When we first set out to build SimpleID, we didn't know we would ultimately build a Web3 engagement platform. We went down a path of building a passwordless, non-custodial Ethereum wallet, something that hadn't been done before. We didn't end up launching the wallet for a variety of reasons, but in the process of building it, we discovered the need for an engagement platform, and we were able to re-use much of the technology we had built for the wallet. Specifically, we were able to re-use a the technology we had designed to keep the wallet non-custodial to build a cryptographic isolation process that, for example, prevents us or our customers from being able to connect a user's wallet address to their email address, despite us storing both pieces of information.
As part of creating a passwordless wallet, we needed to ensure that we could encrypt data with an encryption key that we neither had access to nor did the customer have to hold and maintain. For this, we used an authorization and identity service coupled with a cloud Hardware Security Module (HSM). With some significant customization, we made the system work without a password and had the makings of a passwordless wallet. We could do the following:
- Authorize users using their email
- Generate identities for those users that we could not connect to their email
- Allow those identities to access cryptography capabilities on an HSM
- Permit our users and customers to encrypt and store data with private keys that we didn't have access to, that they did not have to remember
We then added public key cryptography to this system enabling our users to encrypt arbitrary data for themselves or other users without us ever needing to manage their private keys directly. Taking this one step further, we architected a database system where we did not store user information in a single location--we then used cryptography to create a linkage between the two loacations, preventing us from being able to map the a user's data to personally identifying information about the user. It was great for a non-custodial, passwordless wallet. But as it turns out, it was even more useful as a system for communicating with people in Web3.
Engagement and communication is a big problem in Web3. Today, most dApps communicate through Twitter, Discord, or Telegram. Indirect communication is the equivalent of billboards. You don't know who will see the message, no matter how critical the message is. As part of our engagement platform, SimpleID is solving this.
We wanted to enable all sorts of communications. This means segmenting users based on blockchain data and then providing the tools to send in-app notifications and emails. Email communications is the tricky part here. dApps don't generally email their users today because of the premium placed on privacy in the space. In many cases, associating an email address with a wallet address could mean revealing the real world identity of someone that could have thousands to millions of dollars in crypto.
This is where our cryptographic isolation process comes in. If a dApp wants to be able to email their users, they can simply pass through the email address and the wallet address to SimpleID. We will then use the cryptographic isolation process mentioned earlier to encrypt the mapping of email to wallet address. Once stored, we can never re-associate that information. Instead, the dApp is able to decrypt the information needed to email users (unique identifiers) and send them to our server for the actual email to be sent out. All SimpleID ever gets is a unique identifier that matches an email (not a wallet address). Our customers see a simple interface like this despite the complexity under the hood:
The user experience is no different than using many of the most convenient Web2 engagement applications. Yet, the underlying cryptography is complex enough and strong enough to ensure user privacy that matches the Web3 ethos.
To get a better understanding of what's happening with the cryptographic isolation, we've created the following diagram.
This isolation process opens up a whole new world of opportunity to dApps. Instead of relying on indirect communication, they can engage with their users and keep them informed even after the users have left the apps. This is a necessary quality if Web3 is ever going to grow. Crypto-savvy and techno-enthusiasts may be willing to put up with a constant Twitter feed of information just to catch important notifications from the applications they use, but mainstream users outside of crypto will not.
SimpleID provides in-app notifications, email communication, and will soon have mobile push notification support. If you care about talking to your users and keeping them informed, we're live now and ready to help you.