Ingo Rübe, Founder of KILT Protocol, explains all things KILT-related in his own words.

Ingo Rübe Project Lead

“The Polkadot Network takes an approach that could solve the problems of the current blockchain generation. A new ecosystem is being created in which KILT Protocol, among others, plays a decisive role in realising the vision of Web 3.0”

— Ingo Rübe —

Where did the name KILT come from?

Ingo: We were looking for something that represents identity without revealing identity. And that’s actually what a kilt is. All the different lines and colours in the pattern tell something about you. So the kilt shows which clan you are from, it shows that you are probably Scottish, but it doesn’t reveal your first name and it doesn’t say if you have a university diploma. That’s also what KILT Protocol is all about – what we call selective disclosure.

And the purse that is worn with a kilt is a “Sporran” – that’s where our wallet got its name.

And of course in the real world, in a sporran you might find another wonderful thing from Scotland – Scottish whisky. So we named our testnet “Mash-Net” after the mash used to make whisky. KILT’s mainnet is called “Spirit-Net”, and our gas is the “Angel’s Share” – that’s the whisky that evaporates into the heavens from the barrel. All good things!

What are decentralised identifiers and credentials?

Ingo: Let’s start by saying that KILT Protocol is a system for maintaining identities. And here comes the first interesting part: an identity is something different from an identifier. 

If we have an identifier it’s just a name or a number – it doesn’t say anything about an identity. So for example, my name is Ingo. If my identifier is Ingo, that doesn’t say that I’m from Berlin, it doesn’t say that I am working on the KILT Protocol, whether I have a driving licence or not; it doesn’t say anything about me. It doesn’t really contain any information, it’s just an identifier. And if there is only one Ingo here and you direct a question to Ingo, I know it’s me you’re talking to. But if there are two Ingos in the room we never know, so it would be good to have those identifiers a little bit unique.

This is the first part: Identity starts with an identifier, which is what all the other things are linked to. And many of these things in our world are linked to the identifier with credentials. So think of real life; I have a passport from Europe and it basically says “Ingo”. And it also has a picture of me, and other things, but it can be directly linked to me because I am Ingo and the word Ingo is there on the passport. But the passport gives more information about me because, for example, it says I’m European. And this passport is what we call a credential.

So identity is built by adding more and more credentials to an identifier.

If you want to build a digital identity you need both an identifier – for people or things – and then you need different types of credentials which are linked to the identifier. Then step by step you produce a digital identity.
And this can also be done for machines. The identifier of the device could be a very long number for example. This device can be identified by this number because this number is unique to it. And then, step by step you add more and more credentials to it, like an IOT device that is compatible with a certain standard, for example. Then the device gets an identity. And if the identifier is registered on the blockchain it becomes decentralised, because the blockchain doesn’t store information in any one location; it’s spread across a network of computers.

What are verifiable credentials?

Ingo: There are several parts to this.

First, credentials are built on trust. Trust is not generated by the blockchain, trust is something that happens in the real world – that’s how our society has been working for thousands of years. 

KILT takes the old process of top-down trust in the real world and puts it into the digital world.

Anyone can build a credential. You could make your own. You could print your name on a piece of paper and stick your photo on it and write on it that you can drive, but people might not believe it just because you say it and made your own credential! 

It would be better to use one that is already there, that is already trusted, like a driving licence from the government department that deals with them. That would probably have your photo, your name, it would include a vehicle class. You can go to most places in the world and they will look at it and look at your photo and say, ok, I trust it. It looks like a driving licence and you look like the person in the photo.

But digitally, when you give your credentials to someone there’s no photo. I can wave a physical credential at you, but a digital one I can’t – it’s just numbers.  

So now we need a trusted entity to confirm that those numbers really mean what they say they mean. In KILT we call this the attester. We’ll go into more details on how the attester works another time, and how we know we can trust them, but basically, they confirm, or attest, that the information is true. They do this by digitally signing the digital credential and then sending it to the claimer. They also create a hash of the credential – a number representing the information – and store it on the blockchain. It’s not personal data or the document itself, it’s just a hash.

The important fact is: the credential is issued by the trusted entity to the user. And the user owns the credential. They can decide when to show it, to whom and for what purpose. The trusted entity is not involved anymore. So, if I receive your credential because you want to hire a car from me, you show me your digital driving licence. I check with the blockchain to see if this hash which comes out of your credential is actually present on the blockchain. If it’s present on the blockchain, it’s fine. You can hire the car and drive away. The driving license department will never find out about you hiring a car.

That’s why we call it a verifiable credential; it’s a credential that can be verified. Simple!

Why do digital credentials need to be revocable?

Ingo: Well, what happens if you drive crazily and the driving department says, “Give the licence back, we don’t want you to drive again for the next ten years”? In the real world they would ask you to send your licence back and you don’t have it any more. But in the digital world it’s just numbers. Even if you send it to them and say “Hey, here’s my licence back,” you still have a digital copy. So there needs to be a way that the attester can check that everything is still okay and, if it’s not, the attester can revoke the credential. 

And that’s what we use the blockchain for. The KILT blockchain makes credentials revocable; so if the attester wants to revoke your digital licence, they can just put another hash of the credential representing your driving licence on the blockchain to show that it has been revoked.

Then if you go to hire the car and present your credential, your digital licence, it looks OK at first. But when I check the hash I can see, yes, there was a credential once but this one was revoked. So I don’t let you hire the car.

And that’s why it’s so important to have an identity that stores the VALIDITY of a credential. But that’s the kind of thing you don’t want a big corporation to have. They might think “Hey, we could just revoke everyone’s credentials until they pay us a lot of money” or whatever. It could be the most dangerous company in the world. 

This is why the validity of credentials does not belong in the hands of a company. It has to be on neutral ground, revocable for attesters but immutable to anyone else. And that’s the reason we use a permissionless blockchain for it.

What does “self-sovereign” mean?

Ingo: It actually means something very useful. It means that you hold your credentials. In the real world you hold your credentials in your wallet, or in your home. So you have sovereignty over them, basically. But in the digital world you don’t. For example, if you want to register with a social media platform, you choose a username and password. And they check to make sure that the username isn’t already taken and that your password has enough numbers or letters. And if everything is okay, this is now your username and your password and you’ve got an identifier. But you don’t have your credentials – the platform does.

And then you go on the platform and you like certain things and maybe post a comment or two. And depending on the platform, you can add photos, or university status, and a passport or location, and the identity is growing. And you can link other things to it. These are all your credentials. This is your behaviour, and this aggregates there – with the platform, not with you.

We want to change that. With KILT you have your digital credentials. You keep them in your wallet and if someone asks for your credential – your driving licence or whatever – you can send it to them. And this also affects anonymity because when you have sovereignty over your credentials then you can choose what you show to people and how much of it you want to reveal. And a blockchain-based system allows you to do that.

Is KILT going to put my identity on the blockchain?

Ingo: This is exactly what we don’t do! What we do is give YOU control over the data. We don’t store it on the blockchain, it’s stored it in your wallet. We only put a hash showing that your credential is valid – or not – on the blockchain.

What is a hash and how does it work?

Ingo: A hash is like making a Chicken McNugget out of a chicken. So, the credential is the chicken and the hash is the Chicken McNugget. You can always take the chicken and make an identical Chicken McNugget out of it, but you will never be able to take a Chicken McNugget and make a chicken out of it! So it stores much less information than the chicken, but is still a Chicken McNugget that was made from a chicken.

Take your bank account number – the IBAN in Europe, for example. It starts with DE in Germany and it’s followed by two numbers – let’s say 68. These first two numbers are a hash. After that you have a big long number.

So, if you change a single digit in the long number, the hash changes dramatically. It could change from 68 to 54 for example. And this is how the IBANs are made safe as you often make a mistake when you type in an IBAN. And every computer can check very easily if the long number – if it was hashed – gets the small number. The hash is the small number so it has much less information. If you take the long number, it will always produce the same hash. If you change it a little bit it will produce a completely different hash. 

But everyone can see if you just have the hash, the 68, that you can’t make the long number from that because it has much less information. What we store on the blockchain is just the short number. And if you send in your credential, we can always produce the same number again out of that and we can check if it is there. A mathematician would say it’s a one-way function, so it goes only in one direction, in the direction of a chicken to a Chicken McNugget. If you take the long number you will always get the same small number. If you take a different long number you will get another small number. If you only have the small number you have no chance of creating the long number with it. So if we put the hash on the chain it’s impossible to reproduce your credential from it. It’s the number that represents your credential but has much less information in it.

How does the data stay private?

Ingo: You keep control over your data and you decide who you want to give it to. Once you give it to someone, they can check whether it’s valid or not by checking the hash. And this hash is the only thing that is stored on the blockchain.  

But privacy is more than that; it’s something that has to be provided in different ways. So, going back to the driving licence example. If you want to go into a bar you might have to prove that you are over 18. In the real world you can choose any of the credentials you have in your wallet to prove that – your driving licence, or identity card, your student card, whatever. 

And you can show this to the person on the door. They just need to see your picture and your date of birth to prove that you are over 18, but they don’t need to know your name, or anything else about you – you can choose to put your finger over it and you will still be let in. This is what we call selective disclosure and this is also a part of privacy.

What exactly is blockchain?

Ingo: In simple terms, blockchain is a digital, decentralised database, or record of transactions. So when you think about blockchains you have to start with databases basically, and these are something that are even older than credentials.

Databases are around 4,000 years old. They started with our ancient ancestors – they put symbols into clay and started to record things like how much tax someone owed, and that sort of thing. And this was the first central database. You had this piece of clay with all this information on it and this piece of clay told the truth, in a way. And if you wanted to know how much tax you owed, you could look at this piece of clay. This principle of a central database is the fundament of basically almost everything we have. Our governments wouldn’t work without that, society wouldn’t work without that, banking wouldn’t work without that; this is really a huge success in history, these databases. 

But they have some disadvantages. The first is that if you drop the piece of clay on the floor, then it breaks and it’s gone. Well, modern databases aren’t made out of clay, but they are still very easy to break. You could make a copy, but then there can be errors in copying it. You could have two different types of information and not really know which is the real one. The second thing which is terrible about those databases is that they are controlled by a single person normally, and that a single person can be bribed. So they can be connected with corruption. So you have a lot of disadvantages. 

But you have also advantages, because you have a central piece of information, very easy to handle, very easy to administer, the governance of it is totally easy – the king, or civil servant or whoever says you write this down and only you write this down on this piece of clay and everybody can read it and we’re good to go, right? As long as the person isn’t corrupt and doesn’t die. So that’s basically how central databases work. 

And modern central databases are extremely fast, extremely cheap, extremely easy to administer and this is why they are somewhat successful. But like the ancient ones, they have these two little problems – they are very easy to break and very easy to corrupt.  

If you want to build a system to get away from that, a nice and easy solution is blockchain, because this is a system where you don’t have only one copy of the thing. You say basically everyone can be a bookkeeper and everybody has the same book. If something is added to the book then everybody has to add it, which is extremely hard to administer, extremely slow and extremely expensive. 

But it is completely safe; if one of the books falls down or one of the machines explodes, because you have 999 copies of it, it’s not a problem. And if one or two of the bookkeepers goes corrupt, it’s also not a problem because you have 998 others who are not corrupt. And with every new entry they have to agree that the book they all have is the same version of the book again. And this is the basic idea of blockchain. 

So what can you do with something like that? You use this if you don’t want to trust a single entity or person, because with a database you always have to trust the person running it. I can read it but I have to trust what they actually wrote into it is true. And there might even be an intermediary, and I have to trust what they wrote in there too. 

If you want to get rid of the intermediary you can use the blockchain and have the actual truth in the system, which is defined by a democratic majority of the bookkeepers and mathematical algorithms. And if you say everyone can actually become part of the system and be a bookkeeper as well, then you have the wisdom of the crowd and can say it’s probably actually the mathematical truth. So we change from trust in a person or entity to the mathematical truth. And most people believe the mathematical truth.

And if there are thousands of computers that have agreed on something like the balance of my account, then I can believe it much easier than believing a single person or institution. Because they might have made a mistake, or been corrupted. This is what you use the blockchain for. It doesn’t work for everything – in the past people tried to build many crazy things with it, like closed logistics chains, and that doesn’t make sense. If you only have three partners interacting and they run a blockchain together they actually have to trust each other because they’re running the system together and it’s not open – it would be much easier and cheaper for them to run a database and all have a key to the database. Blockchain only makes sense if you need to work together without constantly making use of a trusted entity. The blockchain replaces the trust in an entity with the mathematical truth.

How does a machine get an identity?

Ingo: Identity is made up of two things – an identifier and the credentials attached to it.

So you can give a machine, or a device, an identifier – a very long number for example. This device can be identified by this number because this number is unique to it.  And then you can just add credentials to that identifier. Like, an IOT device which is compatible with a certain standard. That could be a credential. Or certificates, capabilities – they are all credentials. And then, step by step you add more and more credentials to that identifier and then the device has an identity. This is what KILT Protocol is all about. A system that people can easily use, not just for people, but also for machines and for services and whatever they like to build identities on – this is what we created in KILT.You can read more about machine identity in our blog here.

If a device gets an identity, how can that be used in the real world?

Ingo: For example, if you have a cell phone, this phone has a unique number, which is called the IMEI, the International Mobile Equipment Identity. That identifies the device. It is printed somewhere in the hardware, so you have an identifier already. You could then start linking it up to more and more credentials which say if I use this cell phone then it can open a door, for example. So that would be a credential that could be added to your cell phone while the cell phone itself is identified by an identifier.

Can everything get an identity?

Ingo: Sure. Let’s take a chocolate bar. A chocolate bar doesn’t have any electronic things in it but you can give the chocolate bar an identifier by just printing a long number on the package. And then you could add credentials to that. For example, to say it is made out of fairtrade chocolate. And this fairtrade chocolate credential is issued by an NGO, which decides what is fairtrade or not. 

And if later they change their production method and it’s not fairtrade any more, the chocolate maker still has the credential and they can put it on their package all the time. So the attester, or the NGO, needs to be able to recheck if everything is still okay. And in this case, they see it’s no longer fairtrade so they can just revoke the credential. 

And then a consumer could possibly scan the number and find out from a database if this chocolate is really fairtrade or not, and if it contains anything that they could be allergic to, like peanuts or whatever, and all this information can then be stored and can be verifiably made public. So it’s not only for people and electronic devices, you can give anything an identity.

Does KILT create identities and credentials?

Ingo: No, KILT works as a simple protocol. It provides the infrastructure for entrepreneurs or companies to build their own product to create, or issue, or present and verify digital credentials.

So, using the example of fairtrade chocolate again, if you are the organisation that attests that something is fairtrade, then you would like to have a system where you could easily build an application so that you can give this service to food producers. So you would need the infrastructure for building that. You don’t want to start a huge IT project with lots of servers where people can retrieve the information that this chocolate is fairtrade, you want this completely decentralised and you don’t want all the work. This is where you would use KILT. The KILT infrastructure is already there, you need just a week or two to put a very simple application on top of it and then you have something that works. And the data, the truth about whether the chocolate bar is actually fairtrade or not, is stored on the blockchain.

Our main aim behind KILT is to provide a way for companies to explore new business models, related to claims and attestations. KILT would enable businesses, or governments or people, to rely on a common standard that is owned by everyone participating and not by a single company.

How is KILT giving data back to the owner?

Ingo: Take KYC, for example: KYC, or “know your customer”, is just checking the credentials of people. It is checking where you are from, if you really live where you say you live, if you really have control over the bank account you have sent the details of, that kind of thing. KILT could be used for social KYC – actually, that’s the first use case everybody thinks of. 

And KYC is done millions of times a day probably, because you always need KYC – you need it when you open a new account pretty much anywhere. And this KYC information is normally not reusable. Or at least, if you want to make it reusable you have to give control over your information to someone else. And this is something that is broken right now with digital identity, because the identity, the credentials and the identifier together, they are normally not with the user.  

And there is a huge difference between the real world and the internet world. In the real world you have all those credentials with you, you own them, and you decide who you show what credentials to and for what purpose. So if you want to get into a bar and have to prove that you are old enough, you can choose from your wallet what you want to show. It could be your driving licence, or your passport, or your student card. You can pick anything with your date of birth on it. Then you choose this credential. You can also choose not to present it and just not bother going into the bar! 

And then when you’ve chosen your ID, you can still decide what kind of information on there you want to actually disclose. You’ll probably need to disclose the photo because the person on the door will want to compare the photo to your face, and you will have to disclose the date of birth printed on there. But there’s no use disclosing your name. So you can put your thumb over your name and say look at the photo, the date of birth, and then you get into the bar. 

Another cool thing about this besides being able to make selective disclosure, as we call it, is that the person who gave you the id card will never find out if you went to this bar. Because the person on the door is not checking with the government to see if they issued you your driving licence – the only thing they check is if the face matches the photo and if the credential actually looks like it was issued by an entity that they trust. 

You could make yourself a credential and stick your photo and a date of birth on it and say, “here’s my credential and it says I’m old enough to come into this bar” but why would the person on the door trust you? But if it’s a driving licence that looks like a driving licence then the person on the door would say “it’s from a department I normally trust so you can come into the bar.” 

So there’s a trust relationship – a non-electronic relationship. And that provides great scalability because billions of people can go into bars with their driving licence, but the server of the department that issues the driving licence never crashes because the department is never asked about you. That’s a cool thing! This is how it works in the real world and this is a mechanism that we’ve had for thousands of years. 

And then the internet came and there you go to a service like Facebook and you say, “Hey, I’d like to use a username and a password.” Then the username is looked up to see if it exists and the password to see if it’s long enough and if both are OK then this is a new identifier. So your Facebook account is actually an identifier. But this identifier lies with Facebook and not in your pocket. So then you start to do things on Facebook, to make friends and connections and post pictures and all of that stuff. Which are actually credentials, because they form your identity on Facebook. But all this information is not in your wallet – it is on a central server on Facebook. 

And this creates some problems. The first is that it is a honeypot for hackers because it is not just your identity that is there, there are lots of them, billions of them there. So if a hacker wants to break into the system they just hack in and get billions of identities, which is not good because when they break into your wallet in the real world they just have something from you and they can’t even use it because they have a different face. So if your passport gets stolen that’s annoying but it’s actually not really a huge problem. But if they break into Facebook, it is a huge problem, because then billions of identities are stolen. 

And the second problem that this causes is that it introduces a lot of power on the side of the platforms because of something very cool called OAuth2, which is a standard used for digital identities right now. And that says that you need a digital platform and other people can trust this digital platform. So what happens when you want to log in with WhatsApp? Well, what it does is give you a little button that says “Log in with Facebook” and then we say yeah, I want to log in with Facebook and I’m Ingo on Facebook and it looks up all the information Facebook has on me. 

Then Facebook shares the info with WhatsApp and that means that they keep all my credentials and other people can look at my credentials. And this is not right because this produces a lot of power on the site because more and more information is gathering with Facebook, and not with the people who own it. 

And there are more problems with that – from a security point of view the first thing is that we have a shared secret here, because you know your password and Facebook also knows your password. And that’s not good because it can be stolen. So we need to build a system which produces identity in the digital world for people, and also for things, which is as decentralised as the normal wallet is. 

That means we need to build a system where you can go to a trusted entity, like the department that gives out driving licences, and say “Please, I think I can drive, can I do a test and if I pass the test can you please issue a credential to me?” And then they issue a credential to you and it goes into your possession, it doesn’t stay at the driving licence department. 

And when you meet Mr. Policeman who wants to know if you have a driving licence he just looks at it. And when you want to get into the bar you can prove you are old enough to have a driving licence by showing it to the barman. 

And this is where we meet a different system. And this kind of system is what KILT does. It provides the possibility for you as a chocolate bar or you as an individual to have a claim about yourself and go to a central entity and say “Please issue me a credential that I can drive.” And then the attester will probably check that you really can drive and issue a credential to you and this credential then goes into your possession. And you choose what you want to do with it, if you want to show it to the car hire company if you want to show it to someone else, whatever. 

This is the basic idea we have at KILT. We take the power of handling the data from the central platforms and from the attesters into the hands of what we call the claimers, the people, sometimes also called the holders, the people who actually own the information.

How could a company or entrepreneur use KILT?

Ingo: The business model never comes from us. KILT is designed as a protocol for business, for people to take their own idea and build something to make money from. 

Think of a successful protocol like http. The developers of http didn’t have anything in particular in mind but what happened was that a lot of people started to build businesses on top of it. When they were developing http they probably never thought that this thing would be good for selling bicycles, or books from Amazon. They needed people who looked at http and thought “Wow, I can build a business on top of that.” And this is the same for KILT. People can build things and make a profitable business with it. 

Using our chocolate bar use case as a practical example, if you were the organisation that attests that a chocolate bar is fairtrade, then you would like to have a way to easily build an application so that you can provide this service to food producers. You don’t want to start a huge IT project with lots of servers, you want this completely decentralised. You just want to certify it, you don’t want all the work. 

This is where you would use KILT. The KILT infrastructure is already there, you need just a week or two to put a very simple application on top of that and then it just works. And the data, the truth about whether the chocolate bar is actually fairtrade or not, is stored on the blockchain.So potentially there’s no limit to what you can use KILT for. We already have examples of projects in the real world that are building things using KILT – to monitor energy on the grid, to keep information about genetics tests anonymous – these are things that we wouldn’t necessarily have thought of. In the same way that we don’t ask Tim Berners Lee how to build Amazon, we don’t actually have a say in what kind of businesses should be built on KILT.

How is a credential on KILT paid for?

Ingo: Reading a blockchain is free – blockchain only costs for writing.

KILT is a permissionless blockchain. And permissionless blockchains need ways to reward all the people who actually run your blockchain. So you need some kind of a monetary system built in. And in our case, this is KILT coins. And you can look at BOTLabs as the people who printed the first KILT coins and we still have some of them, which we have in our little vault.

So the person or organisation building the application just puts a piece of open-source software up on the KILT blockchain. They need KILT coins to write on it and nothing to read from it.

And because we are building in the Polkadot ecosystem, we will be able to predict the cost of a transaction, so that it can be built into a business plan.

Can anyone build a credential?

Ingo: Sure. Building credentials is something everybody can do. You can make your own credential. But if you are just printing something out and saying “Here, this is a credential”, you might find that people don’t want to give you money for it. It would be nice to use a credential that is already there, a certain credential type. These things are called CTypes, or credential types. Anybody can build them, they are basically a data structure representing what is inside the credential.

So, for example, a driving licence would normally include a photo, it would include your name and a vehicle class, right? And a gaming credential probably wouldn’t have a vehicle class, but it would have probably have your points balance or whatever. And maybe a store of different types of things that you have collected in the game, like a magic potion and so on. And so everybody would be able to build their own credential types. 

But we foresee that there will be credential types which are so useful that they will just be standardised and used by others. This is standardisation from the bottom up – it is useful, so everybody uses it. This is basically how standardisation normally works in the world. 

In Europe, for example, you have this A4 paper size, and most of the European countries now have this format because it’s really practical. Because it fits into the printer, and it fits into the envelope. But if you go to the US, they don’t know about A4. They have the letter format. And so you have different types and different standards, but if you talk about A4 in Europe or letter format in the US they will know what size page you are talking about, right? Standards are agreed on. And this is the same thing that will also happen with credential types over time.

If I have a credential on KILT, can the rest of the world trust it?

Ingo: There are two different things here; the attester, and the truth that the attester actually issued the credential. 

So what the blockchain takes care of is that we can make sure that if I get a credential from, for example, a credit rating agency – I’m the claimer – and I show this credential to you, then from the blockchain side, you can be absolutely sure that it’s me sending you the credential. You can also be absolutely sure that this credit rating agency was the attester that issued the credential. They can never deny that they issued it. And if they revoke the credential, you can be absolutely sure that you will be able to see that. That’s the three things that come out of the blockchain.

But if this agency made a mistake in issuing the credential, you will never be able see it on the blockchain. And if they just issued useless credentials, if they say that I have a high credit score and that I’ll be able to pay back a huge mortgage but actually I have no money in the bank and no way of earning money, then it’s their fault. And then their business model as an attester is probably going to break down because you are going to tell everyone that I haven’t paid back the money I owed you and I really can’t afford to, even though I have a credential from this credit rating agency to say that I have a high credit score. And then this credit rating agency will probably close down after a while because it loses the trust of the verifiers, which is you in this case. 

In simple terms, KILT is creating the infrastructure where you can convey your trust of others and get credentials that include the trust of others, and then convey these credentials to others who again trust the people that you trust. It’s like rebuilding the real world on the internet, using the old idea of what a trusted entity is – someone who earns trust over time and constantly delivers good work to make sure that the trust doesn’t go away.

We say the blockchain is trustless, but we still need some trust in the world. If you take the trust out by replacing intermediaries with mathematical truth that’s another thing – replace the trust people have with the intermediary with a mathematical truth. KILT does that. KILT replaces the intermediary with the mathematical truth of the blockchain. But still you want to trust the attester, the issuer of the credential, which is a completely different thing

So the blockchain is not building reputation systems. Trust isn’t generated by the blockchain, trust is built in the real world. The attester’s reputation as a trusted entity is generally built off the blockchain. But the blockchain is building a system where the verifier can be absolutely sure which claimer sent the credential and which attester issued it. And that’s a big step forward for digital identity.

What is the KILT SDK?

Ingo: The KILT SDK is a software development kit that uses JavaScript. We want KILT to be available for any entity that wants to build a business model on trust, not just for the software industry or blockchain developers. Particularly for industry players, the SDK makes KILT more accessible, because normally big companies have some JavaScript developers, so they can use their own resources, basically. So instead of having over a year of development work, they can use our SDK to build something in a couple of weeks, and they don’t have to pay a lot to get someone to build an application for them. We expect the SDK to be live in mid 2021. In the meantime, the test version is available on our website to download and try out different business models. 

How long does it take to build an app with the KILT SDK?

Ingo: To build your app depends on how complicated your needs are. But if you want to build a simple application you could do this in a week or two. 

Why is KILT building on Polkadot?

Ingo: When we started to look at building KILT we wanted to build something useful. And we could see the huge need in industry to have verifiable credentials on the internet. Because at the moment the only digital identity mechanism that we have is the OAuth2, which is basically what the big corporations like Google and Amazon use to centralise the data. And that works, but it means that people’s credentials are being stored with these giant companies, not with the person who actually owns the data. 

And even for smaller companies, if they build a product and this product owns a credential, then the credential becomes part of the value of the product. So what we need to avoid our data being owned by companies is a fully decentralised machine, where there’s no trust needed, where the truth is built into the system. And that’s what blockchain can provide.

So our next stage was to go talk to people in industry. And we said hey, we’re building this thing and it’s a fully decentralised blockchain and it has the truth in it and it holds your credentials. And they liked the idea but then they said OK, how much does it cost? 

And that was a problem, because at the time if we wanted to use a permissionless blockchain we were looking at unpredictable production costs. Because sometimes the gas was €0.05 and sometimes the gas was €15 and sometimes €24. And industry can’t produce things that way. Because they don’t know how expensive the product is going to be in production, so they have no idea what price to set.

So then we thought about using a permissioned blockchain. That would give a predictable price, but unfortunately then you don’t have the truth in the system, because there’s an authority there you have to trust. So this is the truth versus cost dilemma. You want the truth of the system but you need to know beforehand what your transactions will cost.

And this is basically why we moved to Polkadot in 2018 because Polkadot is solving this problem. Polkadot is the only technology that combines fixed definable network costs with aspects of the decentralized controlled truth of a permissionless blockchain. We have the mathematical truth of the system and there is price stability. So by taking a parachain lease in the Polkadot system, we can build a small blockchain, the KILT blockchain, and have predictable gas prices. And then any entrepreneur or industry can base their production costs on that.

And that’s good news for everybody, because then users will have a way to take control of their own data again!