundance. But with positive abundance comes negative abundance. There will be a plethora of malicious scams and potentially dangerous AI as well. Just like with any other tool, we must ensure the good guys with the good tools are always ahead of the bad guys with the bad tools.
Don’t Trust. Verify.