InSTEDD-private personal data store with zero-knowledge auth

Encrypted, distributed personal vault that can be accessed only by the owner, without having to share secrets with the holder.

There are a number of issues with most current solutions for managing identification and private data in developing countries:

- Biometrics are good for identification, but not for authorization, as it has been documented extensively.

- Tokens  work well as a second factor authentication (never first) but require a fallback mechanism as they can be stolen or lost.

- Mobile phones are lost, shared, and simcards change. Relying on a phone number for ID or authentication is tricky. 

- People either use trivial passwords or they forget them. 

- In unsafe situations, people need plausible deniability to their private data: the ability to claim that they honestly can't access their private data, so that they can't be forced to do so. Neither biometrics, tokens or mobile-phones enable that.

We want to create a solution that enables the distributed storage of an encrypted personal vault in a way that the identification of the owner and its authorization addresses the issues described before. Distributed so that multiple government agencies and private companies and NGOs can keep and share a copy and encrypted so that only with the authorization of the owner can that be opened and accessed.

We believe that can be done by using elements from modern cryptography, including zero-knowledge proofs, to generate personal safe private keys that can be used to recover forgotten passwords, without requiring any computing infrastructure on the owner.

We address 3 issues that all current identification and authorization solutions for developing countries fail to solve simultaneously:

• Assuming trust in the holder of information: the organization that stores the personal data, has access to it. This gets even more complicated in situations where that data is shared across many organizations.
• Burden on keeping a "key” for authorization on the user: a token, a mobile phone or a paper document.
• Prone to forced access: Biometrics authentication, tokens or documents do not enable plausible deniability, i.e. the ability to believably claim that one does not have access to i's own information.

• Data is encrypted at rest in the data holder, and the data holder does not have the keys to unencrypt it.
• Access and sharing of personal data can only be granted by the owner
• Biometrics, tokens or phone numbers are not used for authorization (but could be used for identification).
• It enables the owner of data to deny access to his/her data by claiming to have forgotten–or simply given wrong answers– to security questions.
• It does not require the owner of the data to share any private information (address, national id, birthdate, etc.) with the holder of the data,  while still enabling the holder to validate that the owner does have access to that information and therefor is who he/she claims to be.

We plan to develop a set of lightweight libraries and apps that could be mounted on top of existing infrastructures and integrated by means of standard protocols. 

Our solution enables authentication, password generation and recovery by means of a set of personal questions (name of mother, father, village of origin, nickname, etc.)– without having to share the answers to those questions with the holder of the data.

That means a super friendly mechanism: no need for protecting and carrying a token or paper document, no need for keeping the same phone number, and a fallback mechanism if a password is forgotten. 

We work with open-source, common standards and open APIs in all of our projects. 

Our proposed solution does not require any physical component on the owner of the data (mobile phones, tokens,etc.) and since the data store is distributed, offline copies could be kept on frontline-workers, eventually-connected health-posts or remote offices.

Low literacy users could simply access their data by responding a set of questions and not having to remember a complex password.

The solution would be composed of a set of small libraries and apps that would mount on existing elements and protocols, so maintaining it could be done by an open-source community formed by members of organizations that are benefitting from this platform. 

The cost of scaling would only be that of adoption from additional parties, since there are no per-user costs that need to be covered. Most of the necessary investment would be needed around implementation into existing systems and training of users.

• Human-centered design
• Resource-constrained software development
• Cryptography
• Distributed systems

No constant revenue is needed to maintain the solution as the only operational costs would be that of already existing infrastructures. Funding for developing, scaling and implementing this could come from a consortium of interested parties.

We have a promising idea and we believe there's enormous potential in exploring the combination of diverse pieces of the puzzle that already exist. Funding for building a proof-of-concept could advance this opportunity.

The technical ideas that power this solution are somehow complex and novel, so significant effort will need to be invested in materials that explain it and enable it's implementation.