With the recent Twitter hack, implicating individuals including Elon Musk, Bill Gates, Joe Biden, and a few others, Cardano founder Charles Hoskinson spoke about the issue in his most recent Whiteboard video.
In proposing a solution to this problem, Hoskinson suggested that Twitter does not need to “change much,” and that “Twitter works.” He added that Twitter does not need to make radical changes and that the authentication and verification process should be easy to use and understand.
In addition, the IOHK CEO said that the process should be built on solid foundations, no business model changes should be made, and it should be cheap and easy to maintain.
With the foundations of solving the issue, Hoskinson explained that cryptographic signatures could be a part of the solution for “fixing Twitter.”
“A signature is where somebody takes a message, […] and they sign it with a mathematical function using their private key, and that creates a signed message.”
Verification can be authenticated as the public key will be able to determine whether the course of action taken is legitimate.
Digital Identification Foundation
Hoskinson introduced a new standard, called the DID (decentralized identification) standard, which originated from the W3C. DID provides a standard to handle online identities using public and private keys. DIF, the digital identity foundation utilizes the DID standard, which is made up of members including Microsoft, IBM, Hyperledger, IOHK, Accenture, and others. He added, “There are lots of standards and we’re building this as a community in an ecosystem.”
The DID standard, as explained by Hoskinson, can be used for cryptocurrencies, as a part of the public key function.
Introducing the idea of “Verified Tweets”
The Cardano founder’s idea of a “verified tweet,” includes the process of sending out the tweet, then creating a hash related to the tweet, and finally a signature with the user’s private key. The hash is linked to the tweet, to verify the tweet hasn’t been tampered with, and the private key is used to sign the tweet.
This would process would result in two tweets, a verified tweet, and a regular tweet. The verified tweet would have the display of the tweet along with a verified symbol, while the regular would not. Hoskinson argues that this process would not be changing the Twitter verification process drastically. He added:
“A verified tweet would allow me to verify that the person tweeting controls it. […] The issue with the Twitter hack is Twitter itself was hacked, so how about we implement this type of solution without requiring Twitter much for that?”
Hoskinson’s proposed solution for Twitter
A user can simply create a new decentralized identifier, or import an existing DID to a whitelisted ID verifier. The whitelisted ID verifier could be a government identity or VeriSign, and this entity could check with all the supporting evidence provided in the process to ensure that the identity presented is legitimate. The verifier would then sign with their key, which then sends it back to Twitter.
Once Twitter receives the DID, they will be able to sign it as well, as long as it meets Twitter’s standards. The DID will have two signatures, one from the whitelisted authority, and the other from Twitter. The user would not be able to forge the signatures, as the user does not have those private keys. However, the user would be able to control the private key associate with the DID. The DID will then be embedded in a blockchain.
Taking the Cardano blockchain as an example, there would be beneficial features, including timestamping, auditability, and immutability. Hoskinson added:
“When the DID is embedded there, you have an ordering of events. You know when it first came in, and you can change it over time. It’s always there. Audit means that anybody can check it, in the entire world, no one can restrict your ability to check that and immutable means that nobody can change the record once it’s there.”
Cardano’s Prism framework
Charles Hoskinson further elaborated on Cardano’s Prism, which has a lot of built-in capabilities that would make the verification process easy on both providers, Twitter, and the whitelisted ID verifier.
With this proposed process, even if Twitter gets hacked and the hackers decided to send out a tweet from a user, the user would only be able to send out unverified tweets. Hoskinson said:
“You can even have a policy for high-value users that they can only send verified tweets, they can’t send anything else, meaning no one can tweet on their behalf.”
By utilizing the Cardano Prism framework, capabilities including threshold proofs, which requires the users to have certain qualities, including age or access. This would be enabled by zero-knowledge proofs. Hoskinson explained:
“The benefit to the end-user is that when we see Trump, or Bill Gates, or Elon Musk tweeting, we now have verified tweet to verify that it’s actually coming from them. No more giveaway scams, they die forever. No more impersonations, if Twitter itself gets hacked, doesn’t matter — no one can actually compromise the account.”
According to Hoskinson, the option of multi-sig tweets would allow for an extra layer of security and curation by having chains of signatures.
The IOHK CEO said that he would be happy to build this process, concluding, “Jack [Dorsey] you know where to find me, send me a private message, I’m sorry you guys went through this but […] great companies always recover, and they recover through great ideas.”