Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Privado ID & Quark ID: On-Chain ZK-Powered Unified ID - Diego Fernandez & Evin McMullen
Episode Date: January 1, 2025Traditional KYC and AML regulations have often forced companies to comply, without having the right tools to do so. Simply storing users’ personal information led to the creation of security honeypo...ts which haven’t gone unnoticed by hackers. Web3 solutions like Privado ID aim to cryptographically prove certain traits from a user’s personal data, without disclosing it to the enquirer. This is usually made possible through zero knowledge proofs which allow users to store their personal data on their own device and only exchange verifiable credentials with trusted issuers. City of Buenos Aires has adopted a similar implementation through their Quark ID system, a digital trust framework that creates a new digital identity system, giving people control over their information.Topics covered in this episode:Evin’s background and founding DiscoPolygon ID acquisition and blockchain agnostic decentralized IDsDiego’s background, from private to public practicePrivado ID and its registry of reputation issuersUse cases, DevEx and UXKYC and regulationsBuenos Aires digital ID systemReal world applications of Quark IDUX frictions and solutionsZK verificationSocietal impact and adoptionEthical considerations around DIDsThe role of blockchains in other real world applicationsEpisode links:Evin McMullen on XDiego Fernandez on XPrivado ID on XQuark ID on XSponsors:Gnosis: Gnosis builds decentralized infrastructure for the Ethereum ecosystem, since 2015. This year marks the launch of Gnosis Pay— the world's first Decentralized Payment Network. Get started today at - gnosis.ioChorus One: Chorus One is one of the largest node operators worldwide, supporting more than 100,000 delegators, across 45 networks. The recently launched OPUS allows staking up to 8,000 ETH in a single transaction. Enjoy the highest yields and institutional grade security at - chorus.oneThis episode is hosted by Friederike Ernst.
Transcript
Discussion (0)
Identity data, data that describes our addresses or us, sometimes representing institutions, or even AI agents,
right now is not terribly standardized and is often optimized for really niche use cases, not composability or interoperability.
We've essentially created on-chain the same silos we have in Web 2, but these ones are slower, more expensive, and less interoperable.
So Privato ID enables unified identity.
That means you can prove your identity, traits about yourself, your capabilities, preferences, qualifications on any chain, any device, anywhere.
We realized that it would be actually very valuable to bring to market a protocol agnostic solution, not bound to any single blockchain.
Our first goal was to be the protocol, completely open source, because we finally have the vision that society should be able of reading and
understanding how are we dealing with personal information.
Just as there are many identity issuers in the world today, nation states, so too is it important
that we support an open ecosystem where many sources of identity can be used composably
together.
Welcome to Epicenter, the show which talks about the technologies, projects, and people driving
decentralization and the blockchain revolution.
I'm Frederica Anz, and today I'm speaking with Evan McMullen, who is the co-founder of Privado
ID and Diego Fernandez.
who is the former Secretary of Innovation for the city of Buenos Aires
and the co-creator of Coke ID.
Before I get started with Evan and Diego, though,
these are our sponsors this week.
If you're looking to stake your crypto with confidence,
look no further than Corse 1.
More than 150,000 delegates,
including institutions like BitGo,
Pintera Capital and Ledger trust Corus 1 with their acids.
They support over 50 blockchains
and are leaders in governance or networks like Cosmos,
ensuring your stake is responsibly managed.
Thanks to the advanced MEV research,
you can also enjoy the highest staking rewards.
You can stake directly from your preferred wallet,
set up a white label note,
restake your assets on eigenayer or symbiotic
or use their SDK for multi-chain staking in your app.
Learn more at chorus.1 and start staking today.
This episode is proudly brought to by NOSIS,
a collective dedicated to advancing a decentralized future.
NOSIS leads innovation with circles, NOSIS pay, and Metri, reshaping, open banking, and money.
With Hashi and NOSIS VPN, they're building a more resilient privacy-focused internet.
If you're looking for an L1 to launch your project, Nosis chain offers the same development
environment as Ethereum with lower transaction fees.
It's supported by over 200,000 validators making NOSIS chain a reliable and credibly neutral
foundation for your applications. NOSISDAO drives NOSIS governance where every voice matters. Join the
NOSIS community in the NOSISDAO forum today. Deploy on the EVM-compatible NOSIS chain or secure the network
with just one GNO and affordable hardware. Start your decentralization journey today at NOSIS.
Hey, Evan and Diego, it's a pleasure to have you both on.
GM, it's great to be here.
Thank you so much.
It's a pleasure being here furthering.
Super nice.
Maybe let's get started with a little bit of background on both of you.
And I'll start with Evan, so ladies first.
Evan, tell us about your journey up to and into Web 3.
So thank you so much for having us here today, Frederica.
It's wonderful to be here, a big fan of the FSA.
our podcast. So very proud to be able to share more of our work right now. My journey on chain
began a little over 10 years ago. As a student, I had the privilege of one of the world's
best professors who introduced me to decentralized technologies and Bitcoin. Several years later,
I started working at a company called Consensus, building out the Ethereum ecosystem and introducing
decentralized technologies to governments, institutions, and brands around the world. After
spending a few years, building in the decentralized space, I realized that we did not have enough
data on chain to coordinate more than the defy that we know and love today. And that's what led me
to the identity space to bring the world's largest real world asset on chain verifiable data
in service of our identities. I remember meeting you for the first time kind of when you had
just started disco, which was then kind of acquired by the polygon
ID, which is now Privado ID, making your co-founder of that.
So tell me about starting disco, because kind of like at the time, it was a slightly different time than it is now.
So kind of, yeah, tell us about that and kind of like how the environment has changed.
When I started a project called Disco a couple years ago, there was no way.
for you to use your existing crypto wallet to manage data written about you that didn't live
on the chain, that there was no way to use your existing wallet to selectively share parts of
yourselves in a verifiable way. And so the way that we approached identity was from a very different
manner than many had before. You know, the sort of friendly language that we used, noting that you
are the multifaceted center of the party, just like a disco ball, I think helped many.
of our most technical colleagues think about identity in a different way. In the years since,
we've seen the concept of identity, verifiable data, credentials, and decentralized identifiers
go from being the weird thing that Diego and Evan were talking about and no one else was talking
about to something that is a common topic amongst investors, founders, and builders everywhere.
So I definitely think 2025 will be the year of identity, but part of that is due to the long run-up
of our efforts proceeding.
So tell us about the acquisition through Polygon ID.
So obviously kind of identity is very much vertical that kind of tends towards consolidation
just because there's no real value at in having several competing identity solutions.
So kind of tell us how the acquisition came about and kind of like what your considerations were going into it.
So for Drika, first, I'm going to politely push back a little bit on the need for or the reality that multiple identity systems exist.
Just as there are many identity issuers in the world today, nation states, so too is it important that we support an open ecosystem where many sources of identity can be used composably together.
And actually, that's one of the challenges I see in many, you know, potential other solutions or offerings that have been presented.
They are monopolistic and cannot be used together.
But we live in a reality where there are multiple institutions, multiple sources of reputation, multiple apps, multiple nation states.
And so that's why I think that the open ecosystems, you know, in which Diego and I build together, offers the only viable way forward.
And in service of that open ecosystem, actually, that's what first led me to, you know,
meet my now co-founders who are then working in the Polygon ecosystem.
For those who might not be familiar, Polygon ID is the identity system initially optimized
for the Polygon blockchain. But its roots run much further back than that. Starting in 2017,
a group of very capable researchers and builders here in Barcelona, Spain, invented what
are libraries that are now used prevalently across the world, including Circom and Snarkjs.
These cryptographic capabilities then formed the roots of the Hermes blockchain, which then led to today's Polygon ZK EVM.
So our colleagues, you know, deeply steeped in ZK capabilities and identity specific to one chain, then realized we now live in a multi-chain world.
So earlier this year, when we sat down together to discuss integration between Disco and then Polygon ID,
we realized that it would be actually very valuable to bring to market a protocol agnostic solution,
not bound to any single blockchain, because, of course, human beings, agents, and institutions
are likely to interact with multiple protocols throughout their day, not just one.
And so your identity on chain needs to be interoperable, all the places in the connected world
that you go, not just one protocol at a time, like a silo unto itself.
So through the course of discussing technical integration, we have to be a different.
actually realized that our stacks complemented one another pretty well from Disco's protocol agnostic
approach and strong focus on developer experience and deep ZK expertise and R&D from the Gigacad
engineering team over at then-Polygon now privado ID. So joining hands with my co-founders,
Sandeep Newell, Jordi Bellina, David Zee and Anthony Martin, we now lead a team unified together
under the focus of bringing identity to the world, its agents, its institutions, and most importantly,
its DGENs.
Super nice, yeah.
So we'll dive into kind of how it works under the hood in just a bit.
But, Diego, super nice to have you here too.
So you have a, you have walked a very different path to kind of Evan.
So kind of you were also kind of an IT entrepreneur, but then you kind of,
entered public service, right?
So kind of what motivated you kind of to this transition
from the private sector to the public service?
I have been an entrepreneur for all my life.
I was, I started my first company
since like 30 years ago.
So I had this entrepreneurship experience
and I got the chance of getting me to go,
into government, by my coincidence, to be honest.
And my first thought was, I want to stay here just a couple of years.
And then I fell in love with the immense power of transformation that you have when dealing
with the public sector.
Of course, there's this downside, which is public sector, is this big, fat elephant to move
it around.
I mean, you need to push really hard.
I did a six-year term in a big slam upgrading project that I helped the first.
and fund rates with the institutional banks as World Bank and IDB,
being the biggest in Argentina.
And then I became the Secretary of Innovation of the city of Buenos Aires.
I started getting involved in first in cryptocurrencies from a financial perspective
and short months afterwards, I fell in love with the Bitcoin white paper,
and then after that I fell in love with the ethos of the community.
And I think that that is kind of a pill that once you take,
you're in you can't leave anyway
and how I got involved in identity
it's a funny story actually because
in 2019 I started the process
of getting my Italian passport
because my family
in past generations came from Italy
and I went through all these
so cumbersome process of getting
of course the birth certificate of my
great grandmother I expected that to be a hard one
because it was in Italy in 1800s,
and that, of course, should be difficult.
But the funny story is that getting the birth certificate
from my father and for myself,
digitally, because I had a digitally signed document,
had to go through all of these nightmare of signatures
and physical signatures in the Argentine Ministry
of Foreign Affairs and the Asia Council.
I mean, this cannot be true.
This is not even 20th century.
This is 19th century.
And that is the reality that we live by.
And it was such a difficult process.
It took me nearly six months,
dedicating regular time on a weekly basis.
But I started to investigate and say, hey, come on,
and we need to change this.
And that's how we got involved in Quarkaddy
when I was offered the post as Secretary of Innovation
and said, hey, okay, I'm going to take this.
On one condition, this is the thing that I want to do.
This is my, this is the project I would like to lead.
And I got the UK from my former boss in that time, the Metro of the city of Buenos Aires.
And something like one year afterwards that, in 2021, I mean, we started getting to know with Ebbing.
We were just perhaps the only two guys speaking in crypto events about ID, and everybody looked at us as, hey, you're not doing DFI, you're not doing Manecoins, you're not doing NFTs.
What are you talking about?
But fortunately, since we always share together today, identity has taken a very different role in this space and everybody is looking at identity in a different manner.
And I am convinced that we need to get a work on chain.
And I'm convinced that the way of achieving that goal is through identity.
And then, of course, the roadway for financial usage will come, but the main onboarding tool will be able to it.
You make a lot of super interesting points.
And I think kind of like this
talking about kind of like this connection between governments
and identity and decentralized identity systems,
we will spend a long time talking about this.
But before we dive right in,
I have a pure curiosity question.
So kind of you said that you spent a couple of years
upgrading the biggest slum in Argentina.
And kind of the way that you got there
was a little bit by coincidence.
I mean, tell us about that coincidence.
So kind of like, how do you go from being a tech entrepreneur
to kind of trying to kind of, you know,
embark on this urban transformation of an entire city, part of the city?
Well, my first job in government actually was,
and that's the coincidence, a friend of mine
was going through a very difficult process,
which was the former secretary, sorry,
former Minister of Education of the city of Buenos Aires,
which unfortunately he was diagnosed
the English World for that is
AMS, I don't know,
degenerating illness, which is very bad.
He got the job as Minister of Education
and he said, you know what, I need your help.
You have experience managing companies
and managing new projects.
I'm going to be my chief of staff.
He said, okay, I'm going to try it.
But the time I had to be.
decided to take an absence leave of two years and say, I'm going to try this new thing.
I got involved in that and again, the power of transformation is so amazing. It's very
difficult because I always like the thing that in the private world, you have a two-dimension.
I mean, you have someone which reports to you and when you put an objective and set up a task,
in general, the task gets done or consequences arrive. In the state, that's kind of different
because the people that work for you, most of the time,
you kind of, I mean, they are just there,
and you kind of move them.
And you have this kind of three-dimensional gaming,
which perhaps the guy reporting to you,
his political boss has more power than your boss.
So, I mean, you get all the, it's intricate wave of world things that you to tackle.
And this slum in Buenos Aires was a huge, or was a huge slam,
something like 50,000 inhabitants in the middle of the city,
in perhaps the most expensive part of the city,
and it has been there for more than 100 years.
So they asked me if you say, hey,
why didn't you set up a team and design, study what had happened here
and what has been done around the world
and come up with a project to deal with that?
So I spent something like one year with a team studying
and designing that solution,
but it came up to be a,
very expensive solutions, something like $300 million.
So let's get the money.
So I started sort of, this was the first timer,
sort of fundraising in the public sector,
and that means speaking to the World Bank,
speaking to the American Development Bank
in order to get the credits for doing this.
And we did it.
To be honest, I love doing new things,
but it's hard to get a project
that is so, so emotional and impactful in your life at that one.
Because you're dealing with real people, changing real people's life.
And it was a huge project.
And we relocated one thousand families just two blocks away to new houses.
They were living under a highway in a place which was devastated.
And we basically built all the infrastructure to the drainage, electricity roads.
they were mostly dirt rows
and whenever you come to
Louis-O-Syres, Evan or Frederick,
we go and take a look around
what's been done there because it's amazing.
And then it came back to technology then.
I would absolutely love that
because I think kind of the part of me
that just loves fixing stuff.
I think kind of like the problem solving part
it sounds like
like an incredibly rewarding kind of project to embark on
because it's so real.
It's so, yeah.
For me, the most difficult part is actually not the doing,
the building, the constructing houses,
the fixing roads or building drainage.
The biggest and most difficult part is gaining trust of a big community
because those communities have been neglected for so many years.
years that when they see a public officer, they instantly distrust you.
You know what?
This is another time they're going to do nothing and we're going to keep on suffering.
So gaining that trust takes time and it's by far the most difficult task.
Yeah, I think this goes for builders worldwide on-chain and off-chain.
So, yeah, 100%.
Maybe that's kind of segue into Privatio and then kind of,
we can make our way back to Miba, the Buenos Aires identity system.
So, Evan, tell us about kind of Privado and kind of what parts it's made up from and kind of
how these kind of play together.
So privato, I think, enables unified identity.
That means you can prove your identity traits about.
yourself, your capabilities, preferences, qualifications on any chain, any device, anywhere.
The reason for this solution is that we currently live in a very fragmented world on chain.
Identity data, data that describes our addresses or us, sometimes representing institutions
or even AI agents, right now is not terribly standardized and is often optimized for really
niche use cases, not composability or interoperability. We've essentially created on-chain
the same silos we have in Web 2, but these ones are slower, more expensive, and less interoperable.
However, we see a unique opportunity to leverage zero knowledge proofs for interoperability
and to take the headache out of identity and many kinds of compliance for builders.
From a technical level, Provado ID starts with a few smart contracts, a registry of issuers of reputation.
These are proven authorities in their subject matter, such as KYC compliance.
However, there are a variety of different types of identity data that can describe you.
For example, your chess.com score can now be taken out of the application and safely to the chain through our infrastructure as well.
So this registry of authorities of reputation can then issue verifiable credentials to recipients, individuals, institutions, agents.
these credentials are kind of like diplomas, statements written about you, signed by another party,
encrypted against your keys, secure so that only you can decide to disclose them.
Then Provado ID makes it really cheap, fast, and easy to create a client-side proof on your mobile device,
and then to publish evidence of that proof on chain, such that you can initiate or disclose to any application or service
that you indeed embody those proven traits. Provado ID's network of our Oracle network then enables
this data to be syndicated or called upon in other chain environments so that you can prove a trait
about yourself in one chain or one application or one service and reuse that data again and again
and again. For this reason, we are often referred to as middleware infrastructure, sitting in
between blockchains and applications, making it easy to reuse and build on top of data from multiple sources.
A few fun capabilities that Provado ID has introduced to the world include ZK revocation of credentials, so that, for example, if your KYC status changes, those credentials can be revoked and their shared private state can emanate across chains.
Additionally, we also allow the ability to refresh these credentials.
So, for example, if you have a proof of how much ETH you have in one wallet that you want to be able to prove in another, and that balance changes, you can actually refresh that proof.
without interrupting any of the outside processes that might rely upon it.
So in this way, we enable shared private state of identity data across chains
and make that really simple from a ZK perspective,
abstracting away a lot of that complexity from developers.
If you're interested in interacting with or building on Provado ID,
I would probably first direct you to our friendly JSSDK and embedded wallet.
Make it really easy to be able to plug in access control based on certain traits
or capabilities. For example, age verification has become a popular topic in recent weeks,
as Pump. Dot Fun recently had their live streaming taken down for lack of age verification.
With Provado ID, we make it easy to prove and reuse proofs of age so that apps can build
adults-only experiences that are safe for their users. Similarly, access control based on KYC status,
location and other essential traits allows us to bootstrap on top of trust that has already been
built or can be asserted in the IRL or Web2 world and to bring that valuable RWA of our
real world data on chain. So when you say there's different entities that can attest to things,
does that mean that kind of there's different KYC providers kind of integrated into this or kind of like
chess score providers or a kind of like like whatever kind of attestation kind of you're looking for.
So is, is there like an entire host and kind of who picks who I kind of who I authenticate against?
That is a great question.
So yes, exactly as we were discussing earlier in our conversation,
there are many sources of reputation in the world already.
KYC providers, nation states, companies that it may attest that you work there or even peers,
who know you and can say things about you.
So any address is able to make statements about others,
but based on how they present themselves,
how they set up, what qualifications or capabilities they provide,
of course, those can be presented differently.
The Provado ID, marketplace of reputation issuers,
is broadly diverse and growing by the day,
including multiple KYC providers.
Okay. And say kind of like now,
let's look at this kind of from the user side of things. So say I want to enter a Web 3 application
that is age 18 and up. What do I do? So it depends on how that application wants to request
that proof of age. If they're interested in doing so in a privacy preserving way, they can
visit our query builder without having to deal with any of the complex zero knowledge proofs.
Instead, they can use a friendly interface, click a few buttons to decide they would like for their
users to be over the age of 18, let's say, and then they can select from multiple sources of
reputation, multiple providers or issuers of reputation whose data might indicate that you're
over the age of 18. For example, if you've passed KYC, that means that you are likely over the
age of 18. Additionally, if you have a national identity document that indicates your age,
that could be used as well. And so this is an example where as a verifier or the party verifying the
data to allow you into my space, I may want to accept multiple different types of inputs to
indicate your age to me. This is consistent with the way that age proofs work in a variety of
different instances where you might be able to, for example, use a utility bill or a credit card
in Web 2. So we want to make sure that flexibility is just as available for builders in Web 3.
From a user perspective, what that looks like in your actual application experience would probably
be something to the tune of connecting your wallet as you would normally to a Web 3 Dap.
Inside of that wallet being presented with a request for age proof, you could click a button
to elect to disclose that you are above that age. And so then sort of validate your
qualifying trait on chain, but would not disclose the underlying data such as your actual date
of birth. And then, just like that, in a few seconds, you'd be able to enter your application
and proceed happily on chain. Super nice. If I kind of think about this from the other point
of view, kind of that of the dev developer, how do I make sure that the source that's kind of
emitting this attestation is actually a good source for that.
So kind of like if kind of like when I integrate a KYC provider, for instance, say I use
SAMHSAB or OnFIDO or something, I mean they are usually kind of like regulated in some way,
kind of I know things about them.
Is that the same is the same true for kind of interacting with them on your platform?
I think that is a really important thing to point out that just because an address has signed
a statement doesn't mean they are an authority on the subject. For example, if I, Evan.eath,
decide to sign a credential that says Diego has passed KYC, I don't know that Frederica would recognize
Evan as a legitimate KYC provider in accordance with government policy. And that's why the issuer
registry is important. Furthermore, for legally binding or legally accountable situations where
KYCAML means to be followed in accordance with certain regional laws, there can also be additional
commitments between issuers and verifiers made to guarantee, for example, the retention of data
or its reusability. In some jurisdictions, and I know this because we have encountered this
problem before, kind of in principle, kind of having this attestation sounds fantastic. And obviously
it's kind of like a much better solution than kind of like having tons of people's passports
somewhere on your cell. But in many jurisdictions, you actually need more than the attestation.
You actually need to save the clear text somewhere. Do you think that's changing? Or do you think
that's here to say? So I absolutely think that there are many places in which the old school
form of KYC requirements will remain in place. But there are a variety of new technologies and new laws that
evolving the standard. For example, recently, a passporting regime has entered the scene in the
EU and places like the MENA region. So, for example, if we are all European banks, that we can
all rely on one another as obligated entities. We can pass data between each other without meaning
to recheck it, sort of called a passporting regime. Similarly, we now have awesome decentralized
storage solutions such as our colleagues over at IDOS that enable sort of proof of existence
of this data and enable access to the clear text data behind KYC checks based on certain,
you know, certain requirements such as legislative or legal inquiry. However, that decentralized
storage can also permit the user to request deletion of their data that can then be reflected
across the network. So as we're seeing more, you know, progressive regulation and more nimble
technology in the ZK space, I'm really looking forward to this process becoming a lot easier.
When we think about KYC, often we have one KYC issuer and they have sort of one client or recipient
for whom they're performing that process. And that's it. So that by the time you may, you know,
enter into a second or third KYC process, it's like your first day on the internet and you have to
begin from zero.
We're starting to see this premise of reusable KYC or reusable credentials being offered as a solution
to have kind of an interim step to a totally open ecosystem.
We sometimes call this one-to-one KYC is kind of the old-school way, and one-to-many KYC is one-KYC provider and many verifiers of that data.
So this sort of one-to-many premise, I think, is the intermediary step where we're starting to see the kind of most
progressive practices. And I think that's kind of what's going, what the ecosystem is going to look
like in the next call it two years to come. Yeah, let's hope so. So let's loop back to kind of the city
of Buenos Aires, because so far we've kind of talked about Web 3 and Web 3 and Web 3. So let's kind
of bring the citizens of Argentina into this. How does the Buenos Aires digital identity system
operate on a technical level?
We developed, I mean, not we alone, but we and the local original community in the crypto space,
we developed Quak ID, which is a self-sovereign identity protocol based on the W3C standards of the AD
and verified credentials as Privatore ID and many others are using out there.
Today we're anchored in the KSync era chain, but the protocol is by definition multi-chain.
As a matter of fact, we started and we anchored it in Rostock, which is a layer two running on top of Bitcoin.
We anchored it on Polygon as well.
We anchored it in Ethereum layer one.
We anchored in StartMet.
And finally, we decided to go through with the K-Sync.
But we have today in the GitHub, the protocol is open source
and has been declared digital public good
by the Digital Public Good Alliance.
Anyone can take the code and anchor it.
It's not that hard of a job in any type of blockchain.
How do we do this?
Okay, our first call was to build the protocol, completely open source,
because we find we have the vision that society should be able
of reading and understanding how are we dealing with personal information.
Even if we're using blockchains, because putting personal information in blockchain
is for me a no-go.
You can put claims or whatever, but not PI because that's extremely dangerous.
In the case of work ID, information is only stored on device.
So, of course, the government or the issue has the information,
but there's no central database of information anywhere.
What we do as a CV is, let's be speak,
how we were operating before and how are we operating now.
Before, we have basically two doors open.
The first door was the door that our Web 2 application used,
in which you had your application, you had your login and password,
you had to go through a biometric process in order to verify your, to KYC yourself.
And once you had that, each time you open the application,
the application sort of pulled for this API
and got this kind of electronic documents,
digital design electronic documents into your application.
That was the first door open.
The second door was the verifying door.
So when someone wanted to verify, whichever birth certificate or thing you presented to another third party,
there was a verifying door which authorized verifiers had access for an API keys in order to be enabled of verifying citizens.
And that basically presents two big problems.
The first one being we have open doors with personal information to the Internet or low-hab firewalls and security procedures and credentials and so on.
things get hacked every day.
And for me, it's not a matter of if, but when are you going to be hacked?
Just to give an idea, last year, the Zero Phono Cyrus, the 2024, the Zero for No Cyrus received
over 30 million attacks per month, because people are not to hack government.
So you're always a big, big target.
Today, those two doors are basically closed because the first,
door, the issuing door, gets only opened one time to issue the credentials.
And then the credentials residing your phone.
And you don't need to have a permanent door open for people downloading credentials
each time they open their app.
You open the door, mean the credentials close the door.
And it's a temporary door.
And the second thing is you don't need a verifying API in order to check the validity
of a credential.
Because within the credential and following the W3C standard,
you have a location of an array of bits,
which the issuer can change from one to zero for each credential
to enter mind that credential is valid or not.
Let me give you a real word example.
Today we're minting driver's licenses on the Quark ID protocol
using the Mibara wallet app.
Maybe my driver's license expires in December, 2026.
But maybe, I don't know, the day before yet,
Yesterday, I was stopped for a control and I gave positive for driving and drinking or driving
under the influence.
Hence, the police has the authority of revoking or doing a temporary revocation of my license.
And that is a lot that exists in Buenos Aires.
If they catch you drinking, you can do a license revote.
You need to go through a course, certain courses and things and pay fines or whatever,
because, of course, you may not drive under the influence.
police has the authority of revoking that license without touching your wallet and without touching your credential
because they just put a flag on the specific location in which the bid corresponding to your wallet is
and they put that from zero from one to zero so the level of security and the level of privacy
that the city of Buenos Aires now has and is able of managing personal information is
an order of magnitude better than it was before.
Okay, so there's a lot to unpack here.
So maybe let's kind of go back to kind of the technical underlying.
So kind of like you have the Quok ID chain and that's kind of anchored in the number of
different blockchains.
But kind of who has the authority to kind of write to that chain?
Because kind of it can't be everyone, right?
because, I mean, the police officer should be able to kind of invalidate your driving license, at least temporarily, but I very much shouldn't.
Right.
So kind of how do you manage the access here?
Well, Quak ID is not a chain.
Okay.
Okay.
We anchored, we just anchored the DID, which is basically a hash identifying your wallet in the chain.
That's the only thing we put on chain.
Each issue, each issuer decides where their belief.
is stored.
That may be a what to access,
that may be even stored in chain,
that may be a postgres service with an appi.
That is a decision which is made by each verifier,
by each issuer, sorry.
So you as an issuer, when you mean your credential,
you put a lot of information,
but basically two information regarding credential validity.
The first one is,
where is the array of validation located,
and second, which is the position of that credential within that array.
So the verifiers don't need to contact the issue each time they validate someone
because they just unload that array locally as a verifier,
and they check it locally.
They don't need to contact the verifier.
So the only one able of altering the validity of a credential is the issuer
because they have the complete control over that bit of arrays
that determine the validity of each credential.
So in this example, kind of the issuer is the DMV, the Department of Motor Vehicles.
It's not me, right?
Kind of I don't issue, is it me?
Kind of like, do I issue my own driving license?
No, right?
It's the government, right?
Yeah, I mean, it's the equivalent to the DMV for the Syroponosaurus.
That's right.
Okay.
And then kind of like for each one of these documents, there's a,
different, there can be a different authority that kind of can alter the record, right?
Each issuer has complete control over how they issue their credentials.
And this is important.
As the issue has no way of altering the credentials that you have in your wallet because
they are under your control, this validity.
this validity strategy is precisely so as not, because you can touch, you can modify any issued
credential because they already issue under the control of users, you can specify if the credential
is still valid. That was the example of, as Kevin mentioned before, hey, something in my KYC is
altered. The KYC issue needs to be enabled of saying, hey, this has changed. This is no longer valid.
You need to reissue your document. And here there's a combination.
between an interesting combination between the technical side and the regulation side.
Let me give an example.
I don't think that there's a document which has a greater stability as a birth certificate.
You're only born once.
But anyway, that document may change because, I don't know, maybe you change your name, for example.
So that document may exceptionally change.
And the percentage amount of birth certificates that get changed is so, so.
so, so small. But anyway, it's not zero. So for example, today there's kind of an international
regulation that when presenting your birth certificate, it needs to be issued within a 30-day
window of being presented, which is pretty absurd. But I mean, that's the only way that
sort of governments and verifiers are able of saying, okay, I reduce the risk of this birth
certificate being modified, and I accept a 30-days window. Maybe I changed my name, I don't know,
29 days ago and that birth certificate is invalid.
And this is the interesting combination between regulations and technology.
Because of previous technology of digitally signed documents, you had no way of perhaps
verifying that the document is still valid.
With this type of technologies, you can do that perfectly well without even contacting
the issue.
I think now I kind of understand the first or that kind of you spoke about kind of like
going in.
Let's talk about kind of like the second door, right?
So I'm now kind of, I now have something in my wallet and tell me what exactly I can do with it.
So kind of like, say, kind of you're in the position that kind of you need your own birth certificate or kind of your father's birth certificate.
How does having Kukai D.O.Miba, how does it help you?
Just to give you a real world example, today the main two have 65 different credentials being issued.
from the government, and we have several private parties
meeting credentials, and maybe we can then touch on that,
because private parties can mean credentials without any type of control or even,
I mean, the government doesn't even, is not even able of knowing
technically who is minting credentials, and there is a decision.
I mean, you decide who you trust.
Anyway, we have 65 different type of documents.
Today, the main two use cases are birth certificate and driver's license
free and citizens
credentials. When you go through the KYC
in process, which can be
done in two different ways,
you can either do it digitally
using the MIVA app or you can
do it physically whenever you go to
renew your driver's license or you take an
appointment in the public health
system or whatever, then you get
sort of KYC and are you given the right to issue
to mean your credentials?
First, a use case is presenting your birth certificate whenever the birth certificate is required.
For example, when you are in Argentina with a requirement that you need to present your birth certificate
because you need to give your underage children a permit to travel offshore.
So if you're underage children is going to another country, you need to have a permit signed by both parents.
And when you do that, you need to present the birth certificate.
of both parents.
Yeah.
Today we haven't done yet the
reference of the travel permit,
but that will be done in the future.
So that is a real-word use case.
Second real-word use case.
In the city of Buenos Aires,
we have 3.5 million registered
users and almost
2.5 million monthly
logins in our websites.
So today
you can log in your website, just
scanning a
QR code, and
exhibiting and not that exceeding, but presenting to the website, to the website systems,
the citizens credential. So you scan a QR code, no username and password, and you get into
the website, and you can do whatever thing you need to do with the government. And the third
use case, which is probably the most popular, is the driver's license. So today, if you have a driver's
license issued by the Bureau of Buenos Aires, and we have a lot of driver's license, we issue
like 50,000 K per month.
A policeman stops you, shows you a QR code,
you scan the QR code,
and the policeman has approved
that you have a valid driver's license.
And that is just starting,
because our strategy here,
and I think we have discussed
lengthy this with having,
the critical part here is adoption,
is how do we get people on boarded?
How do we get people to start using the technology?
And for me, the first required
thing for doing that is people don't need to know. I mean, they shouldn't know that they're using
blockchain technologies. You need to have a pretty straightforward app and pretty easy to use app that has
no difference at all with what tool. Of course, if you are web-free, savvy user and you know your
stuff, and then you can do whatever you want, you can download whichever wallet or give your credentials.
but I always mention the same case
my 85-year-old mother
won't sign transactions with Metamask
won't even understand what Metamask.
It shows you she needs a pretty straightforward
web to up that she can use
to have her driver's license
or whatever thing she wants.
So that is something which is required
and in my perspective
governments have a big power to do a reverse
adoption lifecycle
because governments have something
which is very bad but can be used in a good way,
which are the services that they provide
are usually monopoly.
So if you want a driver's license from the zero phone or service,
you have nowhere to go.
You need to get a driver's license here.
So that's a really big opportunity
in order to perhaps go for some friction,
but after that,
all of the community has the ability
of benefiting from people being outboarding
on the system and being on chain.
Talk about the friction, about the user experience problems that kind of you had to overcome
or that are still there for the users of the system.
We took a big decision, I would say the starts of 2014, February 2024.
When we started, we wanted to go full cipher frank.
So we say, you know what, is it going to be everything open source, the wallet is open source,
self-custodial, and that required us basically to have an open-source wallet with no government
duplication at all. Hence, you need to do something, which is basically a KYC or signing in the
government wallet, to then be able of downloading your credentials in the Quark ID open-source
wallet. We did some testing and basically regular users. We have something like 25% of the population
over 60 in Buenos Aires.
It was pretty hard.
I mean, people didn't get it.
They're having two applications and so on.
Then we decided to take this big approach and say,
hey, you know what?
We're going to do two flavors.
If you want to go full self-custodial,
you can do it.
You can download the Quark and the Wallet and get your credentials there.
But if you're not that much into technology
and you don't want to mess things up,
We just change the architecture of a what to app, embedded the quark ID rails inside it, and it's a custodial app.
And of course, you have the two alternately.
You can choose to go self-custodial, when you choose to go custodial.
I use the work-a-d wallet.
My mother uses the MIVA wallet.
And we're fine with that.
I mean, it's a user choice.
It's our user's choice.
So from my user's perspective, the data friction is not that much because by pursuing this strategy,
basically one day users realized that their Miba application got updated.
We changed the logo.
And the first time they opened the application, they had to go for this onboarding process.
If they didn't have a KWIC, they didn't need to do it.
If they had a KWAC, they just had to log in.
And then it had this kind of a one or two minutes processing,
which the DID got created, the credentials got minted and so on.
Afterwards, the second time you open the wallet is instant,
because the credentials store locally.
Okay, yeah, super interesting.
And I think also kind of like this dual path,
I think that makes a lot of sense
because, yeah, I think kind of like finding
a solution that fits all
kind of greatly reduces the space
in which you're moving kind of design-wise.
Sorry, just to give you one number,
we launched October the 21st,
the Miba app embedded with Quark ID.
and as of today, we onboarded 250K in 45 days.
And we onboard the 2 to 3K users per day, sorry.
Those are crazy numbers in crypto land.
Let's talk about kind of like the ZK aspect of what Evan talked about earlier.
So kind of say I'm stopped by the police because I seem to be driving erratically.
And they kind of, they look at my license.
do they see everything that's on there?
So kind of like say I'm licensed to kind of drive a car and drive a truck
and drive a motorcycle, but I'm in a car.
So is there a way for me to kind of restrict them from seeing whether I'm also allowed
to drive a truck or it's kind of maybe it's more relevant kind of in terms of birth
certificate?
So kind of like when I sign the transaction saying that my kids are allowed to.
to travel abroad.
Is the person who kind of sees that signature?
Can they see that kind of like, I've been married and he was three times and I have
eight kids and kind of like I have changed my name ten times or something?
Is that all embedded or do they just see, okay, she's the mother and she signed this and
it's good?
This is a very interesting question because, again,
technology and regulations travel travels at different speed.
So technically today, we are able of just showing that you are able of driving.
And the police should be okay with that.
But regulations don't allow that.
Regulations require the policeman to see every aspect of your driver's license,
which is completely crazy because they don't need to know where you live, for example.
It's something stupid.
But, I mean, from a technological point of view,
we can do a selective disclosure of, for example, your age when my daughter goes into a bar,
and that's okay.
The bar has no regulation to determine they just need to be sure that someone is over 18,
and we can do that.
But from a driver's license perspective, today regulation requires that the policeman
sees the driver's license.
And that leads to change.
And today we have the technology for that to change.
But again, regulations and technology travel at different.
basis.
And
regulation eventually
will catch up.
Let's hope so.
So do you see
any societal impact
since you've launched
the Miba and Kokea ID app
45 days or so ago?
So is there something that
kind of clicks for people
or is it just another kind of piece of software
they use as a good citizen?
I hope
there's just another piece of software
because if it changes
too much is we don't want to disrupt society.
We just say, hey, you know what, this is who I have a driver's license,
and can show it, it's scanning a QRCO, and that's it.
It's a piece of software.
What happens under the hood is just, I mean, it's lovely, but it's thin for nerds,
and society doesn't care about it.
The greatest impact that we are seeing is private companies and institutions getting
on board, because they say, hey, you know what, this is amazing.
We can sort of get rid of several aspects of personal information and security that we used to deal with,
and now we have a much better way of doing it.
Hey, this is a real work scenario.
Again, FinTech, and we are modifying the regulation in order to achieve that.
Pintech said, hey, you know what, if I get presented the credential of the city of Buenos Aires,
then I could get rid of the KYC in part of doing,
going to what Evan was saying about reusable KYC.
Can I get rid of the KYC and the onboarding process,
which is costing me basically 50% drop-off rate in my onboarding process?
Oh, yes, you can.
Again, technically you can.
We need to come up with certain regulations in order for you to do so.
And the great ability that it provides, for example, university,
banks or whatever of minting credentials on their own at a zero cost because we already paid
for the creation of the DAD and they can meet credentials at zero cost.
So we have the second biggest university in Argentina starting to mean credentials for the
students because the students have this sort of benefit in certain jobs and commercees in Buenos Aires
that they can buy with the discount because their students are okay, you present the
the credential of a student of this university and then you get a discount.
The same thing happens with banks.
The second largest retail bank in Argentina
integrated this technology within their wallet
because they offered this possibility
to subnational states in Argentina
and say, hey, you know what,
we give it this wallet with our banks' services
and you can put your government documentation inside the wallet.
So all of these different applications
that institutions, private institutions,
and I mention big institutions,
there are two big,
electric, all sorry, gas companies, which are starting to mince the utility business
benefit credentials so people can show that as a proof of address.
And even much smaller, much more companies or startups, for example, we have a crypto
half here, which is called Grosimito, and they're doing pop-up cities once every three to four
months, which is called Alef, and the Alef passport credential is minted on top of Quak ID.
And for them it's pretty easy.
They just download the issue or start minting credentials, and people can either use Quack
ID or they can use the same wallet of the Sierra Buenos Aires.
That's super interesting, kind of hear how it works in practice.
I now have a question for you again, Evan, and I think I'll have a question for you again, Evan.
And I think I'll have the same question for you, Diego.
So pay attention to what Evan says.
So what ethical considerations kind of arise with blockchain-based digital identity systems?
Or maybe kind of to reframe that, what's the unhappy case?
What could go wrong?
As Diego was noting earlier, the practice of publishing data on a public ledger can get dicey
when we start talking about data that describes human beings.
You know, I often think of blockchains as the most public and permanent form of expression that human beings have ever had in our existence as a species.
And so, you know, certainly exposing private data, especially data that can be used to marginalize or harm people in such a public and permanent forum can have devastating effects.
We've already seen that the exposure of potentially harmful personal data has, you know, has exacted all consequences.
of havoc on individuals around the world from hacks or even malicious publication of personal data,
not to mention the many different laws that prohibit the disclosure of personally identifiable
information in a form that cannot be deleted and cannot be protected and cannot abide by law.
The bare case for, you know, for poorly built monopolistic doxing technologies is that we fail to
take advantage of the unique tools and capabilities of zero knowledge proof, scaling solutions
and blockchains for their security, and instead make short-term compromises that add to the fragmentation
of our ecosystem and endanger the individuals that we would hope that they serve.
The United Nations is actually named as one of their sustainable development goals, I think
16.9, that by the year 2030, the objective is that all people in the world will have legal
identities. And I think that it is unlikely that these sort of more niche monopolistic solutions
could possibly breach that goal. There are 850 million people in the world right now that do not
have, you know, provable identity documentation. And so as we start to consider a global implementation
of this tech, we need to consider it truly, globally, in the places where the, you know, privileged and
technical literacy that we enjoy here on chain that is not necessarily equal to all. And so that's why I
think privacy preserving technologies, legally compliant technologies, and, you know, optimal user experience
for everyone from our DGens to their 85-year-old mothers, like, you know, our forensic
Park idea of building are so essential to avoiding that bear case.
Yeah, that's several interesting points you're making there, Evan.
Geigo, from kind of the practitioner's perspective,
what are you afraid could happen?
I wouldn't say what I'm afraid could happen,
but I'm afraid of what is happening.
And we see it every day.
early 2024, the national people registered in Argentina got hacked and 65 million identities
were stolen.
So you got personal information pouring all over the place.
Something like four months ago, the national driver mobile, the national driver's
license institution got hacked and you had a telegram group in which you put the someone's
ID number, you get a photo of the driver's license.
Oh, that's terrible.
As crazy as it sounds, so people started entering the internet
telegram channel and they put the ID numbers of famous people,
the president, the Ministry of Security or whatever,
and they got, you started having it on Twitter,
the driver's license of famous people pouring all over the place.
So last week, two of the main hospitals in the three of the main hospitals,
in Argentina got hacked, and all of their medical records got obliterated and ransomware,
and they asked 150 BTC to get those records back.
So people, and I have a couple of friends working there, were forced to, for example,
instead of when you do whichever study, a blood test or whatever, instead of using their systems,
they were forced to print out the study and carry the papers all around.
So that is what is happening today in the type of.
solutions that Privalo and Evan's team is working on that we are working on is kind of
getting us out of that reality in which instead of having our database and information open to the
internet and instead of even worse creating this sort of concentrated databases full of different
sources of information which is perhaps the biggest risk building this monopolistic and
and centralized vision and, hey, let's give users a beautiful experience,
gathering all of the data into this big, big warehouse and say,
that is going to get cagman.
So I think that that's a huge, that's a huge risk that the things that we are building
definitely is avoiding.
That's a very valuable reality check.
When you think about Privatio ID and Buenos Aires kind of in the,
the blockchain space. What are the developments that are currently underway? So are there new features,
integrations, regions of focus? Because right now, it's only in Buenos Aires, right?
Today is used in Buenos Aires. We have partnered with a GopTech, a Mexican GopTac company.
And we are implementing, it has been implemented in Nuevo Leone, which is a state in Mexico,
this Monday, just for companies, that's for starters,
and we're hoping to evolve into driver's license
in the next couple of months.
We're doing the same with Monterey
and with three different provinces in Argentina
and speaking with several governments,
both municipal, subnational and national
around the region and the world.
Cool.
And kind of going beyond kind of identity,
What role do you both kind of see blockchain playing in other aspects of governance and society?
I can hop in with some thoughts there.
I think, you know, from our unique vantage point in the identity space,
we get to see a lot of the diverse use cases that are not purely financial come to market
because they require more than token data alone.
I think from a global regulatory discussion, you know,
know, we're starting to see really progressive laws, such as Mika come into effect here in
the European Union, where zero knowledge proofs will be permissible methods of legally proving
data. This is, I think, a dramatic difference from a few years ago when few people even in the
crypto space could explain what a zero knowledge proof was. I think what this means, essentially,
is that governments are starting to recognize the diversity of not only identity, but compliance,
age verification, business identity, and even in the upcoming EU AI bill that will go into effect
in 2026, AI agent identity. So the sort of range of these different capabilities then asks us
the question, what will the impact of blockchain transactions be for these different capabilities?
at Privatio ID, you know, two sort of camps where we receive a lot of requests for support.
One are in the agent identity space, enabling agents to transact on chain and develop
reputation such that they can coordinate with one another more easily.
And then also in the institutional space, there's over $2 trillion of capital trapped off
chain because it cannot enter the permissionless offshore casino and commingle funds with
unknown parties. So bringing permissioned liquidity into defy through institutional development,
I think is also a meaningful way that we can move value on chain, leveraging these more
maturing identity technologies, and also bringing space forward as a whole.
Super nice. So if others, be it governments, businesses, individuals kind of want to get involved
in shaping the future of digital identity, how,
how can they do that and how do they find what you guys are doing?
In my case, you could just go to quarkid.org and check our website there.
Or you can contact me at Fernandez-Dio, which is my name on Twitter.
Fantastic. What about you, Evan?
For all C-Gens, civilians and builders alike that are interested in the identity space,
we always welcome you at privato.id.
or at Provado ID on Twitter.
In terms of activities that you can try right now,
you can, of course, explore our libraries,
our embedded wallet marketplace,
schema builder, query builder,
and many other tools and capabilities.
So we have a lot documented for those who want to build
at many layers of the stack,
from the protocol, all the way up to applications.
And certainly, I would encourage everyone
if you are feeling in a mood to move
or to physically go somewhere,
Diego mentioned earlier the pop-up cities of Aleph, which I have heard are a really outstanding way to
touch and experience a lot of these new things we're talking about in person. So I personally
look forward to joining one of those and definitely would include that in my recommendations.
I mean, thanks so much for that. We have a run in Pop-A city right now, but it's ending up in one week,
so you're kind of late. But we'll do another one in March, so you're more invited to come. I hope
to have you here.
So in that case, you've heard that, dear listeners.
Please join us in March, Frederica, if your schedule allows.
I'm sure that we would love to see you there too.
Perfect.
Thank you both for coming on.
What a fun topic to discuss.
Thank you so much, Frederica.
It was an absolute delight.
Thank you guys so much, and we will see you on chain.