Authentication and Compliance

Closely connected to transactions are the topics of the right to make transactions and the ownership of funds. For example, while there might be sufficient funds to buy something (for example alcohol), there could be restrictions on its purchase (age requirements).

Ownership and origin of funds are typically providence of know your customer regulations. When a money service business like a bank or exchange opens an account for a new customer, it is usually required to collect basic facts about the customer and where he acquired his funds from.

The technological challenge is that in the process of submitting this legally required information, the user sending it has no guarantee how it will be used, stored and if it will ever be destroyed. Compliance information is commercially valuable. It could be stolen for identity theft or resold where regulations permit.

For Cardano, we want to innovate as much as possible. On the software side of protocols, there is little to provide a guarantee that the receiver of compliance information will behave within a scope of conduct. However, on the hardware side of protocols, using trusted hardware, one can leverage Intel SGX and other HSMs to enforce certain policies.

Thus we are exploring using Sealed Glass Proofs alongside a sharing policy to permit the safe transmission of compliance information to a verifier who in turn is forced to comply with the policies it was transmitted under. We believe that both uniform standards could emerge and also that this method will reduce risk to verifiers by preventing the loss of customer data from hackers.

As a corollary to this effort, the layered model we propose for Cardano separating value from computation also can benefit from this approach. If the computation layer is run by regulated entities (say exchanges or casinos), then they would need to conduct compliance checks and potentially enforce tax policy on users.

Using SGPs, the user can send funds alongside personally identifiable information without concern that it will leak into the broader internet or be preserved by the consensus nodes of the computation layer. Furthermore, the computation layer would gain certainty that all users transacting are authenticated and legitimate.

This paradigm also allows for customer portability between regulated entities. Exchanges could transfer balances and accounts for customers instantly through these safe channels and also — where policies permit — share data with regulators.

We expect our first beta test of this technology to be conducted in mid-2018 with an aim towards Cardano integration in late-2018 to early 2019 pending research results. This timeline also assumes the ability to collaborate with ARM and Intel in order to get code signed to run on their hardware31.


31: See Intel SGX Commercial License Policy.

Last updated: July 17, 2020 11:40 UTC

© IOHK 2015 - 2022

Cardano is an open-source project.

Cardano is a software platform ONLY and does not conduct any independent diligence on, or substantive review of, any blockchain asset, digital currency, cryptocurrency or associated funds. You are fully and solely responsible for evaluating your investments, for determining whether you will exchange blockchain assets based on your own judgement, and for all your decisions as to whether to exchange blockchain assets with Cardano. In many cases, blockchain assets you exchange on the basis of your research may not increase in value, and may decrease in value. Similarly, blockchain assets you exchange on the basis of your research may fall or rise in value after your exchange.

Past performance is not indicative of future results. Any investment in blockchain assets involves the risk of loss of part or all of your investment. The value of the blockchain assets you exchange is subject to market and other investment risks